Adapted variables for reverse proxy

group_vars/all

@@ -148,6 +148,7 @@ domain_funkwhale:               "music.{{top_domain}}"
 domain_gitea:                   "git.{{top_domain}}"
 domain_gitlab:                  "gitlab.{{top_domain}}"
 domain_portfolio:               "{{top_domain}}"
+domain_keycloak:                "auth.{{top_domain}}"
 domain_listmonk:                "newsletter.{{top_domain}}"
 domain_mailu:                   "{{system_email_host}}"
 domain_mastodon:                "microblog.{{top_domain}}"
@@ -174,6 +175,7 @@ redirect_domain_mappings:
 - { source: "discourse.{{top_domain}}",   target: "{{domain_discourse}}" }
 - { source: "funkwhale.{{top_domain}}",   target: "{{domain_funkwhale}}" }
 - { source: "gitea.{{top_domain}}",       target: "{{domain_gitea}}" }
+- { source: "keycloak.{{top_domain}}",    target: "{{domain_keycloak}}" }
 - { source: "listmonk.{{top_domain}}",    target: "{{domain_listmonk}}" }
 - { source: "moodle.{{top_domain}}",      target: "{{domain_moodle}}" }
 - { source: "nextcloud.{{top_domain}}",   target: "{{domain_nextcloud}}" }
@@ -185,6 +187,7 @@ redirect_domain_mappings:
 - { source: "taiga.{{top_domain}}",       target: "{{domain_taiga}}" }
 - { source: "videos.{{top_domain}}",      target: "{{domain_peertube}}" }
 
+
 ## Docker Applications
 
 ### Enable Central MariaDB
@@ -194,9 +197,6 @@ enable_central_database_mailu: "{{enable_central_database}}"
 ### Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer: true
 
-### Common Configurations
-postgres_default_version:       "16"
-
 ### Docker Role Specific Parameters
 docker_restart_policy:        "unless-stopped"
 
@@ -206,22 +206,57 @@ akaunting_company_name:       "{{top_domain}}"
 akaunting_company_email:      "{{administrator_email}}"
 akaunting_setup_admin_email:  "{{administrator_email}}"
 
+#### Attendize 
+attendize_version:              "latest"
+
+#### Baserow 
+baserow_version:                "latest"
+
 #### Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
 
+#### Bluesky
+bluesky_administrator_email:      "{{administrator_email}}"
+bluesky_pds_version:              "latest"
+
+#### Friendica
+friendica_version:                "latest"
+
+#### Gitea
+gitea_version:                    "latest"
+
+#### Gitlab
+gitlab_version:                   "latest"
+
+#### Joomla
+joomla_version:                   "latest"
+
+#### Keycloak
+keycloak_version:                   "latest"
+keycloak_administrator_username:    "{{administrator_username}}"
+
 #### Listmonk
 listmonk_admin_username:          "admin"
 listmonk_public_api_activated:    False # Security hole. Can be used for spaming
+listmonk_version:                  "latest"
+
+#### MariaDB
+mariadb_version:                  "latest"
+
+#### Matomo
+matomo_version:                   "latest"
 
 #### Mastodon
 mastodon_version:                 "latest"
 mastodon_single_user_mode:        false
 
 #### Matrix
-matrix_admin_name:      "{{administrator_username}}"  # Accountname of the matrix admin
+matrix_administrator_username:  "{{administrator_username}}"  # Accountname of the matrix admin
 matrix_playbook_tags:           "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
 matrix_role:                    "compose"                     # Role to setup Matrix. Valid values: ansible, compose
 matrix_server_name:             "{{top_domain}}"              # Adress for the account names etc.
+matrix_synapse_version:         "latest"
+matrix_element_version:         "latest"
 
 #### Mailu
 mailu_version:          "2024.06"
@@ -230,8 +265,12 @@ mailu_subnet:           "192.168.203.0/24"
 
 #### Moodle
 moodle_site_name:           "Global Learning Academy on {{top_domain}}"
-moodle_user_name:       "{{administrator_username}}"
-moodle_user_email:      "{{administrator_email}}"
+moodle_administrator_name:  "{{administrator_username}}"
+moodle_administrator_email: "{{administrator_email}}"
+moodle_version:             "latest"
+
+#### MyBB
+mybb_version:            "latest"
 
 #### Nextcloud
 nextcloud_version:      "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
@@ -241,6 +280,15 @@ peertube_version:       "bookworm"
 
 #### Pixelfed
 pixelfed_app_name:      "Pictures on {{top_domain}}"
+pixelfed_version:       "latest"
+
+#### Postgres
+# Please set an version in your inventory file - Rolling release for postgres isn't recommended
+postgres_database_version:  "latest"
+
+#### Taiga
+taiga_version:              "latest"
 
 #### YOURLS
-yourls_user:            "{{administrator_username}}"
+yourls_administrator_username:  "{{administrator_username}}"
+yourls_version:                 "latest"

inventory.example.yml

@@ -45,7 +45,7 @@ pixelfed_database_password:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
 pixelfed_app_key:                   "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
 wordpress_database_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
 yourls_database_password:           "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-yourls_user_password:               "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
+yourls_administrator_username_password:               "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
 
 path_mass_storage:                  "/mnt/hdd/"
 path_rapid_storage:                 "/mnt/ssd/"

playbook.servers.yml

@@ -297,6 +297,15 @@
         http_port_api: 8030
         http_port_web: 8031
 
+- name: setup keycloak
+  hosts: keycloak
+  become: true
+  roles:
+   -  role: docker-keycloak
+      vars:
+        domain: "{{domain_keycloak}}"
+        http_port: 8032
+
 # Native Webserver Roles
 - name: setup nginx-static-repositorys
   hosts: nginx-static-repositorys

roles/docker-attendize/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   web:
-    image: attendize_web:latest
+    image: "attendize_web:{{attendize_version}}"
     ports:
     - "{{http_port}}:80"
     volumes:
@@ -19,7 +19,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   worker:
-    image: attendize_worker:latest
+    image: "attendize_worker:{{attendize_version}}"
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
       maildev:
 {% include 'templates/docker/container/networks.yml.j2' %}

roles/docker-baserow/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: baserow/baserow:1.19.1
+    image: "baserow/baserow:{{baserow_version}}"
     container_name: baserow-application
     restart: {{docker_restart_policy}}
     logging:
@@ -16,11 +16,6 @@ services:
       - data:/baserow/data
     ports:
       - "{{http_port}}:80"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:80/"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 

roles/docker-bluesky/templates/docker-compose.yml.j2

@@ -1,6 +1,6 @@
 services:
   pds:
-    image: ghcr.io/bluesky-social/pds:latest
+    image: "ghcr.io/bluesky-social/pds:{{bluesky_pds_version}}"
     restart: {{docker_restart_policy}}
     volumes:
         - pds_data:/pds
@@ -8,7 +8,7 @@ services:
     environment:
       # Geben Sie hier Ihre Domain und Konfigurationsdetails an
       PDS_HOSTNAME: "{{domain_api}}"
-      PDS_ADMIN_EMAIL: "{{administrator_email}}"
+      PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}"
       PDS_SERVICE_DID: "did:web:{{domain_api}}"
       # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
       PDS_SERVICE_HANDLE_DOMAINS: ".{{top_domain}}"

roles/docker-friendica/templates/docker-compose.yml.j2

@@ -3,7 +3,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: friendica
+    image: "friendica:{{friendica_version}}"
     restart: {{docker_restart_policy}}
     volumes:
       - data:/var/www/html

roles/docker-gitea/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
-    image: gitea/gitea:latest
+    image: "gitea/gitea:{{gitea_version}}"
     environment:
       - USER_UID=1000
       - USER_GID=1000

roles/docker-gitlab/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   web:
-    image: 'gitlab/gitlab-ee:latest'
+    image: "gitlab/gitlab-ee:{{gitlab_version}}"
     restart: {{docker_restart_policy}}
     hostname: '{{domain}}'
     environment:

roles/docker-joomla/templates/docker-compose.yml.j2

@@ -3,7 +3,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: joomla
+    image: "joomla:{{joomla_version}}"
     logging:
       driver: journald
     environment:

roles/docker-keycloak/README.md

@@ -4,3 +4,6 @@
 - https://www.keycloak.org/
 - https://github.com/keycloak/keycloak
 - https://en.wikipedia.org/wiki/Keycloak
+- https://www.keycloak.org/server/containers
+- https://www.youtube.com/watch?v=fvxQ8bW0vO8
+- https://www.keycloak.org/server/reverseproxy

roles/docker-keycloak/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: "include docker/compose/database.yml"
+  include_tasks: docker/compose/database.yml
+
+- name: "include tasks nginx-docker-proxy-domain.yml"
+  include_tasks: nginx-docker-proxy-domain.yml
+
+- name: add docker-compose.yml
+  template: src=docker-compose.yml.j2 dest={{docker_compose_instance_directory}}docker-compose.yml
+  notify: docker compose project setup

roles/docker-keycloak/templates/docker-compose.yml.j2

@@ -1,32 +1,27 @@
-version: '3.7'
-
 services:
 
-# include database container
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   keycloak:
-    image: quay.io/keycloak/keycloak:23.0.6
+    image: quay.io/keycloak/keycloak:{{keycloak_version}}
     command: start
     environment:
       KC_HOSTNAME:                    {{domain}}
-      KC_HOSTNAME_PORT: {{http_port}}
-      KC_HOSTNAME_STRICT_BACKCHANNEL: false
+      KC_HOSTNAME_STRICT_BACKCHANNEL: true
       KC_HTTP_ENABLED:                true
       KC_HOSTNAME_STRICT_HTTPS:       false
+      KC_PROXY:                       passthrough
       KC_HEALTH_ENABLED:              true
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KEYCLOAK_ADMIN:                 "{{keycloak_administrator_username}}"
+      KEYCLOAK_ADMIN_PASSWORD:        "{{keycloak_administrator_password}}"
       KC_DB:                          postgres
-      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
-      KC_DB_USERNAME: ${POSTGRES_USER}
-      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_DB_URL:                      jdbc:postgresql://{{database_host}}/{{database_name}}
+      KC_DB_USERNAME:                 {{database_username}}
+      KC_DB_PASSWORD:                 {{database_password}}
     ports:
       - "127.0.0.1:{{http_port}}:8080"
-    restart: always
+    restart: {{docker_restart_policy}}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
 
-{% include 'templates/docker/compose/volumes.yml.j2' %}
-
 {% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-keycloak/vars/main.yml

@@ -0,0 +1,3 @@
+docker_compose_project_name:  	    "keycloak"
+database_type:                      "postgres"
+database_password:  	              "{{keycloak_database_password}}"

roles/docker-listmonk/templates/docker-compose.yml.j2

@@ -4,7 +4,7 @@ services:
 
   application:
     restart: {{docker_restart_policy}}
-    image: listmonk/listmonk:latest
+    image: listmonk/listmonk:{{listmonk_version}}
     ports:
       - "127.0.0.1:{{http_port}}:9000"
     environment:

roles/docker-mariadb/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: install MariaDB
   docker_container:
     name: central-mariadb
-    image: mariadb:latest #could lead to problems with nextcloud
+    image: "mariadb:{{mariadb_version}}" #could lead to problems with nextcloud
     detach: yes
     env:
       MARIADB_ROOT_PASSWORD:  "{{central_mariadb_root_password}}"

roles/docker-matomo/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
   application:
     logging:
       driver: journald
-    image: matomo
+    image: matomo:{{matomo_version}}
     restart: {{docker_restart_policy}}
     ports:
       - "127.0.0.1:{{http_port}}:80"

roles/docker-matrix-compose/tasks/main.yml

@@ -131,7 +131,7 @@
 
 - name: create admin account
   command:
-    cmd: docker compose exec -it synapse register_new_matrix_user -u {{matrix_admin_name}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008
+    cmd: docker compose exec -it synapse register_new_matrix_user -u {{matrix_administrator_username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008
     chdir: "{{ docker_compose_instance_directory }}"
   ignore_errors: true
   when: mode_setup | bool

roles/docker-matrix-compose/templates/docker-compose.yml.j2

@@ -3,7 +3,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   synapse:
-    image: matrixdotorg/synapse:latest
+    image: matrixdotorg/synapse:{{matrix_synapse_version}}
     container_name: matrix-synapse
     restart: {{docker_restart_policy}}
     logging:
@@ -33,7 +33,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
     
   element:
-    image: vectorim/element-web:latest
+    image: vectorim/element-web:{{matrix_element_version}}
     container_name: matrix-element
     restart: {{docker_restart_policy}}
     volumes:

roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2

@@ -381,7 +381,7 @@ bridge:
     permissions:
         "*": relay
         "{{matrix_server_name}}": user
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": admin
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
 
     relay:
         # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2

@@ -360,7 +360,7 @@ bridge:
     permissions:
         "*": relay
         "{{matrix_server_name}}": user
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": admin
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
 
     relay:
         # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any

roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2

@@ -275,7 +275,7 @@ bridge:
     permissions:
         "*": relay
         "{{matrix_server_name}}": user
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": admin
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
 
     # Settings for relay mode
     relay:

roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2

@@ -279,7 +279,7 @@ bridge:
     permissions:
         "*": relay
         "{{matrix_server_name}}": user
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": admin
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
 
 # Logging config. See https://github.com/tulir/zeroconfig for details.
 logging:

roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2

@@ -532,7 +532,7 @@ bridge:
         "*": "relaybot"
         "public.{{matrix_server_name}}": "user"
         "{{matrix_server_name}}": "full"
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": "admin"
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": "admin"
 
     # Options related to the message relay Telegram bot.
     relaybot:

roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2

@@ -435,7 +435,7 @@ bridge:
     permissions:
         "*": relay
         "{{matrix_server_name}}": user
-        "@{{matrix_admin_name}}:{{matrix_server_name}}": admin
+        "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
     
     # Settings for relay mode
     relay:

roles/docker-matrix-compose/templates/nginx.conf.j2

@@ -5,7 +5,6 @@ server {
     # For the federation port
     listen 8448 ssl default_server;
     listen [::]:8448 ssl default_server;
-    http2 on;
 
     {% if nginx_matomo_tracking | bool %}
         {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}

roles/docker-mediawiki/templates/docker-compose.yml.j2

@@ -2,6 +2,7 @@ services:
 
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
       application:
+      # Seems like image tag got lost. @todo Check and implement if necessary
         log_driver: journald
         restart: "{{docker_restart_policy}}"
         depends_on:

roles/docker-moodle/templates/docker-compose.yml.j2

@@ -2,7 +2,7 @@ services:
 
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
   moodle:
-    image: docker.io/bitnami/moodle:latest
+    image: docker.io/bitnami/moodle:{{moodle_version}}
     ports:
       - 127.0.0.1:{{http_port}}:8080
     restart: {{docker_restart_policy}}
@@ -18,9 +18,9 @@ services:
       - MOODLE_SITE_NAME="{{moodle_site_name}}"
       - MOODLE_SSLPROXY=yes
       - MOODLE_REVERSE_PROXY=yes
-      - MOODLE_USERNAME={{moodle_user_name}}
+      - MOODLE_USERNAME={{moodle_administrator_name}}
       - MOODLE_PASSWORD={{moodle_user_password}}
-      - MOODLE_EMAIL={{moodle_user_email}}
+      - MOODLE_EMAIL={{moodle_administrator_email}}
       - BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} 
     volumes:
       - 'moodle:/bitnami/moodle'

roles/docker-mybb/templates/docker-compose.yml.j2

@@ -7,7 +7,7 @@ services:
       driver: journald
       options:
         tag: "mybb_application"
-    image: mybb/mybb:latest
+    image: mybb/mybb:{{mybb_version}}
     restart: {{docker_restart_policy}}
     volumes:
       - data:/var/www/html

roles/docker-pixelfed/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/redis.yml.j2' %}
 
   application:
-    image: zknt/pixelfed
+    image: zknt/pixelfed:{{pixelfed_version}}
     restart: {{docker_restart_policy}}
     logging:
       driver: journald
@@ -19,7 +19,7 @@ services:
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
   worker:
-    image: zknt/pixelfed
+    image: zknt/pixelfed:{{pixelfed_version}}
     restart: {{docker_restart_policy}}
     logging:
       driver: journald

roles/docker-postgres/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: Install PostgreSQL
   docker_container:
     name: central-postgres
-    image: "postgres:{{database_version}}"
+    image: "postgres:{{postgres_database_version}}"
     detach: yes
     env:
       POSTGRES_PASSWORD: "{{ central_postgres_password }}"

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -41,7 +41,7 @@ services:
     restart: {{docker_restart_policy}}
     logging:
       driver: journald
-    image: taigaio/taiga-back:latest
+    image: taigaio/taiga-back:{{taiga_version}}
     environment: *default-back-environment
     volumes: *default-back-volumes
 

roles/docker-yourls/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
   application:
     logging:
       driver: journald
-    image: yourls
+    image: yourls:{{yourls_version}}
     restart: {{docker_restart_policy}}
     ports:
       - "127.0.0.1:{{http_port}}:80"
@@ -15,8 +15,8 @@ services:
       YOURLS_DB_PASS:                 "{{database_password}}"
       YOURLS_DB_NAME:                 "{{database_name}}"
       YOURLS_SITE:                    "https://{{domain}}"
-      YOURLS_USER: "{{yourls_user}}"
-      YOURLS_PASS: "{{yourls_user_password}}"
+      yourls_administrator_username:  "{{yourls_administrator_username}}"
+      YOURLS_PASS:                    "{{yourls_administrator_username_password}}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]
       interval: 1m

roles/update-docker/files/update-docker.py

@@ -111,7 +111,7 @@ def upgrade_listmonk():
     Runs the upgrade for Listmonk
     """
     print("Starting Listmonk upgrade.")
-    run_command("docker compose run application ./listmonk --upgrade")
+    run_command('echo "y" | docker compose run -T application ./listmonk --upgrade')
     print("Upgrade complete.")
 
 def update_nextcloud():

templates/docker/services/postgres.yml.j2

@@ -1,7 +1,7 @@
 # This template needs to be included in docker-compose.yml, which depend on a postgres database
 {% if not enable_central_database | bool %}  
   database:
-    image: postgres:{{database_version}}-alpine
+    image: postgres:{{postgres_database_version}}-alpine
     container_name: {{docker_compose_project_name}}-database
     environment:
       - POSTGRES_PASSWORD={{database_password}}

vars/docker-database.yml.j2

@@ -2,4 +2,3 @@ database_instance:                  "{{ 'central-' + database_type if enable_cen
 database_host:                      "{{ 'central-' + database_type if enable_central_database | bool else 'database' }}"
 database_name:                      "{{ docker_compose_project_name }}"
 database_username:                  "{{ docker_compose_project_name }}"
-database_version:                   "{{ postgres_default_version }}"