removed deprecated parameter

group_vars/all/07_applications.yml

@@ -31,6 +31,8 @@ defaults_applications:
   bigbluebutton:
     enable_greenlight:    "true"
     setup:                false                           # Set to true in inventory file for initial setup
+    oidc:
+      enabled:               true                         # Activate OIDC
 
   ## Bluesky
   bluesky:
@@ -47,10 +49,14 @@ defaults_applications:
     container:  "discourse_application"       # Name of the container application
     repository: "discourse_repository"        # Name of the repository folder
     # database_password:                      # Needs to be defined in inventory file
+    oidc:
+      enabled:               true             # Activate OIDC
 
   ## Friendica
   friendica:
     version:              "latest"
+    oidc:
+      enabled:               true             # Activate OIDC. Plugin is not working yet
 
   ## Funkwhale
   funkwhale:
@@ -107,6 +113,16 @@ defaults_applications:
     version:                          "latest"                                  # Docker Image version
     setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
 
+  mailu:
+    oidc:
+      enabled:                        true                                      # Activate OIDC for Mailu
+    domain:                           "{{primary_domain}}"                      # The main domain from which mails will be send \ email suffix behind @
+    # I don't know why the database deactivation is necessary
+    enable_central_database:          False                                     # Deactivate central database for mailu
+#    secret_key:                                                                # Needs to be set in inventory file
+#    database_password:                                                         # Needs to be set in inventory file
+#    api_token:                                                                 # Needs to be set in inventory file
+
   ## MariaDB
   mariadb:
     version:                          "latest"
@@ -118,12 +134,16 @@ defaults_applications:
       enabled:                        false                         # Deactivated atm. @todo implement 
 #   database_password:                Null                          # Needs to be set in inventory file
 #   auth_token:                       Null                          # Needs to be set in inventory file
+    css:
+      enabled:       false                                          # The css isn't optimized yet for Matomo
 
   ## Mastodon
   mastodon:
     version:                          "latest"
     single_user_mode:                 false                         # Set true for initial setup
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
+    oidc:
+      enabled:               true                                   # Activate OIDC for Mailu
 #
 # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
 #
@@ -171,8 +191,10 @@ defaults_applications:
   ## Nextcloud
   nextcloud:
     version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
-    ldap_enabled:         True          # Enables LDAP by default
+    ldap_enabled:         True          # Enables LDAP by default, missing ansible setup tasks @todo setup
 #   database_password:    Null          # Needs to be set in inventory file
+    oidc:
+      enabled:            true          # Activate OIDC for Nextcloud
 
   ## OAuth2 Proxy
   oauth2_proxy:

group_vars/all/09_ports.yml

@@ -55,3 +55,7 @@ ports:
       gitlab:        2202
     ldaps:
       openldap:      636
+    stun:   
+      bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section
+    turn:
+      bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section

group_vars/all/10_networks.yml

@@ -12,8 +12,8 @@ defaults_networks:
       subnet: 192.168.101.16/28
     baserow:
       subnet: 192.168.101.32/28
-    bigbluebutton:
+    # Free:
-      subnet: 192.168.101.48/28
+    #  subnet: 192.168.101.48/28
     bluesky:
       subnet: 192.168.101.64/28
     friendica:
@@ -68,6 +68,7 @@ defaults_networks:
       subnet: 192.168.102.192/28
     discourse:
       subnet: 192.168.102.208/28
-
+    bigbluebutton:
+      subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons.
 
   

group_vars/all/11_iam.yml

@@ -12,7 +12,6 @@ _oidc_client_realm:       "{{ oidc.client.realm if oidc.client is defined and oi
 _oidc_client_issuer_url:  "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"
 
 defaults_oidc:
-  enabled:               true # Enable OIDC functionality for all apps 
   client:
     id:                   "{{primary_domain}}"                                              # Client identifier, typically matching your primary domain
 #   secret:                                                                                 # Client secret for authenticating with the OIDC provider (set in the inventory file). Recommend greater then 32 characters

group_vars/all/12_storage.yml

@@ -1,6 +1,5 @@
 ## Enable Central Postgress and MariaDB instead of dedicated container per application
 enable_central_database:          true
-enable_central_database_mailu:    "{{enable_central_database}}"
 
 ## Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer:  true

group_vars/all/13_design.yml

@@ -4,15 +4,6 @@ defaults_design:
     colors:
       # General Colors
       base: "#001f3f"
-      
-      # Sucess Color
-      success:  "#B2D3B2"
-      # As the warning color – a light brown (earth)
-      warning:  "#D2B48C"
-      # For error messages (standard red)
-      error:    "#DC3545"
-      # As the info color – a very light blue (symbolizing the sky)
-      info:     "#F0F8FF"
     filters:
       saturation_change:  70
       hue_shift:          0

roles/docker-bigbluebutton/templates/env.j2

@@ -43,16 +43,17 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
 DOMAIN={{domain}}
 
 EXTERNAL_IPv4={{networks.internet.ip4}}
-EXTERNAL_IPv6=
+# The following line is not tested and could lead to bugs:
+EXTERNAL_IPv6={{networks.internet.ip6}}
 
 # STUN SERVER
 # stun.freeswitch.org
 STUN_IP={{networks.internet.ip4}}
-STUN_PORT=3478
+STUN_PORT={{ ports.public.stun[application_id] }}
 
 # TURN SERVER
 # uncomment and adjust following two lines to add an external TURN server
-TURN_SERVER=turns:{{domain}}:5349?transport=tcp
+TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
 TURN_SECRET={{bigbluebutton_turn_secret}}
 
 # Allowed SIP IPs
@@ -282,7 +283,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
 #   approval - For approve/decline registration
 DEFAULT_REGISTRATION=invite
 
-{% if oidc.enabled | bool %}
+{% if applications[application_id].oidc.enabled | bool %}
 ### EXTERNAL AUTHENTICATION METHODS
 # @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
 #

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -112,7 +112,7 @@ run:
   ## If you want to set the 'From' email address for your first registration, uncomment and change:
   ## After getting the first signup email, re-comment the line. It only needs to run once.
   #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
-{% if oidc.enabled | bool %}
+{% if applications[application_id].oidc.enabled | bool %}
   # Deactivate Default Login
   - exec: rails r "SiteSetting.enable_local_logins = false"
   - exec: rails r "SiteSetting.enable_passkeys = false" # https://meta.discourse.org/t/passwordless-login-using-passkeys/285589

roles/docker-friendica/vars/main.yml

@@ -1,4 +1,4 @@
 application_id:     "friendica"
 database_password:  "{{friendica_database_password}}"
 database_type:      "mariadb"
-no_validation:      "{{oidc.enabled}}"                # Email validation is not neccessary if OIDC is active
+no_validation:      "{{applications[application_id].oidc.enabled}}" # Email validation is not neccessary if OIDC is active

roles/docker-keycloak/templates/import/realm.json.j2

@@ -835,7 +835,7 @@
       "secret": "{{oidc.client.secret}}",
       "redirectUris": [
         {%- set redirect_uris = [] -%}
-        {%- for application, domain in defaults_domains.items() -%}
+        {%- for application, domain in domains.items() -%}
           {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
             {%- if domain is string -%}
               {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}

roles/docker-mailu/templates/env.j2

@@ -12,7 +12,7 @@
 LD_PRELOAD=/usr/lib/libhardened_malloc.so 
 
 # Set to a randomly generated 16 bytes string
-SECRET_KEY={{mailu_secret_key}}
+SECRET_KEY={{applications.mailu.secret_key}}
 
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET={{networks.local.mailu.subnet}}
@@ -118,7 +118,7 @@ WEBSITE=https://{{domain}}
 # json-file (default)
 # journald (On systemd platforms, useful for Fail2Ban integration)
 # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
-# LOG_DRIVER=json-file
+LOG_DRIVER=syslog
 
 # docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
@@ -145,20 +145,20 @@ LOG_LEVEL=WARNING
 SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 
-API_TOKEN={{mailu_api_token}}
+API_TOKEN={{applications.mailu.api_token}}
 
 # Activated https://mailu.io/master/configuration.html#advanced-settings
 AUTH_REQUIRE_TOKENS=True
 
 
-{% if oidc.enabled | bool %}
+{% if applications[application_id].oidc.enabled | bool %}
 ################################### 
 # OpenID Connect settings
 ###################################
 # @see https://github.com/heviat/Mailu-OIDC/tree/master
 
 # Enable OpenID Connect. Possible values: True, False
-OIDC_ENABLED={{ oidc.enabled | string | capitalize }}
+OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize }}
 # OpenID Connect provider configuration URL
 OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
 # OpenID redirect URL if HOSTNAME not matching your login url

roles/docker-mailu/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:               "mailu"
-database_password:  	        "{{mailu_database_password}}"
+database_password:  	        "{{applications.mailu.database_password}}"
 database_type:                "mariadb"
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false
@@ -7,8 +7,8 @@ enable_wildcard_certificate:  false
 # I don't know why this configuration is necessary.
 # Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
 # @todo research
-enable_central_database:      "{{enable_central_database_mailu}}"
+enable_central_database:      "{{applications.mailu.enable_central_database}}"
 
 # Use dedicated source for oidc if activated  
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
-docker_source:                "{{ 'ghcr.io/heviat' if oidc.enabled | bool else 'ghcr.io/mailu' }}"
+docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"

roles/docker-mastodon/templates/env.j2

@@ -52,14 +52,14 @@ SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
 SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
 
-{% if oidc.enabled | bool %}
+{% if applications[application_id].oidc.enabled | bool %}
 ################################### 
 # OpenID Connect settings
 ###################################
 # @see https://github.com/mastodon/mastodon/pull/16221
 # @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
 
-OIDC_ENABLED={{ oidc.enabled | string | lower }}
+OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }}
 OIDC_DISPLAY_NAME="{{primary_domain | upper}} SSO"
 OIDC_ISSUER={{oidc.client.issuer_url}}
 OIDC_DISCOVERY=true

roles/docker-nextcloud/tasks/ldap.yml

@@ -1,3 +1,4 @@
 # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
+# @todo implement
 #docker compose exec -u www-data application php occ app:enable user_ldap

roles/docker-nextcloud/tasks/main.yml

@@ -24,8 +24,8 @@
 
 - name: Include OIDC-specific tasks
   include_tasks: oidc.yml
-  when: oidc.enabled | bool
+  when: applications[application_id].oidc.enabled | bool
 
-#- name: Include LDAP specific tasks
+- name: Include LDAP specific tasks
-#  include_tasks: ldap.yml
+  include_tasks: ldap.yml
-#  when: ldap.enabled | bool
+  when: applications[application_id].ldap_enabled | bool

roles/nginx-modifier-css/templates/global.css.j2

@@ -14,13 +14,6 @@ HINT:
         --color-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color(target_lightness=(i / 100),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
         --color-rgb-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color_rgb(target_lightness=(i / 100),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
     {% endfor %}
-
-    /** Special Action Colors **/
-    --success-color:    {{ design.css.colors.success }};
-    --warning-color:    {{ design.css.colors.warning }};
-    --error-color:      {{ design.css.colors.error }};
-    --info-color:       {{ design.css.colors.info }};
-
 }
 
 @media (prefers-color-scheme: dark) {
@@ -30,12 +23,6 @@ HINT:
             --color-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color(target_lightness=(1 - (i / 100)),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
             --color-rgb-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color_rgb(target_lightness=(1 - (i / 100)),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
         {% endfor %}
-
-        /** Special Action Colors **/
-        --success-color:    {{ design.css.colors.success | adjust_color(target_lightness=(1 - 0.2)) }};
-        --warning-color:    {{ design.css.colors.warning | adjust_color(target_lightness=(1 - 0.3)) }};
-        --error-color:      {{ design.css.colors.error   | adjust_color(target_lightness=(1 - 0.3)) }};
-        --info-color:       {{ design.css.colors.info    | adjust_color(target_lightness=(1 - 0.2)) }};
     }
 }
 
@@ -62,10 +49,6 @@ HINT:
     --bs-secondary: var(--color-65);
     --bs-body-bg: var(--color-90);
     --bs-body-color: var(--color-40);
-    --bs-danger: var(--error-color);
-    --bs-warning: var(--warning-color);
-    --bs-success: var(--success-color);
-    --bs-info: var(--info-color);
     --bs-link-color: var(--color-50);
     --bs-btn-color: var(--color-40);
 }
@@ -275,8 +258,13 @@ HINT:
   --pf-v5-global--icon--Color--dark--light:    var(--color-99);
   --pf-v5-global--icon--Color--light--dark:    var(--color-40);
   --pf-v5-global--icon--Color--dark--dark:     var(--color-10);
+
 }
 
+/* Additional Keykloak Configuration */
+a.pf-v5-c-nav__link{
+    --pf-v5-c-nav__link--BackgroundColor: rgba(var(--color-rgb-56), 0.4);
+}
 
 /* gitea */
 :root {
@@ -577,26 +565,6 @@ h1, h2, h3, h4, h5, h6, p{
     color: var(--color-10) !important;
 }
 
-/* Bootstrap */
-
-/* States: Success, Warning, Error, Info (Background and Text Colors) */
-.success, .alert-success {
-    background-color: var(--success-color) !important;
-    color: var(--color-40) !important;
-}
-.warning, .alert-warning {
-    background-color: var(--warning-color) !important;
-    color: var(--color-40) !important;
-}
-.error, .alert-danger {
-    background-color: var(--error-color) !important;
-    color: var(--color-40) !important;
-}
-.info, .alert-info {
-    background-color: var(--info-color) !important;
-    color: var(--color-40) !important;
-}
-
 /* Navigation (Background and Text Colors) */
 .navbar, .navbar-light, .navbar-dark {
     background-color:   var(--color-90) !important;
@@ -664,10 +632,6 @@ html.ng-csp header#header{
     background-color:   var(--color-80) !important;
 }
 
-html.ng-csp div#postsetupchecks ul.warnings{
-    color: var(--error-color) !important;
-}
-
 html.ng-csp div#postsetupchecks ul.info{
     background-color: transparent !important;
 }
@@ -733,7 +697,7 @@ section.main.kanban{
 }
 
 div.master, div.kanban-header, div.kanban-table-inner, section.kanban button,a.dropdown-project-list-projects{
-    background-color: var(--info-color) !important;
+    background-color: var(--color-92) !important;
     color: var(--color-40) !important;
 }
 

templates/docker/compose/networks.yml.j2

@@ -9,7 +9,7 @@ networks:
     external: true
 {% endif %}
   default:
-{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %}
+{% if application_id in networks.local and networks.local[application_id].subnet is defined %}
     driver: bridge
     ipam:
       driver: default