Solved bugs and refactored

Refactored applications.keycloak* variables
Adapted code for virgin setup
2025-04-28 18:30:24 +02:00 · 2025-02-15 17:43:36 +01:00 · 2025-02-15 16:24:31 +01:00 · 2025-02-15 16:02:27 +01:00 · 2025-02-15 14:52:39 +01:00
24 changed files with 195 additions and 119 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -71,6 +71,9 @@ defaults_applications:
  keycloak:
    version:              "latest"
    administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak
+#   database_password:        # Needs to be defined in inventory file   
+#   administrator_password:   # Needs to be defined in inventory file      
+

  ## LDAP
  ldap:
@ -147,7 +150,7 @@ defaults_applications:
    version:            "latest"
    redirect_url:       "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
    allowed_roles:      admin                                                                                       # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
-    cookie_secret:      "{{applications.oauth2_proxy.cookie_secret}}"                                               # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
+    cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16

  ## Open Project
  openproject:
--- a/group_vars/all/13_theming.yml
+++ b/group_vars/all/13_theming.yml
@ -2,19 +2,12 @@ global_theming:
  enabled: true
  css:
    colors:
-      # For buttons and highlights – symbolizes the sea (slate blue)
-      primary: "#4F6D7A"
-      # For navigation, footers, etc. – a subtly light brown with a grayish tint (earth)
-      secondary: "#C8A28F"
-      # For the general (light mode) background – an azul, blue–gray tone
-      background: "#DCE6F2"
-      # For dark mode: a dark, blue–gray background
-      background_dark: "#2E3B4E"
-      # For the text – true black
-      text: "#2E3B4E"
-      # Accent color (e.g., for links or buttons) – a golden tone symbolizing the sun
-      accent: "#FFD700"
-      # As the positive/success color – a light, slightly grayish green (forest)
+      # General Colors
+      base: "#001f3f"
+
+      # Special Action Colors
+
+      # Sucess Color
      success: "#B2D3B2"
      # As the warning color – a light brown (earth)
      warning: "#D2B48C"
@ -22,20 +15,4 @@ global_theming:
      error: "#DC3545"
      # As the info color – a very light blue (symbolizing the sky)
      info: "#F0F8FF"
-      # Links – in this case, identical to primary (sea)
-      link: "#4F6D7A"
-      # Button text – white
-      button_text: "#FFFFFF"
-      # Shadows & borders (unchanged)
-      shadow: "rgba(0, 0, 0, 0.1)"
-      border: "#DDDDDD"
-      # New settings for cards and buttons:
-      # Cards: a slightly lighter tone than the background for subtle differentiation
-      card_bg_color: "#E6EFF9"
-      # Buttons: a background that is only a bit darker than the main background and in a blue tone
-      button_bg_color: "#C6D7E6"
-      # Bold, larger shadow for containers (cards, dropdowns, etc.)
-      large_shadow: "4px 4px 15px rgba(0, 0, 0, 0.2)"
-      # Reduced shadow for buttons
-      small_shadow: "1px 1px 3px rgba(0, 0, 0, 0.1)"
 global_theming_enabled: true
--- a/playbook.constructor.yml
+++ b/playbook.constructor.yml
@ -15,7 +15,7 @@
        {{
          (defaults_redirect_domain_mappings | items2dict(key_name='source', value_name='target'))
          | combine(
-              (redirect_domain_mappings | items2dict(key_name='source', value_name='target')),
+              (redirect_domain_mappings | default([]) | items2dict(key_name='source', value_name='target')),
              recursive=True
            )
        }}
--- a/playbook.destructor.yml
+++ b/playbook.destructor.yml
@ -3,4 +3,4 @@
  become: true
  roles:
    - role: system-storage-optimizer
-      when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool"
+      when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
--- a/roles/docker-attendize/tasks/main.yml
+++ b/roles/docker-attendize/tasks/main.yml
@ -4,7 +4,8 @@
    name: docker-central-database

 - name: "include tasks to receive attendize certbot certificate"
-  include_tasks: recieve-certbot-certificate.yml
+  include_role: 
+    name: nginx-https-recieve-certificate
  vars:
    domain: "{{ item }}"
  loop:
--- a/roles/docker-keycloak/README.md
+++ b/roles/docker-keycloak/README.md
@ -17,32 +17,6 @@ The role integrates Keycloak with PostgreSQL as a database and supports operatio
 - Docker and Docker Compose must be installed on the target system.
 - A working NGINX proxy for forwarding requests to Keycloak (optional).

-## Variables ⚙️
-
-### Main Variables
-
-Defined in `vars/main.yml`:
-
-| Variable                        | Description                                                      |
-|---------------------------------|------------------------------------------------------------------|
-| `application_id`   | Name of the Docker Compose project. Default: `keycloak`.         |
-| `database_type`                 | Type of the database. Default: `postgres`.                      |
-| `database_password`             | Password for the PostgreSQL database user.                      |
-
-### Additional Variables (Templates)
-
-| Variable                        | Description                                                      |
-|---------------------------------|------------------------------------------------------------------|
-| `applications.keycloak.version`              | Version of the Keycloak image.                                  |
-| `domain`                        | Domain where Keycloak will be accessible.                       |
-| `applications.keycloak.administrator_username` | Admin username for Keycloak.                                   |
-| `keycloak_administrator_password` | Admin password for Keycloak.                                   |
-| `database_host`                 | Host of the PostgreSQL database.                                |
-| `database_name`                 | Name of the PostgreSQL database.                                |
-| `database_username`             | Username for the PostgreSQL database.                          |
-| `http_port`                     | Port where Keycloak will be accessible (default: `8080`).       |
-| `docker_restart_policy`         | Docker restart policy (e.g., `always`, `unless-stopped`).       |
-
 ## Tasks 🛠️

 The role performs the following main tasks:
--- a/roles/docker-keycloak/templates/env.j2
+++ b/roles/docker-keycloak/templates/env.j2
@ -2,7 +2,7 @@ KC_HOSTNAME=                    https://{{domain}}
 KC_HTTP_ENABLED=                true
 KC_HEALTH_ENABLED=              true
 KEYCLOAK_ADMIN=                 "{{applications.keycloak.administrator_username}}"
-KEYCLOAK_ADMIN_PASSWORD=        "{{keycloak_administrator_password}}"
+KEYCLOAK_ADMIN_PASSWORD=        "{{applications.keycloak.administrator_password}}"
 KC_DB=                          postgres
 KC_DB_URL=                      jdbc:postgresql://{{database_host}}/{{database_name}}
 KC_DB_USERNAME=                 {{database_username}}
--- a/roles/docker-keycloak/vars/main.yml
+++ b/roles/docker-keycloak/vars/main.yml
@ -1,4 +1,4 @@
 application_id:  	      "keycloak"
 database_type:          "postgres"
-database_password:      "{{keycloak_database_password}}"
+database_password:      "{{applications.keycloak.database_password}}"
 ldap_enabled:   True
--- a/roles/docker-mastodon/tasks/create-domains.yml
+++ b/roles/docker-mastodon/tasks/create-domains.yml
@ -1,6 +1,7 @@
- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
-
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate
+    
 - name: configure {{domain}}.conf
  template: 
    src:  "mastodon.conf.j2" 
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -3,8 +3,9 @@
  include_role: 
    name: docker-central-database

- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate
  vars:
    domain:     "{{domains.matrix_synapse}}"
    http_port:  "{{ports.localhost.http.matrix_synapse}}"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -3,8 +3,9 @@
  include_role: 
    name: docker-central-database

- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate

 - name: create nextcloud nginx proxy configuration file
  template: 
--- a/roles/docker-peertube/tasks/create-domains.yml
+++ b/roles/docker-peertube/tasks/create-domains.yml
@ -1,5 +1,6 @@
- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate

 - name: configure {{domain}}.conf
  template: 
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -16,6 +16,11 @@
    group: administrator
  when: run_once_docker is not defined

+- name: Set docker_enabled to true, to activate system-storage-optimizer 
+  set_fact:
+    docker_enabled: true
+  when: run_once_docker is not defined
+
 - name: flush docker service
  meta: flush_handlers
  when: run_once_docker is not defined
--- a/roles/nginx-domain-redirect/tasks/main.yml
+++ b/roles/nginx-domain-redirect/tasks/main.yml
@ -1,6 +1,7 @@
 ---
 - name: "include task receive certbot certificate"
-  include_tasks: recieve-certbot-certificate.yml
+  include_role: 
+    name: nginx-https-recieve-certificate
  vars:
    domain: "{{item.source}}"
  loop: "{{domain_mappings}}"
--- a/roles/nginx-global-css/filter_plugins/color_filters.py
+++ b/roles/nginx-global-css/filter_plugins/color_filters.py
@ -1,19 +1,66 @@
-def adjust_color(hex_color, amount):
-    # Remove the leading '#' if present
+import colorsys
+
+def adjust_color(hex_color, lightness_change=0, hue_shift=0, saturation_change=0):
+    """
+    Adjust a HEX color in HSL space.
+    @See https://chatgpt.com/c/67b08ad4-eb58-800f-80cc-f1b22d8c64f3
+    
+    - lightness_change: Percentage points to add or subtract from lightness (0-100 => 0-1 in HSL).
+    - hue_shift: Degrees to shift hue (e.g., +180 for complementary).
+    - saturation_change: Percentage points to add or subtract from saturation (0-100 => 0-1 in HSL).
+    
+    Uses a 'cyclical' approach for lightness and saturation:
+      If the new value goes above 1, it wraps around (subtract 1).
+      If it goes below 0, it wraps around (add 1).
+    This creates strong contrast when crossing boundaries.
+    """
+
+    # Strip leading '#' if present
    hex_color = hex_color.lstrip('#')
    
-    # Extract the RGB components
+    # Parse the original RGB values
    r = int(hex_color[0:2], 16)
    g = int(hex_color[2:4], 16)
    b = int(hex_color[4:6], 16)
    
-    # Adjust the values, ensuring they remain within the range 0-255
-    r = max(0, min(255, r + amount))
-    g = max(0, min(255, g + amount))
-    b = max(0, min(255, b + amount))
+    # Convert from [0..255] range to [0..1] for colorsys
+    r /= 255.0
+    g /= 255.0
+    b /= 255.0
    
-    # Convert the values back into a hexadecimal string
-    return '#{0:02x}{1:02x}{2:02x}'.format(r, g, b)
+    # Convert RGB -> HLS (note: in Python, it's Hue, Lightness, Saturation)
+    # Hue, Lightness, Saturation are each in [0..1]
+    h, l, s = colorsys.rgb_to_hls(r, g, b)
+    
+    # Shift hue by (hue_shift / 360)
+    # e.g., hue_shift=180 => shift by 0.5 in HLS space
+    h = (h + (hue_shift / 360.0)) % 1.0
+    
+    # Shift saturation (cyc wrap)
+    # saturation_change is e.g. +20 => +0.20 in HLS
+    s_new = s + (saturation_change / 100.0)
+    if s_new > 1:
+        s_new -= 1
+    elif s_new < 0:
+        s_new += 1
+    
+    # Shift lightness (cyc wrap)
+    # lightness_change is e.g. +30 => +0.30 in HLS
+    l_new = l + (lightness_change / 100.0)
+    if l_new > 1:
+        l_new -= 1
+    elif l_new < 0:
+        l_new += 1
+    
+    # Convert back to RGB
+    new_r, new_g, new_b = colorsys.hls_to_rgb(h, l_new, s_new)
+    
+    # Scale back to [0..255]
+    new_r = int(new_r * 255)
+    new_g = int(new_g * 255)
+    new_b = int(new_b * 255)
+    
+    return '#{:02x}{:02x}{:02x}'.format(new_r, new_g, new_b)

 class FilterModule(object):
    '''Custom filters for Ansible'''
--- a/roles/nginx-global-css/templates/global.css.j2
+++ b/roles/nginx-global-css/templates/global.css.j2
@ -7,25 +7,42 @@ HINT: Better overwritte CSS variables instead of individual elements.
 */

 :root {
-    --primary-color:    {{ global_theming.css.colors.primary }};
-    --secondary-color:  {{ global_theming.css.colors.secondary }};
-    --brightest-color:  {{ global_theming.css.colors.button_text }};
-    --bright-color:     {{ global_theming.css.colors.background }};
-    --dark-color:       {{ global_theming.css.colors.background_dark }};
+    /** Derived Colors from the Base Color **/
+
+    /* Primary Color: the base color itself */
+    --primary-color:       {{ global_theming.css.colors.base }};
+    
+    /* Secondary Color: slightly lightened */
+    --secondary-color:     {{ global_theming.css.colors.base | adjust_color(15) }};
+    
+    /* Complementary Color: moderately lightened to fall within a mid-brightness range */
+    --complementary-color: {{ global_theming.css.colors.base | adjust_color(30) }};
+    
+    /* Bright Background: significantly lightened */
+    --bright-color:        {{ global_theming.css.colors.base | adjust_color(45) }};
+    
+    /* Brightest Tone (e.g., for button text or accents): nearly white */
+    --brightest-color:     {{ global_theming.css.colors.base | adjust_color(60) }};
+    
+    /* Dark Background: a darker variant of the base color */
+    --dark-color:          {{ global_theming.css.colors.base | adjust_color(-30) }};
+    
+    /* Border Color: slightly offset with a light adjustment */
+    --border-color:        {{ global_theming.css.colors.base | adjust_color(10) }};
+    
+    /* Button Background: a gentle lightening for soft contrast */
+    --button-bg-color:     {{ global_theming.css.colors.base | adjust_color(20) }};
+
+    /** Special Action Colors **/
    --success-color:    {{ global_theming.css.colors.success }};
    --warning-color:    {{ global_theming.css.colors.warning }};
    --error-color:      {{ global_theming.css.colors.error }};
    --info-color:       {{ global_theming.css.colors.info }};
-    --shadow-color:     {{ global_theming.css.colors.shadow }};
-    --border-color:     {{ global_theming.css.colors.border }};
-    
-    /* New variables for cards and buttons */
-    --card-bg-color:    {{ global_theming.css.colors.card_bg_color }};
-    --large-shadow:     {{ global_theming.css.colors.large_shadow }};
-    --button-bg-color:  {{ global_theming.css.colors.button_bg_color }};
-    --small-shadow:     {{ global_theming.css.colors.small_shadow }};
+
 }

+
+
 /* Bootstrap Overrides (Color/Shadow Variables Only) */
 :root {
    --bs-primary: var(--primary-color);
@ -42,11 +59,11 @@ HINT: Better overwritte CSS variables instead of individual elements.

 /** Keycloak Overrides **/ 
 :root{
-    --pf-v5-global--Color--100:         {{global_theming.css.colors.background_dark | adjust_color(10) }};
-    --pf-v5-global--Color--200:         {{global_theming.css.colors.background_dark | adjust_color(30) }};
-    --pf-v5-global--Color--light-100:   {{global_theming.css.colors.background_dark | adjust_color(0) }};
-    --pf-v5-global--Color--light-200:   {{global_theming.css.colors.background_dark | adjust_color(20) }};
-    --pf-v5-global--Color--light-300:   {{global_theming.css.colors.background_dark | adjust_color(40) }};
+    --pf-v5-global--Color--100:         {{  global_theming.css.colors.base | adjust_color(-30) }};
+    --pf-v5-global--Color--200:         {{  global_theming.css.colors.base | adjust_color(-10) }};
+    --pf-v5-global--Color--light-100:   {{  global_theming.css.colors.base | adjust_color(-30) }};
+    --pf-v5-global--Color--light-200:   {{  global_theming.css.colors.base | adjust_color(-10) }};
+    --pf-v5-global--Color--light-300:   {{  global_theming.css.colors.base | adjust_color(10) }};
 } 

 /** Mastodon Overrides **/
@ -67,11 +84,18 @@ HINT: Better overwritte CSS variables instead of individual elements.
    --color-primary-element-light:  var(--secondary-color);
 }

-/* Peertube Overrides */
+/** Peertube **/
 :root {
    --mainColor: var(--primary-color);
 }

+/** Pixelfed **/
+:root {
+    --card-bg:          var(--complementary-color);
+    --light-gray:       var(--complementary-color);
+}
+
+
 /* Global Defaults (Colors Only) */
 body {
    background-color: var(--bright-color) !important;
@ -125,7 +149,6 @@ input, textarea, select {
 }
 input:focus, textarea:focus, select:focus {
    border-color: var(--primary-color) !important;
-    /** box-shadow: 0 0 5px var(--shadow-color);**/
 }

 /* Navigation (Background and Text Colors) */
@ -159,8 +182,7 @@ thead {
 /* Cards / Containers (Background, Border, and Shadow)
   Cards now use a slightly lighter background and a bold, clear shadow */
 .card {
-    background-color: var(--card-bg-color) !important;
-    /** box-shadow: var(--large-shadow) !important;**/
+    background-color: var(--complementary-color) !important;
    border-color: var(--border-color) !important;
 }

@ -195,7 +217,7 @@ button.icon-button {

 /** Keycloak **/
 body#keycloak-bg main{
-    background-color: var(--card-bg-color) !important;
+    background-color: var(--complementary-color) !important;
 }

 div#app header, div#app header *{
@ -204,7 +226,7 @@ div#app header, div#app header *{
 }

 div#app div#page-sidebar, div#app main#kc-main-content-page-container{
-    background-color: var(--card-bg-color) !important;
+    background-color: var(--complementary-color) !important;
 }

 div#app main#kc-main-content-page-container section, 
--- a/roles/nginx-https-recieve-certificate/README.md
+++ b/roles/nginx-https-recieve-certificate/README.md
@ -0,0 +1,39 @@
+# Let's Encrypt Certificate Role
+
+This Ansible role uses Certbot to obtain Let's Encrypt SSL/TLS certificates. It supports both dedicated and wildcard certificate requests based on domain conditions. It can also clean up (delete) dedicated certificates when cleanup mode is enabled.
+
+## Features
+
+- **Dedicated Certificate Request:**  
+  Requests a certificate for a given domain using Certbot's `certonly` command with the webroot plugin.
+
+- **Wildcard Certificate Request:**  
+  When enabled, obtains a wildcard certificate for the primary domain (including both the primary domain and all its direct subdomains).
+
+- **Certificate Cleanup:**  
+  Provides an option to delete dedicated certificates if cleanup mode is active.
+
+- **Run Once for Wildcard:**  
+  Ensures that the wildcard certificate task runs only once to prevent duplicate requests.
+
+## Tasks Overview
+
+- **Receive Dedicated Certificate:**  
+  Executes Certbot to request a dedicated certificate for `{{ domain }}` when a wildcard certificate is not applicable.
+
+- **Receive Wildcard Certificate:**  
+  Executes Certbot to request a wildcard certificate for `*{{ primary_domain }}` under the appropriate conditions.
+
+- **Cleanup Dedicated Certificate:**  
+  Runs Certbot's delete command to remove the dedicated certificate if cleanup mode is active.
+
+- **Run Once Flag:**  
+  Sets a fact to ensure that the wildcard certificate task is executed only once per playbook run.
+
+## Author
+
+This role is authored by [Kevin Veen-Birkenbach](https://www.veen.world).
+
+---
+
+Feel free to contribute or open issues if you have suggestions or encounter any problems with the role. Enjoy secure connections with Let's Encrypt and Ansible!
--- a/roles/nginx-https-recieve-certificate/meta/main.yml
+++ b/roles/nginx-https-recieve-certificate/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+- nginx-https
--- a/roles/nginx-https-recieve-certificate/tasks/main.yml
+++ b/roles/nginx-https-recieve-certificate/tasks/main.yml
--- a/roles/nginx/meta/main.yml
+++ b/roles/nginx/meta/main.yml
@ -1,2 +1,3 @@
 dependencies:
  - health-nginx
+  - nginx-global
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -33,11 +33,15 @@
  notify: restart nginx
  when: run_once_nginx is not defined

- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
-  vars:
-    domain: "{{primary_domain}}"
-  when: run_once_nginx is not defined
+# Activated due to the reason that certificate management should be part of role nginx-https
+# I don't know why this is activated here. 
+# Propably solved on 2025-02-15 . Please remove latest on 2025-12-31 if no errors appear or earlier
+#
+#- name: "include task certbot-and-globals.yml"
+#  include_tasks: certbot-and-globals.yml
+#  vars:
+#    domain: "{{primary_domain}}"
+#  when: run_once_nginx is not defined

 - name: flush nginx service
  meta: flush_handlers
--- a/tasks/certbot-and-globals.yml
+++ b/tasks/certbot-and-globals.yml
@ -1,6 +0,0 @@
- name: "include task receive certbot certificate"
-  include_tasks: recieve-certbot-certificate.yml
-
- name: Load global Nginx Configuration
-  include_role:
-    name: nginx-global
--- a/tasks/create-proxy-with-domain-replace.yml
+++ b/tasks/create-proxy-with-domain-replace.yml
@ -1,5 +1,6 @@
- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate

 - name: "include task create-domain-conf.yml"
  include_tasks: create-domain-conf.yml
--- a/tasks/nginx-docker-proxy-domain.yml
+++ b/tasks/nginx-docker-proxy-domain.yml
@ -1,5 +1,6 @@
- name: "include task certbot-and-globals.yml"
-  include_tasks: certbot-and-globals.yml
+- name: "include role receive certbot certificate"
+  include_role: 
+    name: nginx-https-recieve-certificate

 - name: "include task create-domain-conf.yml"
  include_tasks: create-domain-conf.yml
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	62f9bab052	Solved bugs and refactored	2025-02-15 17:43:36 +01:00
Kevin Veen-Birkenbach	c7da4ddd8f	Refactored applications.keycloak* variables	2025-02-15 16:24:31 +01:00
Kevin Veen-Birkenbach	0b98bc1541	Adapted code for virgin setup	2025-02-15 16:02:27 +01:00
Kevin Veen-Birkenbach	99b262c0a6	Optimized CSS generation, auto generated on base color	2025-02-15 14:52:39 +01:00