Updated settings

roles/docker-listmonk/tasks/main.yml

@@ -3,10 +3,10 @@
   include_role: 
     name: docker-central-database
 
-- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications.listmonk.public_api_activated
+- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications[application_id].public_api_activated
   set_fact:
     nginx_docker_reverse_proxy_extra_configuration: >-
-      {% if not applications.listmonk.public_api_activated %}
+      {% if not applications[application_id].public_api_activated %}
       {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
       {% else %}
       ""
@@ -28,8 +28,40 @@
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml
 
-- name: setup routine for listmonk
+- name: Check if listmonk database is already initialized
+  command: docker compose exec -T {{database_host}} psql -U {{database_username}} -d {{database_name}} -c "\dt"
+  register: db_tables
+  changed_when: false
+  failed_when: false
+
+- name: Run Listmonk setup only if DB is empty
   command:
-    cmd:   docker compose run -T --rm application sh -c "yes | ./listmonk --install"
+    cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install"
     chdir: "{{docker_compose.directories.instance}}"
-  ignore_errors: true # Ignore errors if already setup
+  when: "'No relations found.' in db_tables.stdout"
+
+- name: Build OIDC settings JSON
+  set_fact:
+    oidc_settings_json: >-
+      {{ {
+         "enabled":       True,
+         "client_id":     oidc.client.id,
+         "provider_url":  oidc.client.issuer_url,
+         "client_secret": oidc.client.secret
+      } | to_json }}
+
+- name: Apply all Listmonk settings
+  shell: |
+    docker exec -i {{ database_host }} psql \
+      -U {{ database_username }} \
+      -d {{ database_name }} << 'EOSQL'
+    UPDATE settings
+    SET value = '{{ item.value }}'::jsonb
+    WHERE key = '{{ item.key }}';
+    EOSQL
+  args:
+    executable: /bin/bash
+  loop: "{{ listmonk_settings }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: item.when is not defined or item.when

roles/docker-listmonk/templates/config.toml.j2

@@ -21,4 +21,4 @@ max_idle = 25
 max_lifetime = "300s"
 
 # Optional space separated Postgres DSN params. eg: "application_name=listmonk gssencmode=disable"
-params = ""
+params = ""

roles/docker-listmonk/templates/env.j2

@@ -4,14 +4,3 @@ TZ=Etc/UTC
 
 LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
 LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
-
-{% if applications[application_id].features.oidc | bool %}
-################################### 
-# OpenID Connect settings
-###################################
-
-LISTMONK_security__oidc__enabled=true  
-LISTMONK_security__oidc__provider_url={{ oidc.client.discovery_document }}
-LISTMONK_security__oidc__client_id={{oidc.client.id}}
-LISTMONK_security__oidc__client_secret={{oidc.client.secret}}
-{% endif %}

roles/docker-listmonk/vars/main.yml

@@ -1,3 +1,25 @@
 application_id:  	  "listmonk"
 database_password:  "{{applications[application_id].credentials.database.password}}"
-database_type:      "postgres"
+database_type:      "postgres"
+
+listmonk_settings:
+  - key: "app.root_url"
+    value: '"https://{{ domains[application_id] }}"'
+
+  # OIDC integration (conditional)
+  - key: "security.oidc"
+    value: >-
+      {{ {
+         "enabled": True,
+         "client_id": oidc.client.id,
+         "provider_url": oidc.client.issuer_url,
+         "client_secret": oidc.client.secret
+      } | to_json }}
+    when: applications[application_id].features.oidc | bool
+
+  # hCaptcha toggles and credentials\ n  - key: "security.enable_captcha"
+    value: "true"
+  - key: "security.captcha_key"
+    value: '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'
+  - key: "security.captcha_secret"
+    value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'

templates/vars/applications.yml.j2

@@ -276,9 +276,12 @@ defaults_applications:
     credentials:
       database:
 #        password:                     ""                                          # Database password
+      hcaptcha:
+#       site_key:
+#       secret:
     public_api_activated:             False                                       # Security hole. Can be used for spaming
     version:                          "latest"                                    # Docker Image version
-    setup:                            false                                       # Set true in inventory file to execute the setup and initializing procedures
+
 {% endraw %}{{ features.render_features({
   'matomo':   true,
   'css':      true,