Optimized template

Renamed matomo
Added simpleicons network and port configuration
2025-09-09 11:47:14 +02:00 · 2025-07-07 07:34:41 +02:00 · 2025-07-07 07:27:51 +02:00 · 2025-07-07 07:26:55 +02:00 · 2025-07-07 07:25:57 +02:00 · 2025-07-07 05:21:36 +02:00
131 changed files with 1396 additions and 845 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ site.retry
 *__pycache__
 venv
 *.log
+*.bak
--- a/cli/create_docker_role.py
+++ b/cli/create_docker_role.py
@@ -2,143 +2,162 @@
 import argparse
 import os
 import shutil
-import yaml
+import sys
 import ipaddress
+import difflib
 from jinja2 import Environment, FileSystemLoader
+from ruamel.yaml import YAML

 # Paths to the group-vars files
 PORTS_FILE = './group_vars/all/09_ports.yml'
 NETWORKS_FILE = './group_vars/all/10_networks.yml'
-ROLE_TEMPLATE_DIR = './docker-template'
+ROLE_TEMPLATE_DIR = './templates/docker_role'
 ROLES_DIR = './roles'

+yaml = YAML()
+yaml.preserve_quotes = True

-def load_yaml(path):
+
+def load_yaml_with_comments(path):
    with open(path) as f:
-        return yaml.safe_load(f)
+        return yaml.load(f)


-def dump_yaml(data, path):
+def dump_yaml_with_comments(data, path):
    with open(path, 'w') as f:
-        yaml.safe_dump(data, f, sort_keys=False)
+        yaml.dump(data, f)


 def get_next_network(networks_dict, prefixlen):
-    # Collect all local subnets matching the given prefix length
+    """Select the next contiguous subnet, based on the highest existing subnet + one network offset."""
    nets = []
-    for name, info in networks_dict['defaults_networks']['local'].items():
+    local = networks_dict['defaults_networks']['local']
+    for name, info in local.items():
+        # info is a dict with 'subnet' key
        net = ipaddress.ip_network(info['subnet'])
        if net.prefixlen == prefixlen:
            nets.append(net)
-    # Sort by network address and return the first one
+    if not nets:
+        raise RuntimeError(f"No existing /{prefixlen} subnets to base allocation on.")
    nets.sort(key=lambda n: int(n.network_address))
-    return nets[0]
+    last = nets[-1]
+    offset = last.num_addresses
+    next_net = ipaddress.ip_network((int(last.network_address) + offset, prefixlen))
+    return next_net


-def get_next_port(ports_dict, category, service):
-    used = set()
-    # Gather already taken ports under localhost.category
-    for svc, port in ports_dict['ports']['localhost'].get(category, {}).items():
-        used.add(int(port))
-    # Start searching from port 1 upwards
-    candidate = 1
-    while candidate in used:
-        candidate += 1
-    return candidate
+def get_next_port(ports_dict, category):
+    """Assign the next port by taking the max existing plus one."""
+    loc = ports_dict['ports']['localhost'][category]
+    existing = [int(v) for v in loc.values()]
+    return (max(existing) + 1) if existing else 1


-def render_template(src_dir, dst_dir, context):
-    env = Environment(
-        loader=FileSystemLoader(src_dir),
-        keep_trailing_newline=True,
-        autoescape=False,
-    )
+def prompt_conflict(dst_file):
+    print(f"Conflict detected: {dst_file}")
+    print("[1] overwrite, [2] skip, [3] merge")
+    choice = None
+    while choice not in ('1', '2', '3'):
+        choice = input("Enter 1, 2, or 3: ").strip()
+    return choice
+
+
+def render_templates(src_dir, dst_dir, context):
+    env = Environment(loader=FileSystemLoader(src_dir), keep_trailing_newline=True, autoescape=False)
+    env.filters['bool'] = lambda x: bool(x)
+
    for root, _, files in os.walk(src_dir):
-        rel_path = os.path.relpath(root, src_dir)
-        target_path = os.path.join(dst_dir, rel_path)
-        os.makedirs(target_path, exist_ok=True)
-        for filename in files:
-            template = env.get_template(os.path.join(rel_path, filename))
-            rendered = template.render(**context)
-            out_name = filename[:-3] if filename.endswith('.j2') else filename
-            with open(os.path.join(target_path, out_name), 'w') as f:
+        rel = os.path.relpath(root, src_dir)
+        target = os.path.join(dst_dir, rel)
+        os.makedirs(target, exist_ok=True)
+        for fn in files:
+            tpl = env.get_template(os.path.join(rel, fn))
+            rendered = tpl.render(**context)
+            out = fn[:-3] if fn.endswith('.j2') else fn
+            dst_file = os.path.join(target, out)
+
+            if os.path.exists(dst_file):
+                choice = prompt_conflict(dst_file)
+                if choice == '2':
+                    print(f"Skipping {dst_file}")
+                    continue
+                if choice == '3':
+                    with open(dst_file) as f_old:
+                        old_lines = f_old.readlines()
+                    new_lines = rendered.splitlines(keepends=True)
+                    additions = [l for l in new_lines if l not in old_lines]
+                    if additions:
+                        with open(dst_file, 'a') as f:
+                            f.writelines(additions)
+                        print(f"Merged {len(additions)} lines into {dst_file}")
+                    else:
+                        print(f"No new lines to merge into {dst_file}")
+                    continue
+                # overwrite
+                print(f"Overwriting {dst_file}")
+                with open(dst_file, 'w') as f:
+                    f.write(rendered)
+            else:
+                # create new file
+                with open(dst_file, 'w') as f:
                    f.write(rendered)


 def main():
+    # Load dynamic port categories
+    ports_data = load_yaml_with_comments(PORTS_FILE)
+    categories = list(ports_data['ports']['localhost'].keys())
+
    parser = argparse.ArgumentParser(
-        description="Create a Docker Ansible role with Jinja2 templates, and assign network and ports"
-    )
-    parser.add_argument(
-        '--application-id', '-a', required=True,
-        help="Unique ID of the application (used in the role name)"
-    )
-    parser.add_argument(
-        '--network', '-n', choices=['24', '28'], required=True,
-        help="Network prefix length to assign (/24 or /28)"
-    )
-    parser.add_argument(
-        '--ports', '-p', nargs='+', metavar="CATEGORY.SERVICE", required=True,
-        help="List of ports in the format category.service (e.g. http.nextcloud)"
+        description="Create or update a Docker Ansible role, and globally assign network and ports with comments preserved"
    )
+    parser.add_argument('-a', '--application-id', required=True, help="Unique application ID")
+    parser.add_argument('-n', '--network', choices=['24', '28'], required=True, help="Network prefix length (/24 or /28)")
+    parser.add_argument('-p', '--ports', nargs='+', choices=categories, required=True, help=f"Port categories to assign (allowed: {', '.join(categories)})")
    args = parser.parse_args()

-    app_id = args.application_id
-    role_name = f"docker-{app_id}"
+    app = args.application_id
+    role = f"docker-{app}"
+    role_dir = os.path.join(ROLES_DIR, role)

-    # 1) Create the role from the template
-    role_dir = os.path.join(ROLES_DIR, role_name)
    if os.path.exists(role_dir):
-        parser.error(f"Role {role_name} already exists at {role_dir}")
-    render_template(ROLE_TEMPLATE_DIR, role_dir, {
-        'application_id': app_id,
-        'role_name': role_name,
-    })
-    print(f"→ Role {role_name} created at {role_dir}")
+        if input(f"Role {role} exists. Continue? [y/N]: ").strip().lower() != 'y':
+            print("Aborting.")
+            sys.exit(1)
+    else:
+        os.makedirs(role_dir)

-    # 2) Assign network
-    networks = load_yaml(NETWORKS_FILE)
+    # 1) Render all templates with conflict handling
+    render_templates(ROLE_TEMPLATE_DIR, role_dir, {'application_id': app, 'role_name': role, 'database_type': 0})
+    print(f"→ Templates applied to {role_dir}")
+
+    # 2) Update global networks file, preserving comments
+    networks = load_yaml_with_comments(NETWORKS_FILE)
    prefix = int(args.network)
-    chosen_net = get_next_network(networks, prefix)
-    out_net = {
-        'defaults_networks': {
-            'application': {
-                app_id: str(chosen_net)
-            }
-        }
-    }
-    net_file = f'./group_vars/{app_id}_network.yml'
-    dump_yaml(out_net, net_file)
-    print(f"→ Assigned network {chosen_net} (/{prefix}) and wrote to {net_file}")
+    new_net = get_next_network(networks, prefix)
+    networks['defaults_networks']['local'][app] = {'subnet': str(new_net)}
+    shutil.copy(NETWORKS_FILE, NETWORKS_FILE + '.bak')
+    dump_yaml_with_comments(networks, NETWORKS_FILE)
+    print(f"→ Assigned network {new_net} in {NETWORKS_FILE}")

-    # 3) Assign ports
-    ports_yaml = load_yaml(PORTS_FILE)
+    # 3) Update global ports file, preserving comments
+    ports_data = load_yaml_with_comments(PORTS_FILE)
    assigned = {}
-    for entry in args.ports:
-        try:
-            category, service = entry.split('.', 1)
-        except ValueError:
-            parser.error(f"Invalid port spec: {entry}. Must be CATEGORY.SERVICE")
-        port = get_next_port(ports_yaml, category, service)
-        # Insert into the in-memory ports data under localhost
-        ports_yaml['ports']['localhost'].setdefault(category, {})[service] = port
-        assigned[entry] = port
-
-    # Backup and write updated all/09_ports.yml
-    backup_file = PORTS_FILE + '.bak'
-    shutil.copy(PORTS_FILE, backup_file)
-    dump_yaml(ports_yaml, PORTS_FILE)
-    print(f"→ Assigned ports: {assigned}. Updated {PORTS_FILE} (backup at {backup_file})")
-
-    # Also write ports to the application’s own vars file
-    out_ports = {'ports': {'localhost': {}}}
-    for entry, port in assigned.items():
-        category, service = entry.split('.', 1)
-        out_ports['ports']['localhost'].setdefault(category, {})[service] = port
-    ports_file = f'./group_vars/{app_id}_ports.yml'
-    dump_yaml(out_ports, ports_file)
-    print(f"→ Wrote assigned ports to {ports_file}")
+    for cat in args.ports:
+        loc = ports_data['ports']['localhost'].setdefault(cat, {})
+        if app in loc:
+            print(f"→ Existing port for {cat} and {app}: {loc[app]}, skipping.")
+        else:
+            pnum = get_next_port(ports_data, cat)
+            loc[app] = pnum
+            assigned[cat] = pnum

+    if assigned:
+        shutil.copy(PORTS_FILE, PORTS_FILE + '.bak')
+        dump_yaml_with_comments(ports_data, PORTS_FILE)
+        print(f"→ Assigned ports {assigned} in {PORTS_FILE}")
+    else:
+        print("→ No new ports assigned.")

 if __name__ == '__main__':
    main()
--- a/docs/guides/developer/Role_Creation.md
+++ b/docs/guides/developer/Role_Creation.md
@@ -111,11 +111,6 @@ Now that you have defined the application settings, domain, and application ID,
          dockerfile: {{ path_cymais_my_service_output.stdout }}/Dockerfile
        ports:
          - "127.0.0.1:{{ ports.localhost.http[application_id] }}:5000"
-        healthcheck:
-          test: ["CMD", "curl", "-f", "http://127.0.0.1:5000"]
-          interval: 1m
-          timeout: 10s
-          retries: 3
        volumes:
          - {{ path_cymais_my_service_output.stdout }}:/app
          - {{ path_cymais_output.stdout }}:/source
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@@ -61,6 +61,7 @@ ports:
      syncope: 8041
      collabora: 8042
      mobilizon: 8043 
+      simpleicons: 8044
      bigbluebutton: 48087    # This port is predefined by bbb. @todo Try to change this to a 8XXX port
  # Ports which are exposed to the World Wide Web
  public:
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@@ -86,6 +86,8 @@ defaults_networks:
      subnet: 192.168.103.80/28
    collabora:
      subnet: 192.168.103.96/28
+    simpleicons:
+      subnet: 192.168.103.112/28

    # /24 Networks / 254 Usable Clients
    bigbluebutton:
@@ -96,4 +98,3 @@ defaults_networks:
      subnet: 192.168.201.0/24
    central_ldap:
      subnet: 192.168.202.0/24
-  
--- a/roles/docker-akaunting/templates/docker-compose.yml.j2
+++ b/roles/docker-akaunting/templates/docker-compose.yml.j2
@@ -1,10 +1,7 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:

-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}

    image: "{{ applications[application_id].images[application_id] }}"
    build:
@@ -15,10 +12,10 @@ services:
      - data:/var/www/html
    environment:
      - AKAUNTING_SETUP
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-akaunting/vars/configuration.yml
+++ b/roles/docker-akaunting/vars/configuration.yml
@@ -12,4 +12,8 @@ credentials:
 domains:
  canonical:
    - "accounting.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true

--- a/roles/docker-attendize/templates/docker-compose.yml.j2
+++ b/roles/docker-attendize/templates/docker-compose.yml.j2
@@ -1,8 +1,4 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  web:
    image: "{{ applications[application_id].images.web }}"
@@ -11,23 +7,23 @@ services:
    volumes:
      - .:/usr/share/nginx/html
      - .:/var/www
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      maildev:
      worker:
    env_file:
      - ./.env
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  worker:
    image: "{{ applications[application_id].images.worker }}"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      maildev:
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    volumes:
      - .:/usr/share/nginx/html
      - .:/var/www

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-attendize/vars/configuration.yml
+++ b/roles/docker-attendize/vars/configuration.yml
@@ -7,7 +7,12 @@ features:
  css:              true
  portfolio_iframe: false
  central_database: true
-
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
 domains:
  canonical:
    - "tickets.{{ primary_domain }}"
--- a/roles/docker-baserow/templates/docker-compose.yml.j2
+++ b/roles/docker-baserow/templates/docker-compose.yml.j2
@@ -1,22 +1,18 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications[application_id].images.baserow }}"
    container_name: baserow-application
    volumes:
      - data:/baserow/data
    ports:
      - "{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
  redis:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-baserow/vars/configuration.yml
+++ b/roles/docker-baserow/vars/configuration.yml
@@ -5,3 +5,9 @@ features:
  css:                true
  portfolio_iframe:   true
  central_database:   true
+docker:
+  services:
+    redis:
+      enabled:        true
+    database:
+      enabled: true
--- a/roles/docker-bluesky/templates/docker-compose.yml.j2
+++ b/roles/docker-bluesky/templates/docker-compose.yml.j2
@@ -1,18 +1,18 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
  pds:
+{% set container_port = 3000 %}
+{% set container_healthcheck = 'xrpc/_health' %}
    image: "{{ applications[application_id].images.pds }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
        - pds_data:/opt/pds
        - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro
    ports:
-      - "127.0.0.1:{{ports.localhost.http.bluesky_api}}:3000"
-    healthcheck:
-      test: ["CMD", "wget", "--spider", "http://127.0.0.1:3000/xrpc/_health"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
+      - "127.0.0.1:{{ports.localhost.http.bluesky_api}}:{{ container_port }}"
+
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

 #  Deactivated for the moment @see https://github.com/bluesky-social/social-app
  web:
@@ -33,9 +33,9 @@ services:
      interval: 30s
      timeout: 10s
      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  pds_data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-bluesky/vars/configuration.yml
+++ b/roles/docker-bluesky/vars/configuration.yml
@@ -12,3 +12,7 @@ domains:
  canonical:
    web:  "bskyweb.{{ primary_domain }}"
    api:  "bluesky.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-central-database/templates/services/main.yml.j2
+++ b/roles/docker-central-database/templates/services/main.yml.j2
@@ -0,0 +1 @@
+{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
--- a/roles/docker-collabora/templates/docker-compose.yml.j2
+++ b/roles/docker-collabora/templates/docker-compose.yml.j2
@@ -1,6 +1,4 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  collabora:
    image: collabora/code
@@ -8,8 +6,8 @@ services:
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"

-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-collabora/vars/configuration.yml
+++ b/roles/docker-collabora/vars/configuration.yml
@@ -1,3 +1,9 @@
 domains:
  canonical:
    - "collabora.{{ primary_domain }}"
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: false # May this is wrong. Just set during refactoring
--- a/roles/docker-compose/templates/base.yml.j2
+++ b/roles/docker-compose/templates/base.yml.j2
@@ -0,0 +1,15 @@
+{# Base template for all docker-compose.yml.j2 #}
+services:
+{# Load Database #}
+{% if applications[application_id].docker.database.enabled | default(false) | bool %}
+{% include 'roles/docker-central-database/templates/services/main.yml.j2' %}
+{% endif %}
+{# Load Redis #}
+{% if applications[application_id].docker.redis.enabled | default(false) | bool %}
+{% include 'roles/docker-redis/templates/service.yml.j2' %}
+{% endif %}
+{# Load OAuth2 Proxy #}
+{% if not applications | is_feature_enabled('oauth2',application_id) %}
+{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% endif %}
+{{ "\n" }}
--- a/roles/docker-compose/templates/networks.yml.j2
+++ b/roles/docker-compose/templates/networks.yml.j2
--- a/roles/docker-compose/templates/volumes-just-database.yml.j2
+++ b/roles/docker-compose/templates/volumes-just-database.yml.j2
--- a/roles/docker-compose/templates/volumes.yml.j2
+++ b/roles/docker-compose/templates/volumes.yml.j2
--- a/roles/docker-container/README.md
+++ b/roles/docker-container/README.md
@@ -0,0 +1,49 @@
+# Role: docker-container
+
+## Description
+
+This Ansible role supplies common Jinja2 snippets for composing Docker services consistently. Rather than repeating the same YAML blocks, you include one or more of the provided templates in your `docker-compose.yml.j2`.
+
+## Overview
+
+The following templates are available under `roles/docker-container/templates/`:
+
+- **base.yml.j2**  
+  Common service settings: `restart`, `env_file`, `logging`.
+
+- **networks.yml.j2**  
+  Conditional network attachments:
+  - `central_<database_type>` when `central_database` feature is enabled  
+  - `central_ldap` when LDAP feature and network are enabled  
+  - `default`
+
+- **depends_on_dmbs.j2**  
+  Builds a `depends_on:` block automatically:
+  - If `central_database` is **off**, renders an empty list `depends_on: []`  
+  - Otherwise, includes `database` and/or `redis` with healthcheck conditions
+
+- **healthcheck/**  
+  Four strategies:
+  - `curl.yml.j2` (HTTP via `curl -f`)  
+  - `wget.yml.j2` (HTTP via `wget --spider`)  
+  - `tcp.yml.j2`  (TCP socket test)  
+  - `msmtp_curl.yml.j2` (SMTP first, then HTTP via `curl`; avoids duplicate emails)
+
+Include whichever snippets your service requires to keep your Compose files DRY and maintainable.
+
+## Features
+
+- **Modular templates**  
+  Mix only the blocks you need.
+
+- **Feature‐driven logic**  
+  Networks and dependencies adjust automatically based on your `applications` variables.
+
+- **Multiple healthcheck options**  
+  Pick the probe that works best for your container’s protocol and requirements.
+
+## Further Resources
+
+- [Docker Compose file reference](https://docs.docker.com/compose/compose-file/)  
+- [Ansible variable precedence](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#understanding-variable-precedence)  
+- [Jinja2 templating guide](https://jinja.palletsprojects.com/)  
--- a/roles/docker-compose/templates/services/base.yml.j2
+++ b/roles/docker-compose/templates/services/base.yml.j2
--- a/roles/docker-container/templates/depends_on_dmbs.j2
+++ b/roles/docker-container/templates/depends_on_dmbs.j2
@@ -0,0 +1,18 @@
+{# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #}
+{% if applications | is_feature_enabled('central_database', application_id)
+      and not (applications[application_id].docker.redis.enabled
+               | default(false)
+               | bool) %}
+    depends_on: []
+{% else %}
+    depends_on:
+  {% if not applications | is_feature_enabled('central_database', application_id) %}
+      database:
+        condition: service_healthy
+  {% endif %}
+  {% if applications[application_id].docker.redis.enabled | default(false) | bool %}
+      redis:
+        condition: service_healthy
+  {% endif %}
+{% endif %}
+{{ "\n" }}
--- a/roles/docker-container/templates/healthcheck/curl.yml.j2
+++ b/roles/docker-container/templates/healthcheck/curl.yml.j2
@@ -0,0 +1,10 @@
+    healthcheck:
+      test:
+        - "CMD"
+        - "curl"
+        - "-f"
+        - "http://127.0.0.1{{ (":" ~ container_port) if container_port is defined else '' }}/{{ container_healthcheck | default('') }}"
+      interval: 1m
+      timeout: 10s
+      retries: 3
+{{ "\n" }}
--- a/roles/docker-container/templates/healthcheck/msmtp_curl.yml.j2
+++ b/roles/docker-container/templates/healthcheck/msmtp_curl.yml.j2
@@ -22,3 +22,4 @@
      interval: 1m
      timeout: 20s
      retries: 3
+{{ "\n" }}
--- a/roles/docker-container/templates/healthcheck/tcp.yml.j2
+++ b/roles/docker-container/templates/healthcheck/tcp.yml.j2
@@ -0,0 +1,7 @@
+    healthcheck:
+      test:
+        - "CMD"
+        - "bash"
+        - "-c"
+        - "exec 3<>/dev/tcp/localhost/{{ container_port }} && echo -e 'GET /{{ container_healthcheck | default('') }} HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"
+{{ "\n" }}
--- a/roles/docker-container/templates/healthcheck/wget.yml.j2
+++ b/roles/docker-container/templates/healthcheck/wget.yml.j2
@@ -0,0 +1,11 @@
+    healthcheck:
+      test: 
+        - "CMD"
+        - "wget"
+        - "--spider"
+        - "--proxy=off"
+        - "http://127.0.0.1{{ (":" ~ container_port) if container_port is defined else '' }}/{{ container_healthcheck | default('') }}"
+      interval: 1m
+      timeout: 10s
+      retries: 3
+{{ "\n" }}
--- a/roles/docker-container/templates/networks.yml.j2
+++ b/roles/docker-container/templates/networks.yml.j2
--- a/roles/docker-coturn/templates/docker-compose.yml.j2
+++ b/roles/docker-coturn/templates/docker-compose.yml.j2
@@ -1,29 +1,23 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "gitea/gitea:{{applications.gitea.version}}"
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
      - "{{ports.public.ssh[application_id]}}:22"
    volumes:
      - data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
  coturn:
    image: coturn/coturn
    restart: always
--- a/roles/docker-coturn/vars/main.yml
+++ b/roles/docker-coturn/vars/main.yml
@@ -1,2 +1,3 @@
 application_id:     "coturn"
+container_port:   3000
 #database_type:      "mariadb"
--- a/roles/docker-discourse/templates/docker-compose.yml.j2
+++ b/roles/docker-discourse/templates/docker-compose.yml.j2
@@ -1,12 +1,8 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
  discourse_default:
    external: true
--- a/roles/docker-discourse/vars/configuration.yml
+++ b/roles/docker-discourse/vars/configuration.yml
@@ -21,3 +21,9 @@ csp:
 domains:
  canonical:
    - "forum.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
+    redis:
+      enabled: true
--- a/roles/docker-elk/templates/docker-compose.yml.j2
+++ b/roles/docker-elk/templates/docker-compose.yml.j2
@@ -1,4 +1,4 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  elasticsearch:
    build:
      context: elasticsearch/
@@ -61,5 +61,7 @@ services:
    depends_on:
      - elasticsearch

-volumes:
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  elasticsearch:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-espocrm/templates/docker-compose.yml.j2
+++ b/roles/docker-espocrm/templates/docker-compose.yml.j2
@@ -1,16 +1,12 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  web:
    image: "{{ applications[application_id].images.espocrm }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/"]
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
    ports:
      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:80"
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    volumes:
      - data:/var/www/html

@@ -20,7 +16,7 @@ services:
    logging:
      driver: journald
    entrypoint: docker-daemon.sh
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    volumes:
      - data:/var/www/html

@@ -35,14 +31,14 @@ services:
      - ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBSCRIBER_DSN=tcp://*:7777
      - ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBMISSION_DSN=tcp://websocket:7777
    entrypoint: docker-websocket.sh
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    volumes:
      - data:/var/www/html
    ports:
      - "127.0.0.1:{{ ports.localhost.websocket[application_id] }}:8080"

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@@ -27,3 +27,7 @@ domains:
    - "crm.{{ primary_domain }}"
 email:
  from_name: "Customer Relationship Management ({{ primary_domain }})"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-friendica/templates/docker-compose.yml.j2
+++ b/roles/docker-friendica/templates/docker-compose.yml.j2
@@ -1,10 +1,7 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    image: "{{ applications[application_id].images.friendica }}"
-    {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - html:{{ friendica_application_base }}
      - data:/var/www/data # I assume that this one is unnessecarry
@@ -12,13 +9,12 @@ services:
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"

-{% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/msmtp_curl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
  html:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-friendica/vars/configuration.yml
+++ b/roles/docker-friendica/vars/configuration.yml
@@ -26,3 +26,7 @@ oauth2_proxy:
 addons:
  keycloakpassword:
  ldapauth:
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-funkwhale/templates/docker-compose.yml.j2
+++ b/roles/docker-funkwhale/templates/docker-compose.yml.j2
@@ -1,8 +1,4 @@
-services:
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  celeryworker:
    # Celery workers handle background tasks (such file imports or federation
    # messaging). The more processes a worker gets, the more tasks
@@ -12,7 +8,7 @@ services:
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications | get_docker_image(application_id,'api') }}"
    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency={{celeryd_concurrency}}
    environment:
@@ -20,18 +16,18 @@ services:
    volumes:
      - "data:{{funkwhale_media_root}}"
      - "music:{{funkwhale_music_directory_path}}:ro"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  celerybeat:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications | get_docker_image(application_id,'api') }}"
    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  api:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications | get_docker_image(application_id,'api') }}"
    volumes:
      - "music:{{funkwhale_music_directory_path}}:ro"
@@ -39,11 +35,11 @@ services:
      - "funkwhale_static_root:{{funkwhale_static_root}}"
    ports:
      - "{{ funkwhale_docker_api_port }}"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  front:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications | get_docker_image(application_id,'front') }}"
    depends_on:
      - api
@@ -56,7 +52,7 @@ services:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
  
  typesense:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications[application_id].docker.images.typesense }}"
    volumes:
      - ./typesense/data:/data
@@ -64,10 +60,10 @@ services:
    profiles:
      - typesense

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
  funkwhale_static_root:
  redis:
  music:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-funkwhale/vars/configuration.yml
+++ b/roles/docker-funkwhale/vars/configuration.yml
@@ -7,6 +7,11 @@ docker:
    api:        "funkwhale/api"
    front:      "funkwhale/front"
    typesense:  "typesense/typesense"
+  services:
+    redis:
+      enabled: true
+    database:
+      enabled: true
 features:
  matomo:             true
  css:                false
--- a/roles/docker-fusiondirectory/templates/docker-compose.yml.j2
+++ b/roles/docker-fusiondirectory/templates/docker-compose.yml.j2
@@ -1,20 +1,4 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
-
-  application:
-    container_name: {{ application_id }}
-    image: ghcr.io/ldapaccountmanager/lam:{{applications[application_id].version}}
-    ports:
-      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80 
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-
-{# include 'templates/docker/compose/volumes.yml.j2' #}
-
-{% include 'templates/docker/compose/networks.yml.j2' %}
-
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  fusiondirectory:
    image: tiredofit/fusiondirectory:latest
    container_name: fusiondirectory
@@ -39,5 +23,7 @@ services:
      - fusiondirectory_data:/assets/fusiondirectory
    restart: always

-volumes:
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  fusiondirectory_data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-gitea/templates/docker-compose.yml.j2
+++ b/roles/docker-gitea/templates/docker-compose.yml.j2
@@ -1,28 +1,20 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications[application_id].images.gitea }}"
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
      - "{{ports.public.ssh[application_id]}}:22"
    volumes:
      - data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-gitea/vars/configuration.yml
+++ b/roles/docker-gitea/vars/configuration.yml
@@ -37,3 +37,7 @@ csp:
 domains:
  aliases:
    - "git.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-gitea/vars/main.yml
+++ b/roles/docker-gitea/vars/main.yml
@@ -1,4 +1,5 @@
 application_id:     "gitea"
+container_port:   3000
 database_type:      "mariadb"
 gitea_ldap_auth_args:
  - '--name "LDAP ({{ primary_domain }})"'
--- a/roles/docker-gitlab/templates/docker-compose.yml.j2
+++ b/roles/docker-gitlab/templates/docker-compose.yml.j2
@@ -1,13 +1,9 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  web:
    image: "{{ applications[application_id].images.gitlab }}"
    hostname: '{{domains | get_domain(application_id)}}'
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
      - "{{ports.public.ssh[application_id]}}:22"
@@ -16,13 +12,13 @@ services:
      - 'logs:/var/log/gitlab'
      - 'data:/var/opt/gitlab'
    shm_size: '256m'
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:
  config:
  logs:
  data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-gitlab/vars/configuration.yml
+++ b/roles/docker-gitlab/vars/configuration.yml
@@ -5,3 +5,9 @@ features:
  css:                true
  portfolio_iframe:   true
  central_database:   true
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/docker-joomla/templates/docker-compose.yml.j2
+++ b/roles/docker-joomla/templates/docker-compose.yml.j2
@@ -1,18 +1,15 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    image: "{{ applications[application_id].images.joomla }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - data:/var/www/html
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-joomla/vars/configuration.yml
+++ b/roles/docker-joomla/vars/configuration.yml
@@ -4,6 +4,11 @@ features:
  matomo:             true
  css:                true
  portfolio_iframe:   true
+  central_database:   true
 domains:
  canonical:
    - "cms.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-keycloak/templates/docker-compose.yml.j2
+++ b/roles/docker-keycloak/templates/docker-compose.yml.j2
@@ -1,22 +1,18 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    image: "{{ applications[application_id].images.keycloak }}"
    container_name: {{container_name}}
    command: start {% if applications[application_id].import_realm | bool %}--import-realm{% endif %}
-    {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "{{ keycloak_server_host }}:8080"
    volumes:
      - "{{import_directory_host}}:{{import_directory_docker}}"
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "sh", "-c", "exec 3<>/dev/tcp/localhost/9000 && echo -e 'GET /health/live HTTP/1.1\\r\\nHost: {{domains | get_domain('keycloak')}}\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% set container_port = 9000 %}
+{% set container_healthcheck = 'health/live' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-keycloak/vars/configuration.yml
+++ b/roles/docker-keycloak/vars/configuration.yml
@@ -25,3 +25,7 @@ scopes:
  nextcloud:  nextcloud

 rbac_groups:  "/rbac"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-lam/templates/docker-compose.yml.j2
+++ b/roles/docker-lam/templates/docker-compose.yml.j2
@@ -1,15 +1,11 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    container_name: {{ application_id }}
    image: "{{ applications[application_id].images.lam }}"
    ports:
      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80 
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{# include 'templates/docker/compose/volumes.yml.j2' #}
-
-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -1,11 +1,9 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    image: "{{ applications[application_id].images.openldap }}"
    container_name: {{ applications[application_id].hostname }}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
 {% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %}
    ports:
      - 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}}  # Expose just on localhost so that nginx stream proxy can use it
@@ -22,9 +20,9 @@ services:
          -b cn=config "(&(objectClass=olcOverlayConfig)(olcOverlay=memberof))" \
        | grep "olcOverlay:" | grep -q "memberof"
        '
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-listmonk/templates/config.toml.j2
+++ b/roles/docker-listmonk/templates/config.toml.j2
@@ -3,7 +3,7 @@
 # of localhost will only listen to connections from the current machine. To
 # listen on all interfaces use '0.0.0.0'. To listen on the default web address
 # port, use port 80 (this will require running with elevated permissions).
-address = "0.0.0.0:9000"
+address = "0.0.0.0:{{ container_port }}"

 # Database.
 [db]
--- a/roles/docker-listmonk/templates/docker-compose.yml.j2
+++ b/roles/docker-listmonk/templates/docker-compose.yml.j2
@@ -1,19 +1,16 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% set container_healthcheck = 'health' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications[application_id].images.listmonk }}"
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
      - {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-    healthcheck:
-      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:9000/health || exit 1']
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}

-{% include 'templates/docker/compose/volumes-just-database.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes-just-database.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-listmonk/vars/configuration.yml
+++ b/roles/docker-listmonk/vars/configuration.yml
@@ -11,3 +11,7 @@ features:
 domains:
  canonical:
    - "newsletter.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-listmonk/vars/main.yml
+++ b/roles/docker-listmonk/vars/main.yml
@@ -1,5 +1,6 @@
 application_id: "listmonk"
 database_type:  "postgres"
+container_port: "9000"

 listmonk_settings:
  - key: "app.root_url"
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@@ -1,19 +1,15 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  # Core services
  resolver:
    image: {{docker_source}}/unbound:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: {{networks.local.mailu.dns}}

  front:
    image: {{docker_source}}/nginx:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
      - "{{networks.internet.ip4}}:25:25"
@@ -27,10 +23,10 @@ services:
    volumes:
      - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
      - "{{cert_mount_directory}}:/certs:ro"
-{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      resolver:
        condition: service_started
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
      webmail:
      radicale:
    dns:
@@ -38,22 +34,22 @@ services:
      
  admin:
    image: {{docker_source}}/admin:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "admin_data:/data"
      - "dkim:/dkim"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      resolver:
        condition: service_started
      front:
        condition: service_started
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  imap:
    image: {{docker_source}}/dovecot:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "dovecot_mail:/mail"
      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
@@ -62,11 +58,11 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  smtp:
    image: {{docker_source}}/postfix:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
      - "smtp_queue:/queue"
@@ -75,7 +71,7 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  oletools:
    image: {{docker_source}}/oletools:{{applications.mailu.version}}
@@ -85,12 +81,12 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
      noinet:

  antispam:
    image: {{docker_source}}/rspamd:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "filter:/var/lib/rspamd"
      - "dkim:/dkim"
@@ -102,39 +98,39 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
      noinet:  


  # Optional services
  antivirus:
    image: clamav/clamav-debian:latest
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "filter:/data"
    depends_on:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  webdav:
    image: {{docker_source}}/radicale:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "webdav_data:/data"
    depends_on:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
      radicale:

  fetchmail:
    image: {{docker_source}}/fetchmail:{{applications.mailu.version}}
    volumes:
      - "admin_data:/data"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    depends_on:
      - admin
      - smtp
@@ -142,11 +138,11 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  webmail:
    image: {{docker_source}}/webmail:{{applications.mailu.version}}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "webmail_data:/data"
      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
@@ -156,10 +152,10 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
      webmail:

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  smtp_queue:
  admin_data:
  webdav_data:
@@ -169,7 +165,7 @@ services:
  dovecot_mail:
  redis:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
  radicale:
    driver: bridge
  webmail:
--- a/roles/docker-mailu/vars/configuration.yml
+++ b/roles/docker-mailu/vars/configuration.yml
@@ -26,4 +26,9 @@ rbac:
  roles:
    mail-bot:
      description: "Has an token to send and recieve emails"
-    
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/docker-mastodon/templates/docker-compose.yml.j2
+++ b/roles/docker-mastodon/templates/docker-compose.yml.j2
@@ -1,46 +1,44 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  web:
+{% set container_port = 3000 %}
+{% set container_healthcheck = 'health' %}
    image: "{{ applications[application_id].images[application_id] }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
-    healthcheck:
-      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
    volumes:
      - data:/mastodon/public/system
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  streaming:
+{% set container_port = 4000 %}
+{% set container_healthcheck = 'api/v1/streaming/health' %}
    image: "{{ applications[application_id].images.streaming }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    command: node ./streaming
-    healthcheck:
-      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
    ports:
-      - "127.0.0.1:{{ports.localhost.websocket[application_id]}}:4000"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+      - "127.0.0.1:{{ports.localhost.websocket[application_id]}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  sidekiq:
    image: "{{ applications[application_id].images.mastodon }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    command: bundle exec sidekiq
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
    volumes:
      - data:/mastodon/public/system
    healthcheck:
      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-mastodon/vars/configuration.yml
+++ b/roles/docker-mastodon/vars/configuration.yml
@@ -17,3 +17,9 @@ csp:
  whitelist:
    frame-src:
      - "*"
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/docker-matomo/README.md
+++ b/roles/docker-matomo/README.md
@@ -1,4 +1,4 @@
-# Matomo Analytics
+# Matomo

 ## Description

--- a/roles/docker-matomo/templates/docker-compose.yml.j2
+++ b/roles/docker-matomo/templates/docker-compose.yml.j2
@@ -1,23 +1,16 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% set container_port = 80 %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ applications[application_id].images[application_id] }}"
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
      - data:/var/www/html
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/80 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-matomo/vars/configuration.yml
+++ b/roles/docker-matomo/vars/configuration.yml
@@ -25,3 +25,8 @@ domains:
  aliases:
    - "analytics.{{ primary_domain }}"
 excluded_ips: "{{ networks.internet.values() | list }}"
+
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-matrix/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix/templates/docker-compose.yml.j2
@@ -1,8 +1,6 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  synapse:
+{% set container_port = 8008 %}
    image: "{{ applications[application_id].images.synapse }}"
    container_name: matrix-synapse
    restart: {{docker_restart_policy}}
@@ -19,36 +17,28 @@ services:
      - SYNAPSE_SERVER_NAME={{domains.matrix.synapse}}
      - SYNAPSE_REPORT_STATS=no
    ports:
-      - "127.0.0.1:{{ports.localhost.http.synapse}}:8008"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8008/"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
+      - "127.0.0.1:{{ports.localhost.http.synapse}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% if bridges | length > 0 %}
-{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
 {% for item in bridges %}
      mautrix-{{item.bridge_name}}:
        condition: service_healthy
 {% endfor %}
 {% else %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% endif %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
  element:
+{% set container_port = 80 %}
    image: "{{ applications[application_id].images.element }}"
    container_name: matrix-element
    restart: {{docker_restart_policy}}
    volumes:
      - ./element-config.json:/app/config.json
    ports:
-      - "127.0.0.1:{{ports.localhost.http.element}}:80"
-    healthcheck:
-      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
+      - "127.0.0.1:{{ports.localhost.http.element}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

 {% for item in bridges %}
  mautrix-{{item.bridge_name}}:
@@ -62,7 +52,7 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% endfor %}
 {% if applications[application_id].plugins.chatgpt | bool %}
  matrix-chatgpt-bot:
@@ -106,10 +96,10 @@ services:
      MATRIX_RICH_TEXT: 'true'
 {% endif %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  synapse_data:
 {% if applications[application_id].plugins.chatgpt | bool %}
    chatgpt_data:
 {% endif %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-matrix/vars/configuration.yml
+++ b/roles/docker-matrix/vars/configuration.yml
@@ -1,3 +1,7 @@
+docker:
+  services:
+    database:
+      enabled: true
 images:
  synapse:            "matrixdotorg/synapse:latest"
  element:            "vectorim/element-web:latest"
--- a/roles/docker-mediawiki/templates/docker-compose.yml.j2
+++ b/roles/docker-mediawiki/templates/docker-compose.yml.j2
@@ -1,6 +1,4 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    # Seems like image tag got lost. @todo Check and implement if necessary
      log_driver: journald
@@ -11,10 +9,10 @@ services:
        - "mediawiki-data:/var/www/html/"
      ports:
        - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-mobilizon/templates/docker-compose.yml.j2
+++ b/roles/docker-mobilizon/templates/docker-compose.yml.j2
@@ -1,25 +1,18 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    image: "{{ applications[application_id].images[application_id] }}"
    volumes:
      - uploads:/var/lib/mobilizon/uploads
      - {{ mobilizon_host_conf_exs_file }}:/etc/mobilizon/config.exs:ro
    ports:
-      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ mobilizon_exposed_docker_port }}"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://127.0.0.1:{{ mobilizon_exposed_docker_port }}"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  uploads:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

--- a/roles/docker-mobilizon/templates/env.j2
+++ b/roles/docker-mobilizon/templates/env.j2
@@ -15,7 +15,7 @@ MOBILIZON_INSTANCE_HOST={{ domains | get_domain(application_id) }}
 # MOBILIZON_INSTANCE_LISTEN_IP

 # The port to listen on (defaults to 4000). Point your reverse proxy on this port.
-MOBILIZON_INSTANCE_PORT={{ mobilizon_exposed_docker_port }}
+MOBILIZON_INSTANCE_PORT={{ container_port }}

 # Whether registrations are opened or closed. Can be changed in the admin settings UI as well.
 # Make sure to moderate actively your instance if registrations are opened.
--- a/roles/docker-mobilizon/vars/configuration.yml
+++ b/roles/docker-mobilizon/vars/configuration.yml
@@ -16,3 +16,7 @@ domains:
    - "event.{{ primary_domain }}"
  aliases:
    - "events.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-mobilizon/vars/main.yml
+++ b/roles/docker-mobilizon/vars/main.yml
@@ -4,5 +4,5 @@ database_type:                  "postgres"
 database_gis_enabled:           true

 mobilizon_oidc_callback_url:    "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback"
-mobilizon_exposed_docker_port:  4000
+container_port:  4000
 mobilizon_host_conf_exs_file:   "{{docker_compose.directories.config}}config.exs"
--- a/roles/docker-moodle/templates/docker-compose.yml.j2
+++ b/roles/docker-moodle/templates/docker-compose.yml.j2
@@ -1,29 +1,25 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  moodle:
+{% set container_port = 8080 %}
    container_name: {{ container_name }}
    build:
      context: .
      dockerfile: Dockerfile
    image: moodle_custom
    ports:
-      - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - 'code:{{ bitnami_code_link }}'
      - 'data:{{ bitnami_data_dir }}'
-    healthcheck:
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/8080 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  code:
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
  
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@@ -25,3 +25,7 @@ csp:
 domains:
  canonical:
    - "academy.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-mybb/templates/docker-compose.yml.j2
+++ b/roles/docker-mybb/templates/docker-compose.yml.j2
@@ -1,7 +1,4 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    logging:
      driver: journald
@@ -11,8 +8,8 @@ services:
    restart: {{docker_restart_policy}}
    volumes:
      - data:/var/www/html
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

  server:
    logging:
@@ -26,9 +23,9 @@ services:
    volumes:
    - "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
    - "data:/var/www/html:ro"
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-mybb/vars/configuration.yml
+++ b/roles/docker-mybb/vars/configuration.yml
@@ -3,5 +3,10 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  portfolio_iframe:   false
+  portfolio_iframe:   true
  central_database:   true
+
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@@ -1,8 +1,4 @@
-services:
-
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
@@ -15,9 +11,9 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: 192.168.102.69

  # @Todo activate
@@ -49,16 +45,13 @@ services:
      driver: journald
    restart: {{docker_restart_policy}}
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
        - "{{docker_compose.directories.volumes}}nginx.conf:/etc/nginx/nginx.conf:ro"
    volumes_from:
      - application
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:80/"]
-      interval: 1m
-      timeout: 10s
-      retries: 3
+
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
    networks:
      default:
        ipv4_address: 192.168.102.67
@@ -77,12 +70,12 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: 192.168.102.70

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
  redis:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -11,7 +11,12 @@ csp:
 domains:
  canonical:
    - "cloud.{{ primary_domain }}"
-
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
 oidc:
  enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@@ -1,6 +1,7 @@
 ---
 # General
 application_id:                                     "nextcloud"                                                   # Application identifier
+container_port:                                   80

 # Database
 database_password:                                  "{{applications.nextcloud.credentials.database_password}}"    # Database password
--- a/roles/docker-openproject/templates/docker-compose.yml.j2
+++ b/roles/docker-openproject/templates/docker-compose.yml.j2
@@ -7,18 +7,15 @@ x-op-app: &app
    context: .
    dockerfile: Dockerfile

-services:
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  cache:
    image: memcached
    container_name: openproject-memcached
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}

  proxy:
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    image: {{custom_openproject_image}}
    container_name: openproject-proxy
    command: "./docker/prod/proxy"
@@ -34,32 +31,29 @@ services:

  web:
    <<: *app
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/web"
    container_name: openproject-web
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      cache:
        condition: service_started
      seeder:
        condition: service_started
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/health_checks/default"]
-      interval: 10s
-      timeout: 3s
-      retries: 3
-      start_period: 30s
+{% set container_port = 8080 %}
+{% set container_healthcheck = 'health_checks/default' %}
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
    volumes:
      - "data:/var/openproject/assets"
      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
      
  worker:
    <<: *app
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/worker"
    container_name: openproject-worker
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      cache:
        condition: service_started
      seeder:
@@ -71,11 +65,11 @@ services:

  cron:
    <<: *app
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/cron"
    container_name: openproject-cron
-{% include 'templates/docker/container/networks.yml.j2' %}
-{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      cache:
        condition: service_started
      seeder:
@@ -93,12 +87,12 @@ services:
    logging:
      driver: journald
    restart: on-failure
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    volumes:
      - "data:/var/openproject/assets"
      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes

-{% include 'templates/docker/compose/networks.yml.j2' %}
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-openproject/vars/configuration.yml
+++ b/roles/docker-openproject/vars/configuration.yml
@@ -27,3 +27,8 @@ csp:
 domains:
  canonical:
    - "project.{{ primary_domain }}"
+
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-peertube/templates/docker-compose.yml.j2
+++ b/roles/docker-peertube/templates/docker-compose.yml.j2
@@ -1,33 +1,26 @@
-services:
-  
-{% include 'templates/docker/services/redis.yml.j2' %}
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
+{% set container_port = 9000 %}
    image: chocobozzz/peertube:production-{{ applications[application_id].version }}
    container_name: {{ container_name }}
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
     - "1935:1935"  # @todo Add to ports
-     - "127.0.0.1:{{ports.localhost.http[application_id]}}:9000" 
+     - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}" 
    volumes:
      - assets:/app/client/dist
      - data:/data
      - config:/config
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
    healthcheck:
      # This just tests if the service is running on port 9000. It doesn't check if there is an 200 or e.g. an 404 response
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/9000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  assets:
  data:
  redis:
  config:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@@ -25,3 +25,9 @@ domains:
    - "video.{{ primary_domain }}"
  aliases:
    - "videos.{{ primary_domain }}"
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/docker-pgadmin/templates/docker-compose.yml.j2
+++ b/roles/docker-pgadmin/templates/docker-compose.yml.j2
@@ -1,20 +1,15 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
+{% set container_port = 80 %}
    image: dpage/pgadmin4:{{applications[application_id].version}}
    container_name: pgadmin
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
    volumes:
      - "data:/var/lib/pgadmin"
 {% if applications[application_id].server_mode | bool %}
@@ -22,7 +17,7 @@ services:
      - "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
 {% endif %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-pgadmin/vars/configuration.yml
+++ b/roles/docker-pgadmin/vars/configuration.yml
@@ -19,3 +19,7 @@ csp:
  whitelist:
    font-src:
      - "data:"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-phpldapadmin/templates/docker-compose.yml.j2
+++ b/roles/docker-phpldapadmin/templates/docker-compose.yml.j2
@@ -1,17 +1,15 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    container_name: {{ application_id }}
    image: leenooks/phpldapadmin:{{applications[application_id].version}}
    ports:
      - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}

-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2
+++ b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2
@@ -1,19 +1,14 @@
-services:
-
-{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
+{% set container_port = 80 %}
    image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
    container_name: phpmyadmin
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/80 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-phpmyadmin/vars/configuration.yml
+++ b/roles/docker-phpmyadmin/vars/configuration.yml
@@ -20,3 +20,7 @@ domains:
  aliases:
    - "mysql.{{ primary_domain }}"
    - "mariadb.{{ primary_domain }}"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/docker-pixelfed/templates/docker-compose.yml.j2
+++ b/roles/docker-pixelfed/templates/docker-compose.yml.j2
@@ -1,22 +1,18 @@
-services:
-
-{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
-
-{% include 'templates/docker/services/redis.yml.j2' %}
+{% include 'roles/docker-compose/templates/base.yml.j2' %}

  application:
    image: "{{ applications[application_id].images.pixelfed }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
      - "./env:/var/www/.env"
    ports:
      - "{{ports.localhost.http[application_id]}}:80"
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
  worker:
    image: "{{ applications[application_id].images.pixelfed }}"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
      - "./env:/var/www/.env"
@@ -26,13 +22,13 @@ services:
      interval: 60s
      timeout: 5s
      retries: 1
-{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on_dmbs.j2' %}
      application:
        condition: service_started
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/volumes.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:
  data:

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-pixelfed/vars/configuration.yml
+++ b/roles/docker-pixelfed/vars/configuration.yml
@@ -23,3 +23,9 @@ domains:
    - "picture.{{ primary_domain }}"
  aliases:
    - "pictures.{{ primary_domain }}"
+docker:
+  services:
+    redis:
+      enabled: true
+    database: 
+      enabled: true
--- a/roles/docker-portfolio/templates/docker-compose.yml.j2
+++ b/roles/docker-portfolio/templates/docker-compose.yml.j2
@@ -1,19 +1,17 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  portfolio:
+{% set container_port = 5000 %}
    build:
      context: {{docker_repository_path}}
      dockerfile: Dockerfile
    image: application-portfolio
    container_name: portfolio
    ports:
-      - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}
    volumes:
      - {{docker_repository_path}}app:/app
    restart: unless-stopped
-{% include 'templates/docker/container/networks.yml.j2' %}
-    healthcheck:
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/5000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-presentation/templates/docker-compose.yml.j2
+++ b/roles/docker-presentation/templates/docker-compose.yml.j2
@@ -1,4 +1,4 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  cymais-presentation:
    build:
      context:    {{ path_cymais_presentation_output.stdout }}
@@ -8,8 +8,8 @@ services:
    volumes:
      - {{ path_cymais_presentation_output.stdout }}:/app
      - {{ path_cymais_output.stdout }}:/source
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}

-{% include 'templates/docker/compose/networks.yml.j2' %}
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

--- a/roles/docker-redis/README.md
+++ b/roles/docker-redis/README.md
@@ -0,0 +1,43 @@
+# Role: docker-redis
+
+## Description
+
+This Ansible role provides a Jinja2 snippet to inject a Redis service definition into your Docker Compose setup. It renders a `service.yml.j2` template that defines a `redis` container with sensible defaults.
+
+## Overview
+
+The role’s `service.yml.j2` template includes:
+
+- An Alpine-based Redis image (`redis:alpine`)
+- Container naming based on `application_id` (defaults to `redis`)
+- Restart policy
+ 
+- Journald logging driver
+- A named volume (`redis:/data`) for persistence
+- A basic healthcheck using `redis-cli ping`
+- Attachment to the default network
+
+Include this snippet in your top-level `docker-compose.yml.j2` where you want Redis to appear.
+
+## Features
+
+- **Configurable `application_id`**  
+  Sets container name (`{{ application_id }}-redis`).
+
+- **Restart policy**  
+  Controlled by `docker_restart_policy`.
+
+- **Journald logging**  
+  Ensures logs are captured by systemd’s journal.
+
+- **Persistent storage**  
+  Declares and mounts `redis:/data`.
+
+- **Built-in healthcheck**  
+  Uses `redis-cli ping` with configurable intervals and retries.
+
+## Further Resources
+
+- [Official Redis Docker image on Docker Hub](https://hub.docker.com/_/redis)  
+- [Ansible Jinja2 documentation](https://docs.ansible.com/ansible/latest/user_guide/playbooks_templating.html)  
+- [Docker Compose reference](https://docs.docker.com/compose/compose-file/)  
--- a/roles/docker-redis/templates/service.yml.j2
+++ b/roles/docker-redis/templates/service.yml.j2
--- a/roles/docker-redis/vars/main.yml
+++ b/roles/docker-redis/vars/main.yml
@@ -0,0 +1 @@
+application_id: redis
--- a/roles/docker-roulette-wheel/templates/docker-compose.yml.j2
+++ b/roles/docker-roulette-wheel/templates/docker-compose.yml.j2
@@ -1,4 +1,4 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
    application:
        container_name: roulette_application
        build:
@@ -6,3 +6,5 @@ services:
        ports:
        - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
        restart: {{docker_restart_policy}}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-simpleicons/README.md
+++ b/roles/docker-simpleicons/README.md
@@ -0,0 +1,34 @@
+# Simple Icons
+
+## Description
+
+This Ansible role deploys and manages a containerized [Simple Icons](https://simpleicons.org/) server, providing easy access to over 2,000 SVG and PNG icons for use in web projects, documentation, and branding.
+
+## Overview
+
+Ideal for developers and content creators, the role simplifies deploying a dedicated icon server. It automates container setup, configuration, and routing, ensuring reliable, quick access to icons. Easily integrate scalable icons into your projects without managing individual asset files.
+
+## Purpose
+
+The Docker-SimpleIcons role streamlines the deployment and management of a simple, efficient icon server. It helps you:
+- Quickly deploy a lightweight, dedicated icon server.
+- Serve icons consistently and reliably across multiple projects.
+- Reduce manual maintenance of icon assets.
+- Integrate seamlessly with complementary Ansible roles and web server configurations.
+
+## Features
+
+- **Icon Server:** Serves scalable SVG and PNG icons from the Simple Icons collection.
+- **Containerized Deployment:** Utilizes Docker and Docker Compose for isolated, reliable deployment.
+- **Dynamic Icon Delivery:** Icons are dynamically served via RESTful endpoints.
+- **Customizable Setup:** Configure icon sizes, formats, and routes effortlessly.
+- **Efficient Integration:** Works seamlessly with web server roles for robust domain routing.
+- **Automated Maintenance:** Simplifies updates and re-deployments via automated container management.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/docker-simpleicons/files/env
+++ b/roles/docker-simpleicons/files/env
--- a/roles/docker-simpleicons/meta/main.yml
+++ b/roles/docker-simpleicons/meta/main.yml
@@ -0,0 +1,26 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Docker
+      versions:
+        - latest
+  galaxy_tags:
+    - docker
+    - icons
+    - branding
+    - svg
+    - png
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+  logo:
+    class: "fa-solid fa-icons"
+  run_after: []
--- a/roles/docker-simpleicons/tasks/main.yml
+++ b/roles/docker-simpleicons/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+  when: run_once_docker_simpleicons is not defined
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+  when: run_once_docker_simpleicons is not defined
+
+- name: "Copy '{{ application_id }}' files"
+  template:
+    src: "{{ item.source }}"
+    dest: "{{ item.target }}"
+    mode: '0755'
+  loop:
+    - { source: "server.js.j2",    target: "{{ simpleicons_host_server_file }}" }
+    - { source: "package.json.j2",  target: "{{ simpleicons_host_package_file }}" }
+  notify:
+    - docker compose up
+  when: run_once_docker_simpleicons is not defined
+
+- name: run the simpleicons tasks once
+  set_fact:
+    run_once_docker_portfolio: true
+  when: run_once_docker_simpleicons is not defined
--- a/roles/docker-simpleicons/templates/Dockerfile.j2
+++ b/roles/docker-simpleicons/templates/Dockerfile.j2
@@ -1,7 +1,7 @@
 FROM node:latest AS builder

 WORKDIR /app
-COPY package*.json ./
+COPY ./config/package*.json ./

 RUN npm install

@@ -9,8 +9,8 @@ FROM node:latest

 WORKDIR /app
 COPY --from=builder /app/node_modules ./node_modules
-COPY server.js .
+COPY ./config/server.js .

-EXPOSE 3000
+EXPOSE {{ container_port }}

 CMD ["node", "server.js"]
--- a/roles/docker-simpleicons/templates/docker-compose.yml.j2
+++ b/roles/docker-simpleicons/templates/docker-compose.yml.j2
@@ -1,4 +1,4 @@
-services:
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    build:
      context: .
@@ -6,9 +6,9 @@ services:
    image: simpleicons-server:latest
    container_name: simpleicons-server
    ports:
-      - "{{ports.localhost.http[application_id]}}:3000"
-{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-{% include 'templates/docker/container/networks.yml.j2' %}
-
-{% include 'templates/docker/compose/networks.yml.j2' %}
+      - "{{ports.localhost.http[application_id]}}:{{ container_port }}"
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}

+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/docker-simpleicons/templates/env.j2
+++ b/roles/docker-simpleicons/templates/env.j2
@@ -0,0 +1 @@
+{# This file just exists, because the framework requests it. #}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	a7b9467304	Optimized template	2025-07-07 07:34:41 +02:00
Kevin Veen-Birkenbach	8200abad85	Renamed matomo	2025-07-07 07:27:51 +02:00
Kevin Veen-Birkenbach	3f87f1fcd8	Added simpleicons network and port configuration	2025-07-07 07:26:55 +02:00
Kevin Veen-Birkenbach	63af5b8ef6	Finished simpleicons implementation	2025-07-07 07:25:57 +02:00
Kevin Veen-Birkenbach	a51bc1f4c7	Solved Moodle port mapping bug	2025-07-07 05:21:36 +02:00
Kevin Veen-Birkenbach	b9e5c3a337	Added tests for create docker function	2025-07-07 04:58:03 +02:00
Kevin Veen-Birkenbach	75d603db5b	Finished role creator	2025-07-07 04:53:18 +02:00
Kevin Veen-Birkenbach	a1465ef886	Solved tab bug	2025-07-07 04:51:04 +02:00
Kevin Veen-Birkenbach	eccace60f4	Optimized docker creation script	2025-07-07 04:41:42 +02:00
Kevin Veen-Birkenbach	634f1835fc	Optimized role creation script	2025-07-07 04:31:43 +02:00
Kevin Veen-Birkenbach	9762de2901	Added line breaks	2025-07-07 04:31:20 +02:00
Kevin Veen-Birkenbach	e25565c517	Solved docker refactoring bug	2025-07-07 03:58:40 +02:00
Kevin Veen-Birkenbach	ca0602a1c8	Finished docker refactoring	2025-07-07 03:48:19 +02:00
Kevin Veen-Birkenbach	38ed1e94e8	Refactored docker-compose roles	2025-07-07 03:24:54 +02:00
				`@@ -0,0 +1 @@`
				`{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}`
				`@@ -0,0 +1 @@`
				`{# This file just exists, because the framework requests it. #}`