Ignored non functional code

03_SECURITY_GUIDELINES.md

@@ -23,6 +23,7 @@ For optimal personal security, we **strongly recommend** the following:
 
 Following these guidelines will significantly enhance your personal security—but remember, no system is completely immune to risk.
 
+A tutorial how to setup secure password management you will find [here](https://blog.veen.world/blog/2025/04/04/%f0%9f%9b%a1%ef%b8%8f-keepassxc-cymais-cloud-the-ultimate-guide-to-cross-device-password-security/)
 ---
 
 ## For Administrators

group_vars/all/07_applications.yml

@@ -623,9 +623,11 @@ defaults_applications:
 
   ## PgAdmin
   pgadmin:
-    version:                      "latest"
-    default_email:               "{{ users.administrator.email }}"              # Initial login email address
-    default_password:            "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
+    version:                     "latest"
+    users:
+      administrator:
+        email:                   "{{ users.administrator.email }}"              # Initial login email address
+        password:                "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
     oauth2_proxy:
       enabled:                    true                                           # Enable OAuth2 proxy for authentication
       application:                "application"

requirements.yml

@@ -2,3 +2,5 @@ collections:
   - name: kewlfft.aur
 pacman:
   - ansible
+pip:
+  - passlib

roles/docker-nextcloud/README.md

@@ -12,6 +12,10 @@ The role ensures consistent deployments, full automation, and secure configurati
 
 To automate the deployment of **secure, extensible, and production-ready Nextcloud instances** using Docker and Ansible.
 
+## User Guide
+
+The Nextcloud User Guide you will find [here](https://docs.nextcloud.com/server/latest/user_manual/en/).
+
 ## Features
 
 - Dockerized Nextcloud (PHP-FPM, Nginx, Cron, Redis)

roles/docker-oauth2-proxy/Setup.md

@@ -0,0 +1,9 @@
+# Setup
+
+## Cookie Secret
+
+To generate a cookie secret execute:
+
+```bash
+ansible-vault encrypt_string "$(openssl rand -hex 16)"
+```

roles/docker-pgadmin/templates/env.j2

@@ -1,5 +1,5 @@
-# Configuration @see https://hub.docker.com/r/dpage/pgadmin4
+# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
 
-PGADMIN_DEFAULT_EMAIL={{ applications.pgadmin.default_email }}
-PGADMIN_DEFAULT_PASSWORD={{ applications.pgadmin.default_password }}
+PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+PGADMIN_DEFAULT_PASSWORD={{ applications.[application_id].users.administrator.password }}
 PGADMIN_DISABLE_POSTFIX=True

roles/docker-phpmyadmin/templates/env.j2

@@ -1,7 +1,7 @@
 # Configuration @see https://hub.docker.com/_/phpmyadmin
 
 PMA_HOST= central-mariadb
-{% if applications.phpmyadmin.autologin | bool %}
+{% if applications.[application_id].autologin | bool %}
 PMA_USER= root
 PMA_PASSWORD= "{{central_mariadb_root_password}}"
 {% endif %}

roles/nginx-https-get-cert/tasks/main.yml

@@ -8,6 +8,8 @@
       # Wildcard certificate should not be used
       # OR: The domain is not a first-level subdomain of the primary domain
 
+# The following should not work, checkout the Setup.md instructions. 
+# @see https://chatgpt.com/share/67efa9f0-1cdc-800f-8bce-62b00fc3e6a2
 - name: "recieve wildcard certificate *{{ primary_domain }} for {{domain}}"
   command: >-
     certbot certonly --agree-tos --email {{ users.administrator.email }}                                          
@@ -20,6 +22,7 @@
       # AND: The domain is a direct first-level subdomain of the primary domain
     - run_once_recieve_certificate is not defined  
       # Ensure this task runs only once for the wildcard certificate
+  ignore_errors: true
 
 - name: "Cleanup dedicated cert for {{ domain }}"
   command: >-