group_vars/all/00_general.yml

@@ -13,7 +13,7 @@ primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primar
 # Administrator
 administrator_username: "administrator"                                 # Username of the administrator
 administrator_email:    "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
-#user_administrator_initial_password: EXAMPLE_PASSWORD_123456           # Example initialisation password needs to be set in inventory file
+#user_administrator_initial_password: EXAMPLE_PASSWORD_123456                         # Example initialisation password needs to be set in inventory file
 
 # Test Email
 test_email:             "test@{{primary_domain}}"

group_vars/all/03_domains.yml

@@ -38,7 +38,7 @@ defaults_domains:
   wordpress:              ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"]
 
 ## Domain Redirects
-defaults_redirect_domain_mappings:
+redirect_domain_mappings:
 - { source: "akaunting.{{primary_domain}}",   target: "{{domains.akaunting}}" }
 - { source: "bbb.{{primary_domain}}",         target: "{{domains.bigbluebutton}}" }
 - { source: "discourse.{{primary_domain}}",   target: "{{domains.discourse}}" }

group_vars/all/09_ports.yml

@@ -25,7 +25,7 @@ ports:
       roulette-wheel: 8013
       joomla:         8014
       attendize:      8015
-      #matrix:         8016 Not used anymore
+      matrix:         8016
       baserow:        8017
       matomo:         8018
       listmonk:       8019

playbook.constructor.yml

@@ -8,14 +8,6 @@
   - name: Merge domain definitions
     set_fact:
       domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"
-  - name: Merge redirect domain definitions
-    set_fact:
-      merged_redirect_domain_mappings: >-
-        {{
-          (defaults_redirect_domain_mappings | items2dict(key_name='source', value_name='target'))
-          | combine((redirect_domain_mappings | items2dict(key_name='source', value_name='target')), recursive=True)
-          | dict2items
-        }}
   - name: Merge application definitions
     set_fact:
       applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"

roles/docker-bigbluebutton/handlers/main.yml

@@ -37,16 +37,6 @@
     line: "      - coturn:/var/lib/coturn"
   listen: setup bigbluebutton
 
-# Implemented due to etherpad health bug.
-# @todo Remove when health check is working fine
-# @see https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b
-- name: "Update docker-compose.yml for Etherpad health check"
-  lineinfile: 
-    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
-    path: "{{docker_compose_file}}"
-    insertafter: "etherpad:"
-  listen: setup bigbluebutton
-
 - name: add volumes to docker compose
   blockinfile:
     path: "{{docker_compose_file}}"

roles/docker-compose/tasks/main.yml

@@ -5,12 +5,11 @@
 - name: "Set global domain based on application_id"
   set_fact:
     domain: "{{ domains[application_id] if application_id in domains else None }}"
-  # Default case: One domain exists. Some applications like matrix don't have an default domain
+  # Default case: One Domain exists. Some applications like matrix don't have an default key
 
 - name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}"
   set_fact:
-    http_port: "{{ ports.localhost.http_ports[application_id] if application_id in ports.localhost.http_ports else None }}"
-  # Default case: One port exists. Some applications like matrix don't have an default port
+    http_port: "{{ ports.localhost.http_ports[application_id] }}"
 
 - name: "remove {{ docker_compose_instance_directory }} and all its contents"
   file:

roles/docker-matrix-compose/templates/nginx.conf.j2

@@ -1,7 +1,6 @@
 server {
     # Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary
     {% set domain = domains.matrix_synapse %}
-    {% set http_port = ports.localhost.http_ports.matrix_synapse %}
 
     server_name {{domain}};
     {% include 'roles/letsencrypt/templates/ssl_header.j2' %}

roles/nginx-domain-redirect/tasks/main.yml

@@ -5,16 +5,12 @@
     domain: "{{item.source}}"
   loop: "{{domain_mappings}}"
 
-- name: The domains for which a www. redirect will be implemented
-  debug:
-    var: domain_mappings
-  when: mode_debug | bool
-
 - name: configure nginx redirect configurations
   vars:
-    item: "{{item}}"
+    domain: "{{item.source}}"
+    target_domain: "{{item.target}}"
   template: 
     src:  redirect.domain.nginx.conf.j2
-    dest: "{{nginx.directories.http.servers}}{{item.source}}.conf"
-  loop:   "{{domain_mappings}}"
+    dest: "{{nginx.directories.http.servers}}{{ domain }}.conf"
+  loop: "{{domain_mappings}}"
   notify: restart nginx

roles/nginx-domain-redirect/templates/redirect.domain.nginx.conf.j2

@@ -1,8 +1,5 @@
 server {
-  {% set domain = item.source %}
-  {% set target = item.target %}
   server_name {{domain}};
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
-
-  return 301 https://{{target}}$request_uri;
+  return 301 https://{{target_domain}}$request_uri;
 }

roles/nginx-www-redirect/tasks/main.yml

@@ -42,7 +42,7 @@
     domain: "{{primary_domain}}"
   template: 
     src:  www.wildcard.conf.j2
-    dest: "{{nginx_www_wildcard_configuration}}"
+    dest: "{{nginx_www_wildcart_configuration}}"
   notify: restart nginx
   when: enable_wildcard_certificate | bool
 
@@ -65,30 +65,21 @@
 
 
 # Cleanup
-# Deactivated due to complexity
-#- name: Cleanup dedicated nginx configurations for www redirect configuration
-#  file:
-#    path: "{{ nginx.directories.http.servers }}{{ item.source }}.conf"
-#    state: absent
-#  # Filter: Only first-level subdomains of primary_domain
-#  # Exclude the primary domain itself
-#  # Transform for www redirection
-#  loop: "{{ filtered_domains_with_primary_domain 
-#            | select('regex_search', '^[^.]+\\.' ~ primary_domain ~ '$') 
-#            | reject('equalto', primary_domain)  
-#            | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }')  
-#            | map('from_yaml') 
-#            | list }}"
-#  notify: restart nginx
-#  when: 
-#    - enable_wildcard_certificate | bool  # Wildcard certificate must be enabled
-#    - mode_cleanup | bool                 # Cleanup mode must be enabled
-
-- name: Cleanup {{nginx_www_wildcard_configuration}}
+- name: Cleanup dedicated nginx configurations for www redirect configuration
   file:
-    path: "{{nginx_www_wildcard_configuration}}"
+    path: "{{ nginx.directories.http.servers }}{{ item.source }}.conf"
+    state: absent
+  loop: "{{ filtered_domains_with_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
+  notify: restart nginx
+  when: 
+    - enable_wildcard_certificate | bool
+    - mode_cleanup
+
+- name: Cleanup {{nginx_www_wildcart_configuration}}
+  file:
+    path: "{{nginx_www_wildcart_configuration}}"
     state: absent
   notify: restart nginx
   when: 
     - not enable_wildcard_certificate | bool
-    - mode_cleanup | bool
+    - mode_cleanup

roles/nginx-www-redirect/vars/main.yml

@@ -1 +1 @@
-nginx_www_wildcard_configuration: "{{nginx.directories.http.global}}www.wildcard.conf"
+nginx_www_wildcart_configuration: "{{nginx.directories.http.global}}www.wildcard.conf"

tasks/recieve-certbot-certificate.yml

@@ -1,39 +1,28 @@
-- name: "recieve dedicated certificate for {{ domain }}"
+- name: "recieve certbot certificate for {{ domain }}"
   command: >-
     certbot certonly --agree-tos --email {{ administrator_email }}
     --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
     {{ '--test-cert' if mode_test | bool else '' }}
-  when: 
-    - not enable_wildcard_certificate | bool  
-      # Wildcard certificate should not be used
-    - not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
-      # OR: The domain is not a first-level subdomain of the primary domain
+  when: not enable_wildcard_certificate | bool or primary_domain not in domain
 
-- name: "recieve wildcard certificate for *{{ primary_domain }}"
+- name: "recieve certbot certificate for *{{ primary_domain }}"
   command: >-
-    certbot certonly --agree-tos --email {{ administrator_email }}                                          
+    certbot certonly --agree-tos --email {{ administrator_email }}
     --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
     {{ '--test-cert' if mode_test | bool else '' }}
   when: 
-    - enable_wildcard_certificate | bool  
-      # Wildcard certificate is enabled
-    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
-      # AND: The domain is a direct first-level subdomain of the primary domain
-    - run_once_recieve_certificate is not defined  
-      # Ensure this task runs only once for the wildcard certificate
+    - enable_wildcard_certificate | bool
+    - primary_domain in domain
+    - run_once_recieve_certificate is not defined
 
 - name: "Cleanup dedicated cert for {{ domain }}"
   command: >-
     certbot delete --cert-name {{ domain }} --non-interactive
   when: 
-    - mode_cleanup | bool  
-      # Cleanup mode is enabled
-    - enable_wildcard_certificate | bool  
-      # Wildcard certificate is enabled
-    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
-      # AND: The domain is a direct first-level subdomain of the primary domain
-    - domain != primary_domain  
-      # The domain is not the primary domain
+    - mode_cleanup | bool
+    - enable_wildcard_certificate | bool
+    - primary_domain in domain
+    - domain != primary_domain
   ignore_errors: true
 
 - name: run the recieve_certificate tasks once