Solved closing breakets name

filter_plugins/configuration_filters.py

@@ -0,0 +1,20 @@
+def get_oauth2_enabled(applications, application_id):
+    # Retrieve the application dictionary based on the ID
+    app = applications.get(application_id, {})
+    # Retrieve the value for oauth2_proxy.enabled, default is False
+    enabled = app.get('oauth2_proxy', {}).get('enabled', False)
+    return bool(enabled)
+
+def get_css_enabled(applications, application_id):
+    # Retrieve the application dictionary based on the given application_id.
+    app = applications.get(application_id, {})
+    # Retrieve the 'enabled' value from the css key, defaulting to True if not present.
+    enabled = app.get('css', {}).get('enabled', True)
+    return bool(enabled)
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            'get_css_enabled': get_css_enabled,
+            'get_oauth2_enabled': get_oauth2_enabled
+        }

group_vars/all/07_applications.yml

@@ -213,4 +213,15 @@ defaults_applications:
       enabled:                true
       application:            "application"
       port:                   "80"
-      location:               "/admin/"                       # Protects the admin arear
+      location:               "/admin/"                       # Protects the admin area
+    
+
+  wordpress:
+# Deactivate Global theming for wordpress role
+# due to the reason that wordpress has to much different themes
+# and one styling for all is not possible.
+#
+# May a solution could be to generate a template or css file dedicated
+# for wordpress based on the theming values and import it. 
+    css:
+      enabled:       false

group_vars/all/13_theming.yml

@@ -16,9 +16,3 @@ global_theming:
     filters:
       saturation_change:  70
       hue_shift:          0
-
-# Global Theming is default enabled for all roles
-# If you want to disable the global css for a role, set 
-# global_theming_enabled: false
-# in var/main.yml
-global_theming_enabled: true

group_vars/all/14_about.yml

@@ -0,0 +1,24 @@
+# This is just a dummy person.
+# Adapt the values in your inventory file
+person:
+  type:           "legal"                                           # Accepted Values: natural, legal
+  name:           "CyMaIS Demo Instance"
+  description:    
+    subtitel:        "Infrastructure Demo solutions"                   # Should be the length of su
+    summary:         "We offer infrastructure solutions for the world"
+    detailed:        ""
+  address:
+    street:       "Binary Avenue 01"
+    city:         "Cybertown"
+    postal_code:  "00001"
+    country:      "Nexusland"
+  contact:
+    bluesky:      "@{{administrator_username}}.{{domains.bluesky_api}}"
+    email:        "contact@{{primary_domain}}"
+    mastodon:     "@{{administrator_username}}@{{domains.mastodon}}"
+    matrix:       "@{{administrator_username}}:{{domains.matrix_synapse}}"
+    peertube:     "@{{administrator_username}}@{{domains.peertube}}"
+    pixelfed:     "@{{administrator_username}}@{{domains.pixelfed}}"
+    phone:        "+0 000 000 404"
+    wordpress:    "@{{administrator_username}}@{{domains.wordpress}}[0]"
+  code:           "https://github.com/kevinveenbirkenbach/cymais"

playbook.servers.yml

@@ -19,13 +19,11 @@
 
 # Priority: 1
 # Almost all other roles depend on the Matomo tracking
-- hosts: all
+- name: "setup matomo"
-  tasks:
+  hosts: matomo
-    - name: "setup matomo hosts if matomo hosts set or global_matomo_tracking_enabled"
-      include_role:
-        name: docker-matomo
-      when: "'matomo' in group_names or (global_matomo_tracking_enabled | bool)"
   become: true
+  roles:
+   -  role: docker-matomo
 
 # Priority: 2
 # Much other roles rely on a working ldap setup
@@ -44,7 +42,7 @@
    -  role: docker-keycloak
 
 - name: setup nextcloud hosts
-  hosts: nextcloud_server
+  hosts: nextcloud
   become: true
   roles:
    -  role: docker-nextcloud

roles/docker-akaunting/vars/main.yml

@@ -1,4 +1,4 @@
-application_id:     "akaunting"
+application_id:             "akaunting"
-database_type:      "mariadb"
+database_type:              "mariadb"
-database_password:  "{{akaunting_database_password}}"
+database_password:          "{{akaunting_database_password}}"
-repository_address: "https://github.com/akaunting/docker.git"
+docker_repository_address:  "https://github.com/akaunting/docker.git"

roles/docker-attendize/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-application_id:     "attendize"
+application_id:             "attendize"
-database_type:      "mariadb"
+database_type:              "mariadb"
-database_password:  "{{attendize_database_password}}"
+database_password:          "{{attendize_database_password}}"
-repository_address: "https://github.com/Attendize/Attendize.git"
+docker_repository_address:  "https://github.com/Attendize/Attendize.git"

roles/docker-discourse/handlers/main.yml

@@ -17,5 +17,5 @@
 - name: rebuild discourse
   command:
     cmd: "./launcher rebuild {{applications.discourse.container}}"
-    chdir: "{{discourse_repository_directory}}"
+    chdir: "{{docker_repository_directory }}"
   listen: recreate discourse

roles/docker-discourse/tasks/main.yml

@@ -32,15 +32,15 @@
 - name: pull docker repository
   git:
     repo: "https://github.com/discourse/discourse_docker.git"
-    dest: "{{discourse_repository_directory}}"
+    dest: "{{docker_repository_directory }}"
     update: yes
   notify: recreate discourse
   become: true
   ignore_errors: true
 
-- name: set chmod 700 for {{discourse_repository_directory}}containers
+- name: set chmod 700 for {{docker_repository_directory }}containers
   ansible.builtin.file:
-    path: "{{discourse_repository_directory}}/containers"
+    path: "{{docker_repository_directory }}/containers"
     mode: '700'
     state: directory
 
@@ -53,7 +53,7 @@
 - name: "destroy container discourse_application"
   command:
     cmd: "./launcher destroy discourse_application"
-    chdir: "{{discourse_repository_directory}}"
+    chdir: "{{docker_repository_directory }}"
   ignore_errors: true
   notify: recreate discourse
   when: mode_reset | bool

roles/docker-discourse/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                         "discourse"
 database_password:                      "{{ applications.discourse.database_password }}"
 database_type:                          "postgres"
-discourse_repository_directory:         "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
+docker_repository_directory :           "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
-discourse_application_yml_destination:  "{{discourse_repository_directory}}containers/{{applications.discourse.container}}.yml"
+discourse_application_yml_destination:  "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

roles/docker-keycloak/templates/import/realm.json.j2

@@ -836,7 +836,7 @@
       "redirectUris": [
         {%- set redirect_uris = [] -%}
         {%- for application, domain in defaults_domains.items() -%}
-          {%- if applications[application_id] is defined and applications[application_id].oauth2_proxy.enabled | default(false) | bool -%}
+          {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
             {%- if domain is string -%}
               {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
             {%- else -%}

roles/docker-matrix-compose/README.md

@@ -2,39 +2,10 @@
 
 ## Overview
 
-This document serves as the README for the `docker-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Docker. 
+This document serves as the README for the `docker-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Docker. This role was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)
 
 Matrix is an open-source project that provides a protocol for secure, decentralized, real-time communication. It offers features like end-to-end encrypted chat, VoIP, and file sharing, catering to both individual and enterprise users. With a focus on interoperability, Matrix can bridge with other communication systems, offering a unified platform for messaging and collaboration.
 
-## Dependencies
-
-- `nginx-docker-reverse-proxy` (see `meta/main.yml`)
-
-## Files and Their Functions
-
-1. **`vars/main.yml`**: Defines variables such as `docker_compose.directories.instance`.
-2. **`handlers/main.yml`**: Contains handlers like `recreate matrix` for restarting the Matrix service.
-3. **`tasks/main.yml`**: Contains main tasks like creating directories and configuration files.
-4. **`templates/log.config.j2`**: Template for the Matrix server's logging configuration.
-5. **`templates/homeserver.yaml.j2`**: Template for the main configuration file of the Matrix server.
-6. **`templates/docker-compose.yml.j2`**: Docker-Compose template for setting up the Matrix server and database.
-
-## Important Administration Commands
-
-- **Create Matrix Users**: 
-  ```
-  docker compose exec -it synapse register_new_matrix_user -u [Username] -p [Password] -a -c /data/homeserver.yaml http://localhost:8008
-  ```
-- **Execute Docker-Compose Commands**:
-  - Restart services: 
-    ```
-    docker-compose up -d --force-recreate
-    ```
-  - View logs:
-    ```
-    docker-compose logs
-    ```
-
 ## Cleanup 
 ```
 # Cleanup Database
@@ -70,6 +41,7 @@ For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/
 - https://cyberhost.uk/element-matrix-setup/
 - https://www.linode.com/docs/guides/how-to-install-the-element-chat-app/
 - https://hub.docker.com/r/vectorim/element-web
+- https://github.com/matrix-org/matrix-synapse-ldap3
 
 ## Links to ChatGPT Conversations
 

roles/docker-oauth2-proxy/templates/container.yml.j2

@@ -1,4 +1,4 @@
-{% if applications[application_id].oauth2_proxy.enabled | default(false) | bool %}
+{% if applications | get_oauth2_enabled(application_id) %}
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:{{applications.oauth2_proxy.version}}
     restart: {{docker_restart_policy}}

roles/docker-openproject/README.md

@@ -1,22 +1,8 @@
-# README.md for Docker OpenProject Role
+# OpenProject Role
 
 ## Overview
 
-This role is designed to deploy the OpenProject application using Docker. It includes tasks for setting up the environment, pulling the Docker repository, and configuring a reverse proxy with Nginx.
+This role is designed to deploy the [OpenProject](https://www.openproject.org/) application using Docker. It includes tasks for setting up the environment, pulling the Docker repository, and configuring a reverse proxy with Nginx. It was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)
-
-## Requirements
-
-- Ansible
-- Docker
-- Docker Compose
-- Access to the GitHub repository "opf/openproject-deploy"
-
-## Role Variables
-
-The role uses several variables, defined in `vars/main.yml`:
-
-- `repository_directory`: The directory for the OpenProject repository.
-- `docker_compose.directories.instance`: Directory for Docker Compose instances.
 
 ## Handlers
 
@@ -32,14 +18,6 @@ Outlined in `tasks/main.yml`, the role includes tasks for:
 - Warning if the repository is not reachable.
 - Copying the `.env` file from a template.
 
-## Templates
-
-`env.j2` in `templates/` folder is a Jinja2 template for the `.env` file, setting up environment variables for the OpenProject container.
-
-## Dependencies
-
-This role depends on `nginx-docker-reverse-proxy`, as defined in `meta/main.yml`.
-
 ## Usage
 
 To use this role, include it in your Ansible playbook and set the necessary variables, especially those required in the `.env` file template.

roles/docker-openproject/handlers/main.yml

@@ -6,11 +6,3 @@
   environment:
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600
-
-- name: rebuild openproject repository
-  command:
-    cmd: docker compose build 
-    chdir: "{{openproject_repository_service}}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
-    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-openproject/tasks/main.yml

@@ -7,12 +7,6 @@
   include_role: 
     name: nginx-domain-setup
 
-#- name: "include tasks update-repository-with-files.yml"
-#  include_tasks: update-repository-with-files.yml
-#  vars:
-#    detached_files: 
-#      - "docker-compose.yml"
-
 - name: "Create {{openproject_plugins_service}}"
   file:
     path: "{{openproject_plugins_service}}"
@@ -35,15 +29,9 @@
     - docker compose project setup
     - rebuild custom openproject docker image
 
-- name: pull docker repository
+- name: "include role docker-repository-setup for {{application_id}}"
-  git:
+  include_role: 
-    repo: "{{ repository_address }}"
+    name: docker-repository-setup
-    dest: "{{ openproject_repository_service }}"
-    update: yes
-  notify:
-    - docker compose project setup
-    - rebuild openproject repository
-  become: true
 
 - name: "create {{dummy_volume}}"
   file:

roles/docker-openproject/vars/main.yml

@@ -1,12 +1,10 @@
-application_id:                               "openproject"
+application_id:               "openproject"
-repository_address:                           "https://github.com/opf/openproject-deploy"
+docker_repository_address:    "https://github.com/opf/openproject-deploy"
-database_password:                            "{{openproject_database_password}}"
+database_password:            "{{openproject_database_password}}"
-database_type:                                "postgres"
+database_type:                "postgres"
-
-openproject_plugins_service:                  "{{docker_compose.directories.services}}plugins/"
-openproject_repository_service:               "{{docker_compose.directories.services}}repository/"
-custom_openproject_image:                     "custom_openproject"
 
+openproject_plugins_service:  "{{docker_compose.directories.services}}plugins/"
+custom_openproject_image:     "custom_openproject"
 
 # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
-dummy_volume:                                 "{{docker_compose.directories.volumes}}dummy_volume"
+dummy_volume:                 "{{docker_compose.directories.volumes}}dummy_volume"

roles/docker-portfolio/tasks/main.yml

@@ -7,17 +7,28 @@
   include_role: 
     name: nginx-domain-setup
 
-- name: "include tasks update-repository-with-files.yml"
+- name: "include role docker-repository-setup for {{application_id}}"
-  include_tasks: update-repository-with-files.yml
+  include_role: 
-  vars:
+    name: docker-repository-setup
-    detached_files: 
-      - "docker-compose.yml"
 
-- name: create {{docker_compose.directories.instance}}/app/config.yaml
+- name: Check if host-specific config.yaml exists
+  stat:
+    path: "{{ config_inventory_path }}"
+  register: config_file
+
+- name: Copy host-specific config.yaml if it exists
   copy:
-    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml"
+    src: "{{ config_inventory_path }}"
-    dest: "{{docker_compose.directories.instance}}/app/config.yaml"
+    dest: "{{docker_repository_path}}/app/config.yaml"
   notify: docker compose project setup
+  when: config_file.stat.exists
+
+- name: Copy default config.yaml from the role template if host-specific file does not exist
+  template:
+    src: "config.yaml.j2"
+    dest: "{{docker_repository_path}}/app/config.yaml"
+  notify: docker compose project setup
+  when: not config_file.stat.exists
 
 - name: add docker-compose.yml
   template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml

roles/docker-portfolio/templates/config.yaml.j2

@@ -0,0 +1,303 @@
+---
+accounts:
+  name: Online Presence
+  description: Discover {{ 'our' if person.type == 'legal' else 'my' }} online presence.
+  icon:
+      class: fa-solid fa-users
+  children:
+  - name: Publishing Channels
+    description: Platforms where I share content.
+    icon:
+      class: fas fa-newspaper
+    children:
+    - name: Microblogs
+      description: Stay updated with {{ 'our' if person.type == 'legal' else 'my' }} microblogs.
+      icon:
+        class: fa-solid fa-pen-nib
+      children:
+{% if person.contact.mastodon is defined %}
+      - name: Mastodon
+        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} updates on Mastodon.
+        icon:
+          class: fa-brands fa-mastodon
+        url: "https://{{ person.contact.mastodon.split('@')[2] }}/@{{ person.contact.mastodon.split('@')[1] }}"
+        identifier: "{{person.contact.mastodon}}"
+{% endif %}
+{% if person.contact.bluesky is defined %}
+      - name: Bluesky
+        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} on Bluesky.
+        icon:
+          class: fa-brands fa-bluesky
+        alternatives:
+        - link: accounts.publishingchannels.microblogs.mastodon
+        identifier: "{{person.contact.bluesky}}"
+{% endif %}
+{% if person.contact.pixelfed is defined %}
+    - name: Pictures
+      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} photo gallery on Pixelfed.
+      icon:
+          class: fa-solid fa-camera
+      identifier: "{{person.contact.pixelfed}}"
+      url: "https://{{ person.contact.pixelfed.split('@')[2] }}/@{{ person.contact.pixelfed.split('@')[1] }}"
+{% endif %}
+{% if person.contact.peertube is defined %}
+    - name: Peertube
+      description: Discover {{ 'our' if person.type == 'legal' else 'my' }} videos on Peertube.
+      icon:
+        class: fa-solid fa-video
+      identifier: "{{person.contact.peertube}}"
+      url: "https://{{ person.contact.peertube.split('@')[2] }}/@{{ person.contact.peertube.split('@')[1] }}"
+{% endif %}
+{% if person.contact.wordpress is defined %}
+    - name: Blog
+      description: Read {{ 'our' if person.type == 'legal' else 'my' }} articles and stories.
+      icon:
+          class: fa-solid fa-blog
+      identifier: "{{person.contact.wordpress}}"
+      url: "https://{{ person.contact.wordpress.split('@')[2] }}/@{{ person.contact.wordpress.split('@')[1] }}"
+{% endif %}
+{% if person.contact.code is defined %}
+    - name: Code
+      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} code.
+      icon:
+        class: fa-solid fa-code
+      url: "{{person.code}}"
+{% endif %}
+{% if person.contact.friendica is defined %}
+  - name: Social Networks
+    description: Visit {{ 'our' if person.type == 'legal' else 'my' }} friendica profile
+    icon:
+      class: fas fa-network-wired
+    identifier: "{{person.contact.friendica}}"
+    url: "https://{{ person.contact.friendica.split('@')[2] }}/@{{ person.contact.friendica.split('@')[1] }}"
+{% endif %}
+  - link: navigation.header.contact.messenger
+
+cards:
+- icon: 
+    source: https://cloud.veen.world/s/logo_agile_coach_512x512/download
+  title: Agile Coach
+  text: I lead agile transformations and improve team dynamics through Scrum, DevOps,
+    and Agile Coaching. My goal is to enhance collaboration and efficiency in organizations,
+    ensuring agile principles are effectively implemented for sustainable success.
+  url: https://www.agile-coach.world
+  link_text: www.agile-coach.world
+- icon: 
+    source: https://cloud.veen.world/s/logo_personal_coach_512x512/download
+  title: Personal Coach
+  text: Offering personalized coaching for growth and development, I utilize a blend
+    of hypnotherapy, mediation, and holistic techniques. My approach is tailored to
+    help you achieve personal and professional milestones, fostering holistic well-being.
+  url: https://www.personalcoach.berlin
+  link_text: www.personalcoach.berlin
+- icon: 
+    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
+  title: Yachtmaster
+  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
+    and voyage planning services. Whether you're learning to sail or need an experienced
+    skipper, my expertise ensures a safe and enjoyable experience on the water.
+  url: https://www.yachtmaster.world
+  link_text: www.yachtmaster.world
+- icon: 
+    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
+  title: Yachtmaster
+  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
+    and voyage planning services. Whether you're learning to sail or need an experienced
+    skipper, my expertise ensures a safe and enjoyable experience on the water.
+  url: https://www.yachtmaster.world
+  link_text: www.yachtmaster.world
+company:
+  titel: {{person.name}}
+  subtitel: {{person.description.subtitel}}
+  logo:
+    source: https://cloud.veen.world/s/logo_face_512x512/download
+  favicon:
+    source: https://cloud.veen.world/s/veen_world_favicon/download
+  address:
+{{ person.address | to_nice_yaml(indent=4) | indent(2) }}
+  imprint_url: https://s.veen.world/imprint
+navigation:
+  header:
+    children:
+    - link: accounts.publishingchannels.children
+    - link: accounts.socialnetworks
+    - name: Contact
+      description: Get in touch with {{ 'us' if person.type == 'legal' else 'me' }} 
+      icon:
+          class: fa-solid fa-envelope
+      children:
+{% if person.contact.email is defined %}
+      - name: Email
+        description: Send {{ 'us' if person.type == 'legal' else 'me' }} an email
+        icon:
+          class: fa-solid fa-envelope
+        url: mailto:{{person.contact.email}}
+        identifier: {{person.contact.email}}
+        alternatives:
+          - link: navigation.header.contact.messenger.matrix
+{% endif %}
+{% if person.contact.phone is defined %}
+      - name: Mobile
+        description: Call {{ 'us' if person.type == 'legal' else 'me' }}
+        icon:
+          class: fa-solid fa-phone
+        url: "tel:{{person.contact.phone}}"
+        identifier: "{{person.contact.phone}}"
+        target: _top
+{% endif %}
+{% if person.contact.matrix is defined %}
+      - name: Matrix
+        description: Chat with {{ 'us' if person.type == 'legal' else 'me' }} on Matrix
+        icon:
+          class: fa-solid fa-cubes
+        identifier: "{{person.contact.matrix}}"
+{% endif %}
+  footer:
+    children:
+    - link: accounts
+    - name: Solution Hub
+      description: Curated collection of self hosted tools
+      icon:
+          class: fa-solid fa-network-wired
+      url: 
+      children:
+      - name: Community
+        description: Tools to manage the community
+        icon:
+            class: fa-solid fa-users
+        children:
+{% if "discourse" in group_names %}
+        - name: Forum
+          description: Join the discussion
+          icon:
+            class: fa-brands fa-discourse
+          url: https://{{domains.discourse}}/
+{% endif %}
+{% if "moodle" in group_names %}
+        - name: Learning Platform
+          description: Learn with {{ 'our' if person.type == 'legal' else 'my' }} academy
+          icon:
+            class: fa-solid fa-graduation-cap
+          url: https://{{domains.moodle}}/
+{% endif %}
+{% if "listmonk" in group_names %}
+        - name: Newsletter
+          description: Subscribe to {{ 'our' if person.type == 'legal' else 'my' }} newsletter
+          icon:
+            class: fa-solid fa-envelope-open-text
+          url: https://{{domains.listmonk}}/subscription/form
+{% endif %}
+      - name: Project Management
+        description: Project Management Tools
+        icon:
+            class: fa-solid fa-chart-line
+        children:
+{% if "openproject" in group_names %}
+        - name: Open Project
+          description: Explore {{ 'our' if person.type == 'legal' else 'my' }} projects
+          icon:
+            class: fa-solid fa-tasks
+          url: https://{{domains.openproject}}/
+{% endif %}
+{% if "taiga" in group_names %}       
+        - name: Taiga
+          description: View {{ 'our' if person.type == 'legal' else 'my' }} Kanban board
+          icon:
+            class: bi bi-clipboard2-check-fill
+          url: https://{{domains.taiga}}/
+{% endif %}
+{% if "snipe_it" in group_names %}        
+        - name: Snipe IT
+          description: Manage {{ 'our' if person.type == 'legal' else 'my' }} inventory
+          icon:
+            class: fas fa-box-open
+          url: https://{{domains.snipe_it}}/
+{% endif %}          
+      - name: Communication
+        icon:
+          class: fa-solid fa-comments
+        children:
+{% if "matrix" in group_names %}   
+        - name: Elements
+          description: Chat with the world
+          icon:
+            class: fa-solid fa-comment
+          url: https://{{domains.matrix_element}}/
+{% endif %}
+{% if "bigbluebutton" in group_names %}             
+        - name: Big Blue Button
+          description: Join live events
+          icon:
+            class: fa-solid fa-video
+          url: https://{{domains.bigbluebutton}}/
+{% endif %}
+{% if "mailu" in group_names %}            
+        - name: Mailu
+          description: Send{{ 'our' if person.type == 'legal' else 'my' }}a mail
+          icon:
+            class: fa-solid fa-envelope
+          url: https://{{domains.mailu}}/
+{% endif %}
+      - name: Administration
+        icon:
+          class: fas fa-building
+        children:
+{% if "matomo" in group_names %}   
+        - name: Matomo
+          description: Analyze with Matomo
+          icon:
+            class: fa-solid fa-chart-simple
+          url: https://{{domains.matomo}}/
+{% endif %}
+{% if "phpmyadmin" in group_names %}   
+        - name: phpMyAdmin
+          description: Administrate MySQL and MariaDB databases
+          icon:
+            class: fas fa-database
+          url: https://{{domains.phpmyadmin}}/
+{% endif %}
+{% if "keycloak" in group_names %}   
+        - name: Keycloak
+          description: Manage User via Keycloak
+          icon:
+            class: fas fa-user-shield
+          url: https://{{domains.keycloak}}/admin
+{% endif %}
+{% if "ldap" in group_names %}   
+        - name: LDAP
+          description: Manage LDAP
+          icon:
+            class: fas fa-key
+          url: https://{{domains.ldap}}/
+{% endif %}
+      - name: Tools
+        icon:
+          class: fas fa-tools
+        children:
+{% if "baserow" in group_names %}   
+        - name: Baserow
+          description: Organize with Baserow
+          icon:
+            class: fa-solid fa-table
+          url: https://{{domains.baserow}}/    
+{% endif %}
+{% if "yourls" in group_names %}   
+        - name: Yourls
+          description: Create Shortlinks
+          icon:
+            class: bi bi-link
+          url: https://{{domains.yourls}}/admin/
+{% endif %}
+{% if "nextcloud" in group_names %}             
+        - name: Nextcloud
+          description: Access your cloud storage
+          icon:
+            class: fa-solid fa-cloud
+          url: https://{{domains.nextcloud}}/
+{% endif %}
+    - name: Imprint
+      description: Check out the imprint information
+      icon:
+          class: fa-solid fa-scale-balanced
+      url: https://s.veen.world/imprint
+  

roles/docker-portfolio/templates/docker-compose.yml.j2

@@ -1,14 +1,14 @@
 services:
   portfolio:
     build:
-      context: .
+      context: {{docker_repository_path}}
       dockerfile: Dockerfile
     image: application-portfolio
     container_name: portfolio
     ports:
       - 127.0.0.1:{{http_port}}:5000
     volumes:
-      - ./app:/app
+      - {{docker_repository_path}}app:/app
     restart: unless-stopped
 {% include 'templates/docker/container/networks.yml.j2' %}
     healthcheck:

roles/docker-portfolio/vars/main.yml

@@ -1,3 +1,3 @@
-application_id:         "portfolio"
+application_id:             "portfolio"
-repository_address:     "https://github.com/kevinveenbirkenbach/portfolio"
+docker_repository_address:  "https://github.com/kevinveenbirkenbach/portfolio"
-global_theming_enabled: true # Activate Global CSS for Portfolio
+config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml"

roles/docker-repository-setup/README.md

@@ -0,0 +1,50 @@
+# Docker Repository Setup 🚀
+
+This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose. 
+
+## Features 🔧
+
+- **Default Path Setup:**  
+  Automatically sets a default `docker_repository_path` if not already defined.
+
+- **Repository Management:**  
+  Clones or updates your Docker repository from a specified Git repository.
+
+- **Automated Build Trigger:**  
+  Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts.
+
+## Role Structure 📂
+
+- **Handlers:**  
+  - `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings.
+
+- **Tasks:**  
+  - Sets the default repository path if undefined.
+  - Pulls the latest code from the Docker repository.
+  - Notifies the Docker Compose project setup and triggers a repository rebuild.
+
+- **Meta:**  
+  - Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded.
+
+## Usage ⚙️
+
+Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`):
+
+- `docker_repository_address`: The Git repository URL of your Docker repository.
+- `docker_compose.directories.services`: The base directory where your Docker services are stored.  
+  The role will append `repository/` to this path to form `docker_repository_path`.
+
+If `docker_repository_path` is not defined, the role will automatically set it to:
+  
+```yaml
+"{{ docker_compose.directories.services }}repository/"
+```
+
+## Author
+
+Kevin Veen-Birkenbach  
+[https://www.veen.world](https://www.veen.world)
+
+---
+
+Happy deploying! 🚀🐳

roles/docker-repository-setup/handlers/main.yml

@@ -0,0 +1,7 @@
+- name: rebuild docker repository
+  command:
+    cmd:   docker compose build 
+    chdir: "{{docker_repository_path}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-repository-setup/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- docker-compose  # To load handlers and make dependencies visible

roles/docker-repository-setup/tasks/main.yml

@@ -0,0 +1,14 @@
+- name: Set default docker_repository_path if not defined
+  set_fact:
+    docker_repository_path: "{{docker_compose.directories.services}}repository/"
+  when: docker_repository_path is not defined
+
+- name: pull docker repository
+  git:
+    repo: "{{ docker_repository_address }}"
+    dest: "{{ docker_repository_path }}"
+    update: yes
+  notify:
+    - docker compose project setup
+    - rebuild docker repository
+  become: true

roles/docker-taiga/tasks/main.yml

@@ -7,13 +7,9 @@
   include_role: 
     name: nginx-domain-setup
 
-- name: pull docker repository
+- name: "include role docker-repository-setup for {{application_id}}"
-  git:
+  include_role: 
-    repo: "{{ repository_address }}"
+    name: docker-repository-setup
-    dest: "{{ docker_compose.directories.services }}"
-    update: yes
-  notify: docker compose project setup
-  become: true
 
 - name: "create {{docker_compose_init}}"
   template:

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -81,7 +81,7 @@ services:
     ports:
       - "127.0.0.1:{{http_port}}:80"
     volumes:
-      - {{docker_compose.directories.services}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
+      - {{docker_repository_path}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
       - static-data:/taiga/static
       - media-data:/taiga/media
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}

roles/docker-taiga/vars/main.yml

@@ -1,6 +1,6 @@
-application_id:       "taiga"
+application_id:              "taiga"
-database_type:        "postgres"
+database_type:               "postgres"
-database_password:    "{{taiga_database_password}}"
+database_password:           "{{taiga_database_password}}"
-repository_address:   "https://github.com/taigaio/taiga-docker"
+docker_repository_address:   "https://github.com/taigaio/taiga-docker"
-email_backend:        "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
+email_backend:               "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
-docker_compose_init:  "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
+docker_compose_init:         "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"

roles/docker-wordpress/vars/main.yml

@@ -3,11 +3,3 @@ wordpress_max_upload_size:  "64M"
 database_type:              "mariadb"
 database_password:  	      "{{wordpress_database_password}}"
 custom_wordpress_image:     "custom_wordpress"
-
-# Deactivate Global theming for wordpress role
-# due to the reason that wordpress has to much different themes
-# and one styling for all is not possible.
-#
-# May a solution could be to generate a template or css file dedicated
-# for wordpress based on the theming values and import it. 
-global_theming_enabled:     false 

roles/nginx-docker-reverse-proxy/templates/domain.conf.j2

@@ -2,7 +2,7 @@ server
 {
   server_name {{domain}};
 
-  {% if applications[application_id].oauth2_proxy.enabled | default(false) | bool %}
+  {% if applications | get_oauth2_enabled(application_id) %}
     {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
   {% endif %}
 
@@ -15,7 +15,7 @@ server
 
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
-  {% if applications[application_id].oauth2_proxy.enabled | default(false) %}
+  {% if applications | get_oauth2_enabled(application_id) %}
     {% if applications[application_id].oauth2_proxy.location is defined %}
       {# Exposed and Unprotected Location #}
       {% include 'proxy_pass.conf.j2' %}

roles/nginx-domain-setup/tasks/main.yml

@@ -22,4 +22,4 @@
 - name: "include the docker-oauth2-proxy role {{domain}}"
   include_role:
     name: docker-oauth2-proxy
-  when: applications[application_id].oauth2_proxy.enabled | default(false) | bool
+  when: applications | get_oauth2_enabled(application_id)

roles/nginx-modifier-all/README.md

@@ -7,10 +7,10 @@ This role enhances your Nginx configuration by conditionally injecting global Ma
 ## Features
 
 - **Global Matomo Tracking**  
-  When enabled (`global_matomo_tracking_enabled` is `true`), the role includes Matomo tracking configuration and injects the corresponding tracking script into your HTML.
+  The role includes Matomo tracking configuration and injects the corresponding tracking script into your HTML.
 
 - **Global Theming**  
-  When enabled (`global_theming_enabled` is `true`), the role injects a global CSS link for consistent theming across your site.
+  The role injects a global CSS link for consistent theming across your site.
 
 - **Smart Injection**  
   Uses Nginx's `sub_filter` to insert the tracking and theming snippets right before the closing `</head>` tag of your HTML documents.

roles/nginx-modifier-all/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-  - nginx-modifier-css # Just required to load once

roles/nginx-modifier-all/tasks/main.yml

@@ -1,3 +1,8 @@
+- name: "Activate Global CSS for {{domain}}"
+  include_role:
+    name: nginx-modifier-css
+  when: applications | get_css_enabled(application_id) 
+
 - name: "Activate Global Matomo Tracking for {{domain}}"
   include_role:
     name: nginx-modifier-matomo

roles/nginx-modifier-all/templates/global.includes.conf.j2

@@ -1,17 +1,17 @@
-# Allow multiple sub_filters
+{# Allow multiple sub_filters #}
 sub_filter_once off;
 sub_filter_types text/html;
 
 {% if global_matomo_tracking_enabled | bool %}
-  # Include Global Matomo Tracking
+  {# Include Global Matomo Tracking #}
   {% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %}
 {% endif %}
 
-{% if global_theming_enabled | bool or global_matomo_tracking_enabled | bool%}
+{% if applications | get_css_enabled(application_id) or global_matomo_tracking_enabled | bool%}
-  sub_filter '</head>' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if global_theming_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
+  sub_filter '</head>' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if applications | get_css_enabled(application_id) %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
 {% endif %}
 
-{% if global_theming_enabled | bool %}
+{% if applications | get_css_enabled(application_id) %}
-  # Include Global CSS Location
+  {# Include Global CSS Location #}
   {% include 'roles/nginx-modifier-css/templates/location.conf.j2' %}
 {% endif %}

roles/nginx-modifier-css/tasks/main.yml

@@ -1,3 +1,5 @@
+# Load this role via nginx-modifier-all for consistency
+
 - name: Ensure {{nginx.directories.global}} directory exists
   file:
     path: "{{nginx.directories.global}}"
@@ -5,7 +7,7 @@
     owner: "{{nginx.user}}"
     group: "{{nginx.user}}"
     mode: '0755'
-  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
+  when: run_once_nginx_global_css is not defined
 
 - name: Deploy global.css from template
   template:
@@ -14,18 +16,18 @@
     owner: "{{nginx.user}}"
     group: "{{nginx.user}}"
     mode: '0644'
-  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
+  when: run_once_nginx_global_css is not defined
 
 - name: Get stat for global.css destination file
   stat:
     path: "{{ global_css_destination }}"
   register: global_css_stat
-  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
+  when: run_once_nginx_global_css is not defined
 
 - name: Set global_css_version to file modification time
   set_fact:
     global_css_version: "{{ global_css_stat.stat.mtime }}"
-  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
+  when: run_once_nginx_global_css is not defined
 
 - name: Mark global css tasks as run once
   set_fact:

roles/nginx-modifier-matomo/tasks/main.yml

@@ -1,3 +1,5 @@
+# Load this role via nginx-modifier-all for consistency
+
 - name: "Relevant variables for role: {{ role_path | basename }}"
   debug:
     msg:

roles/nginx/tasks/main.yml

@@ -4,16 +4,6 @@
   notify: restart nginx
   when: run_once_nginx is not defined
 
-# I assume the following can be deleted
-# @todo Delete
-
-- name: install nginx-mod-headers-more for matomo
-  pacman: 
-    name: nginx-mod-headers-more
-    state: present
-  notify: restart nginx
-  when: run_once_nginx is not defined and global_matomo_tracking_enabled | bool
-
 - name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
   file:
     path: "{{ nginx.directories.configuration }}"

roles/nginx/templates/nginx.conf.j2

@@ -1,8 +1,3 @@
-{% if global_matomo_tracking_enabled | bool %}
-# @todo Assume this can be removed. Remove. 
-load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
-{% endif %}
-
 worker_processes auto;
 
 events
@@ -15,12 +10,12 @@ http
   include mime.types;
   default_type text/html;
 
-  # caching
+  {# caching #}
   proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache:20m max_size=20g inactive=14d use_temp_path=off;
 
-  # logging and debugging
+  {# logging and debugging #}
 {% if enable_debug | bool %}
-  # individual log format for better debugging
+  {# individual log format for better debugging #}
   log_format debug '$host - $remote_addr [$time_local] '
                   '"$request" $status $body_bytes_sent '
                   '"Referer: $http_referer" '
@@ -39,7 +34,7 @@ http
   sendfile on;
   keepalive_timeout 65;
 
-  # gzip
+  {# gzip #}
   gzip on;
   gzip_proxied any;
   gzip_vary on;

roles/update-docker/templates/update-docker.py.j2

@@ -124,9 +124,9 @@ def update_discourse(directory):
     """
     Updates Discourse by running the rebuild command on the launcher script.
     """
-    repository_directory = os.path.join(directory, "services", "{{applications.discourse.repository}}")
+    docker_repository_directory   = os.path.join(directory, "services", "{{applications.discourse.repository}}")
-    print(f"Using path {repository_directory} to pull discourse repository.")
+    print(f"Using path {docker_repository_directory } to pull discourse repository.")
-    os.chdir(repository_directory)
+    os.chdir(docker_repository_directory )
     if git_pull():
         print("Start Discourse update procedure.")
         update_procedure("docker stop {{applications.discourse.container}}")

tasks/update-repository-with-files.yml

@@ -4,7 +4,7 @@
 - name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
   ansible.builtin.set_fact:
     merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
-  when: applications[application_id].oauth2_proxy.enabled | default(false) | bool
+  when: applications | get_oauth2_enabled(application_id)
 
 - name: "backup detached files"
   command: >
@@ -21,10 +21,12 @@
     chdir: "{{docker_compose.directories.instance}}"
   ignore_errors: true
 
+# This could be replaced by include_role: docker-repository-setup
+# Attendize and Akaunting still use this. When you refactor this code replace this.
 - name: pull docker repository
   git:
-    repo: "{{ repository_address }}"
+    repo: "{{ docker_repository_address }}"
-    dest: "{{ repository_directory | default(docker_compose.directories.instance) }}"
+    dest: "{{ docker_repository_directory  | default(docker_compose.directories.instance) }}"
     update: yes
   notify: docker compose project setup
   become: true