Solved multiple bugs and propably produced 100 more.... Usual Nightshift...

group_vars/all/07_applications.yml

@@ -99,6 +99,7 @@ defaults_applications:
     webinterface:                     "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
     administrator_username:           "{{administrator_username}}"
     ldap_enabled:                     True                                      # Should have the same value as applications.ldap.openldap.network.local.
+    force_import:                     false                                     # Forces the import of the LDIF files when set to true
     oauth2_proxy:
       enabled:                        true                                      # Activate the OAuth2 Proxy for the LDAP Webinterface
       application:                    lam                                       # Needs to be the same as webinterface
@@ -122,9 +123,9 @@ defaults_applications:
     # I don't know why the database deactivation is necessary
     enable_central_database:          False                                     # Deactivate central database for mailu
     credentials:                                     
-#     secret_key:                                                               # Needs to be set in inventory file
+#     secret_key:                                                               # Set to a randomly generated 16 bytes string
 #     database_password:                                                        # Needs to be set in inventory file
-#     api_token:                                                                # Needs to be set in inventory file
+#     api_token:                                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
 
   ## MariaDB
   mariadb:
@@ -190,6 +191,7 @@ defaults_applications:
 #   database_password:    Null          # Needs to be set in inventory file
     oidc:
       enabled:            true          # Activate OIDC for Nextcloud
+    force_import:         False         # Forces the import of the LDIF files
 
   ## OAuth2 Proxy
   oauth2_proxy:

group_vars/all/11_iam.yml

@@ -42,6 +42,8 @@ ldap:
     bind:               "cn={{applications.ldap.administrator_username}},{{_ldap_dn_base}}"
     # Dn from which the users should be read
     users:              "ou=users,{{_ldap_dn_base}}"
+    # Dn for all application roles of the users
+    application_roles:  "ou=application_roles,{{_ldap_dn_base}}"
   # Password to access dn.bind
   bind_credential:      "{{applications.ldap.administrator_database_password}}"
   server:

group_vars/all/13_design.yml

@@ -2,8 +2,10 @@ defaults_design:
   enabled: true
   css:
     colors:
-      # General Colors
       base: "#001f3f"
     filters:
       saturation_change:  70
       hue_shift:          0
+  font:
+    import_url:   false
+    type:         '"Liberation Sans", Arial, sans-serif'

playbook.constructor.yml

@@ -45,9 +45,14 @@
     set_fact:
       service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"
 
-  - name: print oidc dict
+  - name: "Merged Variables"
+    # Add new merged variables here
     debug:
-      var: oidc
+      msg:
+        domains:              "{{domains}}"
+        applications:         "{{applications}}"
+        oidc:                 "{{oidc}}"
+        service_provider:     "{{service_provider}}"
     when: enable_debug | bool
 
 - name: update device

roles/docker-keycloak/templates/import/realm.json.j2

@@ -833,19 +833,20 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "secret": "{{oidc.client.secret}}",
-      "redirectUris": [
+      {%- set redirect_uris = [] %}
-        {%- for application, domain in domains.items() -%}
+      {%- for application, domain in domains.items() %}
-          {%- if applications[application] is defined and ( applications | get_oauth2_enabled(application) or applications | get_oidc_enabled(application)) -%}
+        {%- if applications[application] is defined and (applications | get_oauth2_enabled(application) or applications | get_oidc_enabled(application)) %}
-            {%- if domain is string -%}
+          {%- if domain is string %}
-              "https://{{ domain }}/*"{% if not loop.last %},{% endif %}
+            {%- set _ = redirect_uris.append("https://{}/*".format(domain)) %}
-            {%- else -%}
+          {%- else %}
-              {%- for d in domain -%}
+            {%- for d in domain %}
-                "https://{{ d }}/*"{% if not (loop.last and loop.parent.last) %},{% endif %}
+              {%- set _ = redirect_uris.append("https://{}/*".format(d)) %}
-              {%- endfor -%}
+            {%- endfor %}
-            {%- endif -%}
+          {%- endif %}
-          {%- endif -%}
+        {%- endif %}
-        {%- endfor -%}
+      {%- endfor %}
-      ],
+      
+      "redirectUris": {{ redirect_uris | tojson }},
       "webOrigins": [
         "https://*.{{primary_domain}}"
       ],

roles/docker-ldap/README.md

@@ -36,6 +36,7 @@ docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'c
 
 ### MemberOf
 ```bash
+# Activate
 ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
 dn: cn=module{0},cn=config
 changetype: modify
@@ -43,6 +44,9 @@ add: olcModuleLoad
 olcModuleLoad: /opt/bitnami/openldap/lib/openldap/memberof.so
 EOF
 
+# Verify
+ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config" olcModuleLoad
+
 ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
 dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
 objectClass: olcOverlayConfig
@@ -104,6 +108,8 @@ The following directories are mounted in the container:
 - [Bitnami OpenLDAP](https://hub.docker.com/r/bitnami/openldap)
 - [phpLDAPadmin Documentation](https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container)
 - [LDAP Account Manager](https://github.com/LDAPAccountManager/docker)
+- [RBAC](https://www.entrust.com/de/resources/learn/what-is-role-based-access-control#:~:text=Rollenbasierte%20Zugriffskontrolle%20(Role%2Dbased%20Access,eine%20Ressource%20gew%C3%A4hrt%20werden%20soll.)
+- [RBAC Wikipedia](https://de.wikipedia.org/wiki/Role_Based_Access_Control)
 ---
 
 

roles/docker-ldap/handlers/main.yml

@@ -2,6 +2,7 @@
   shell: >
     docker exec -i openldap ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}01_member_of_configuration.ldif
   listen: "Import LDIF files"
+  ignore_errors: true # @todo check if this works
 
 - name: Refint Module Activation for OpenLDAP
   shell: >
@@ -9,6 +10,7 @@
   listen: "Import LDIF files"
   register: ldapadd_result
   failed_when: ldapadd_result.rc not in [0, 68]
+  ignore_errors: true # @todo check if this works
 
 - name: Refint Overlay Configuration for OpenLDAP
   shell: >
@@ -16,12 +18,15 @@
   listen: "Import LDIF files"
   register: ldapadd_result
   failed_when: ldapadd_result.rc not in [0, 68]
+  ignore_errors: true # @todo check if this works
 
-- name: "Import Access Roles to OpenLDAP"
+- name: "Import users, groups, etc. to LDAP"
   shell: >
-    docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}04_access_profiles.ldif"
+    docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}import/{{ item | basename | regex_replace(r'\.j2$', '') }}"
   register: ldapadd_result
   changed_when: "'adding new entry' in ldapadd_result.stdout"
   # Allow return code 0 (all entries added) or 68 (entry already exists)
   failed_when: ldapadd_result.rc not in [0, 68]
   listen: "Import LDIF files"
+  ignore_errors: true
+  loop: "{{ lookup('fileglob', role_path ~ '/templates/ldif/import/*.j2', wantlist=True) }}"

roles/docker-ldap/tasks/create_ldif_files.yml

@@ -0,0 +1,7 @@
+- name: "Create LDIF files at {{ ldif_host_path }}/{{ folder }}"
+  template:
+    src: "{{ item }}"
+    dest: "{{ ldif_host_path }}/{{ folder }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    mode: '770'
+  loop: "{{ lookup('fileglob', role_path ~ '/templates/ldif/' ~ folder ~ '/*.j2', wantlist=True) }}"
+  notify: Import LDIF files

roles/docker-ldap/tasks/main.yml

@@ -27,9 +27,6 @@
     ipam_config:
       - subnet: "{{ networks.local.central_ldap.subnet }}"
 
-- name: "copy docker-compose.yml and env file"
-  include_tasks: copy-docker-compose-and-env.yml
-
 - name: "create {{docker_compose.directories.env}}phpldapadmin.env"
   template: 
     src:  "phpldapadmin.env.j2" 
@@ -48,19 +45,23 @@
   notify: docker compose project setup
   when: applications.ldap.webinterface == 'lam'
 
-- name: flush docker service
+- name: "copy docker-compose.yml and env file"
-  meta: flush_handlers
+  include_tasks: copy-docker-compose-and-env.yml
 
-- name: "create directory {{ldif_host_path}}"
+- name: "create directory {{ldif_host_path}}{{item}}"
   file:
-    path: "{{ldif_host_path}}"
+    path: "{{ldif_host_path}}{{item}}"
     state: directory
     mode: 0755
+  loop: "{{ldif_types}}"
 
-- name: "Create LDIF files at {{ ldif_host_path }}"
+- name: "Process all LDIF types"
-  template:
+  include_tasks: create_ldif_files.yml
-    src: "{{ item }}"
+  loop: "{{ ldif_types }}"
-    dest: "{{ ldif_host_path }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+  loop_control:
-    mode: '770'
+    loop_var: folder
-  loop: "{{ lookup('fileglob', '{{ role_path }}/templates/ldif/*.j2', wantlist=True) }}"
+
+- name: Force LDIF files import
+  command: /bin/true
   notify: Import LDIF files
+  when: applications.ldap.force_import | bool

roles/docker-ldap/templates/docker-compose.yml.j2

@@ -10,14 +10,14 @@ services:
 {% if applications.ldap.webinterface == 'lam' %}
     image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}      # Dies ist das Docker-Image für LAM
     ports:
-      - 127.0.0.1:{{http_port}}:80 
+      - 127.0.0.1:{{ports.localhost.http.ldap}}:80 
     env_file:
       - "{{docker_compose.directories.env}}lam.env"
 
 {% elif applications.ldap.webinterface == 'phpldapadmin' %}
     image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
     ports:
-      - 127.0.0.1:{{http_port}}:8080
+      - 127.0.0.1:{{ports.localhost.http.ldap}}:8080
     env_file:
       - "{{docker_compose.directories.env}}phpldapadmin.env"
 {% endif %}

roles/docker-ldap/templates/ldif/04_access_roles.ldif.j2

@@ -1,57 +0,0 @@
-#######################################################################
-# This file contains the CyMaIS default roles (converted to posix groups)
-# Roles define which kind of rights users have.
-#######################################################################
-
-#######################################################################
-# Generic container for IT roles
-#######################################################################
-dn: {{dn_roles}}
-objectClass: organizationalUnit
-ou: roles
-description: Container for IT access profiles (for rights management)
-
-#######################################################################
-# Role: Super Administrator
-#######################################################################
-dn: cn=superadministrator,{{dn_roles}}
-objectClass: posixGroup
-cn: superadministrator
-gidNumber: 1000
-description: Role: Super Administrator – has full control over all systems and settings.
-
-#######################################################################
-# Role: Administrator
-#######################################################################
-dn: cn=administrator,{{dn_roles}}
-objectClass: posixGroup
-cn: administrator
-gidNumber: 1001
-description: Role: Administrator – responsible for overall system management and configuration.
-
-#######################################################################
-# Role: Manager
-#######################################################################
-dn: cn=manager,{{dn_roles}}
-objectClass: posixGroup
-cn: manager
-gidNumber: 1002
-description: Role: Manager – oversees operations, approves changes, and coordinates teams.
-
-#######################################################################
-# Role: Moderator
-#######################################################################
-dn: cn=moderator,{{dn_roles}}
-objectClass: posixGroup
-cn: moderator
-gidNumber: 1003
-description: Role: Moderator – monitors activity and handles conflict resolution.
-
-#######################################################################
-# Role: User
-#######################################################################
-dn: cn=user,{{dn_roles}}
-objectClass: posixGroup
-cn: user
-gidNumber: 1004
-description: Role: User - Uses the software

roles/docker-ldap/templates/ldif/configuration/README.md

@@ -0,0 +1 @@
+This folder contains configuration files where a specific logic needs to be applied.

roles/docker-ldap/templates/ldif/import/01_application_roles.ldif.j2

@@ -0,0 +1,29 @@
+
+#######################################################################
+# Generic container for Application roles
+#######################################################################
+dn: {{ldap.dn.application_roles}}
+objectClass: organizationalUnit
+ou: roles
+description: Container for application access profiles
+
+{# 
+  This template generates two LDIF entries for each application in defaults_applications:
+  one for the administrator role and one for the standard user role.
+  Please adjust the base DN (dc=example,dc=com) and other attributes as necessary.
+#}
+
+{% for app, config in defaults_applications.items() %}
+dn: cn={{ app }}-administrator,{{ldap.dn.application_roles}}
+objectClass: top
+objectClass: organizationalRole
+cn: {{ app }}-administrator
+description: Administrator role for {{ app }} (automatically generated)
+
+dn: cn={{ app }}-user,{{ldap.dn.application_roles}}
+objectClass: top
+objectClass: organizationalRole
+cn: {{ app }}-user
+description: Standard user role for {{ app }} (automatically generated)
+
+{% endfor %}

roles/docker-ldap/templates/ldif/import/02_users.ldif.j2

@@ -0,0 +1,39 @@
+#######################################################################
+# Container for Application Roles (if not already created)
+#######################################################################
+dn: {{ ldap.dn.application_roles }}
+objectClass: organizationalUnit
+ou: roles
+description: Container for application access profiles
+
+#######################################################################
+# Create Admin User
+#######################################################################
+dn: uid={{administrator_username}},{{ldap.dn.users}}
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+uid: {{administrator_username}}
+sn: Administrator
+cn: Administrator
+userPassword: {SSHA}CHANGE_THIS_PASSWORD
+loginShell: /bin/bash
+homeDirectory: /home/admin
+
+#######################################################################
+# Add Admin User to All Application Role Groups
+#######################################################################
+{# Loop over each application defined in defaults_applications #}
+{% for app, config in defaults_applications.items() %}
+
+dn: cn={{ app }}-administrator,{{ ldap.dn.application_roles }}
+changetype: modify
+add: roleOccupant
+roleOccupant: uid={{administrator_username}},{{ldap.dn.users}}
+
+dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
+changetype: modify
+add: roleOccupant
+roleOccupant: uid={{administrator_username}},{{ldap.dn.users}}
+
+{% endfor %}

roles/docker-ldap/templates/ldif/import/README.md

@@ -0,0 +1 @@
+This folder contains files which are importet via ldapadd without any specific logic

roles/docker-ldap/vars/main.yml

@@ -2,15 +2,11 @@ application_id:       "ldap"
 ldaps_docker_port:    636
 ldap_docker_port:     389
 
-enable_wildcard_certificate:  false # Activate dedicated Certificate
+enable_wildcard_certificate:  false # Deactivate dedicated Certificate
-
-# Configuration for ldif import
-ldif_files:
-  - "01_member_of_configuration.ldif"
-  - "02_member_of_configuration.ldif"
-  - "03_member_of_configuration.ldif"
-  - "04_access_profiles.ldif"
 
 ldif_host_path:             "{{docker_compose.directories.volumes}}ldif/"
 ldif_docker_path:           "/tmp/ldif/"
-dn_roles:           "ou=access_roles,{{ldap.dn.root}}"
+ldap.dn.application_roles:  "ou=application_roles,{{ldap.dn.root}}"
+ldif_types:
+  - configuration
+  - import 

roles/docker-mailu/templates/env.j2

@@ -1,6 +1,5 @@
 # Mailu main configuration file
 #
-# This file is autogenerated by the configuration management wizard for compose flavor.
 # For a detailed list of configuration variables, see the documentation at
 # https://mailu.io
 
@@ -145,6 +144,7 @@ LOG_LEVEL=WARNING
 SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 
+# Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
 API_TOKEN={{applications.mailu.credentials.api_token}}
 
 # Activated https://mailu.io/master/configuration.html#advanced-settings

roles/docker-matomo/tasks/main.yml

@@ -1,20 +1,4 @@
 ---
-- name: check if matomo is up
-  uri:
-    url: "https://{{ domains.matomo }}/"
-    method: GET
-    return_content: yes
-    status_code: 200
-    validate_certs: yes
-  register: site_check
-  ignore_errors: yes
-  when: run_once_docker_matomo is not defined
-
-- name: "Determine global_matomo_tracking_enabled based on current value and site reachability"
-  set_fact:
-    global_matomo_tracking_enabled: "{{ (global_matomo_tracking_enabled | bool) and (site_check is defined and site_check.status == 200) }}"
-  when: run_once_docker_matomo is not defined
-
 - name: "include docker-central-database"
   include_role: 
     name: docker-central-database

roles/docker-matomo/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     image: matomo:{{applications.matomo.version}}
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http.matomo}}:80"
     volumes:
       - data:/var/www/html
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

roles/docker-matomo/vars/main.yml

@@ -2,7 +2,10 @@
 application_id:  	  "matomo"
 database_type:      "mariadb"
 database_password:  "{{applications.matomo.database_password}}"
-domain:             "{{domains.matomo}}"            # Don't know if this is still necessary
 
-# Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary
+# I don't know if this is still necessary
+domain:             "{{domains.matomo}}"                         
+
+# Disable matomo tracking, because otherwise recursiv loading technics would be neccessary
+# This is the default value and it will be overwritten by set fact in main.yml
 global_matomo_tracking_enabled: false 

roles/docker-portfolio/tasks/main.yml

@@ -11,13 +11,15 @@
   include_role: 
     name: docker-repository-setup
 
-- name: Check if host-specific config.yaml exists
+- name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
   stat:
     path: "{{ config_inventory_path }}"
+  delegate_to: localhost
+  become: false
   register: config_file
 
 - name: Copy host-specific config.yaml if it exists
-  copy:
+  template:
     src: "{{ config_inventory_path }}"
     dest: "{{docker_repository_path}}/app/config.yaml"
   notify: docker compose project setup

roles/docker-portfolio/templates/config.yaml.j2

@@ -16,7 +16,8 @@ accounts:
       icon:
         class: fa-solid fa-pen-nib
       children:
-{% if service_provider.contact.mastodon is defined %}
+{% if service_provider.contact.mastodon is defined and service_provider.contact.mastodon != "" %}
+
 
       - name: Mastodon
         description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} updates on Mastodon.
@@ -26,7 +27,8 @@ accounts:
         identifier: "{{service_provider.contact.mastodon}}"
 
 {% endif %}
-{% if service_provider.contact.bluesky is defined %}
+{% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
+
 
       - name: Bluesky
         description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} on Bluesky.
@@ -37,7 +39,7 @@ accounts:
         identifier: "{{service_provider.contact.bluesky}}"
 
 {% endif %}
-{% if service_provider.contact.pixelfed is defined %}
+{% if service_provider.contact.pixelfed  is defined and service_provider.contact.pixelfed  != "" %}
 
     - name: Pictures
       description: Explore {{ 'our' if service_provider.type == 'legal' else 'my' }} photo gallery on Pixelfed.
@@ -47,7 +49,8 @@ accounts:
       url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
 
 {% endif %}
-{% if service_provider.contact.peertube is defined %}
+{% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
+
 
     - name: Peertube
       description: Discover {{ 'our' if service_provider.type == 'legal' else 'my' }} videos on Peertube.
@@ -57,7 +60,8 @@ accounts:
       url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
 
 {% endif %}
-{% if service_provider.contact.wordpress is defined %}
+{% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
+
 
     - name: Blog
       description: Read {{ 'our' if service_provider.type == 'legal' else 'my' }} articles and stories.
@@ -67,7 +71,8 @@ accounts:
       url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
 
 {% endif %}
-{% if service_provider.legal.source_code is defined %}
+{% if service_provider.contact.source_code is defined and service_provider.contact.source_code != "" %}
+
     
     - name: Our Code
       description: Explore {{ 'our' if service_provider.type == 'legal' else 'my' }} code.
@@ -76,7 +81,8 @@ accounts:
       url: "{{service_provider.legal.source_code}}"
 
 {% endif %}
-{% if service_provider.contact.friendica is defined %}
+{% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %}
+
 
   - name: Social Network
     description: Visit {{ 'our' if service_provider.type == 'legal' else 'my' }} friendica profile
@@ -297,7 +303,7 @@ cards:
     class: "fa-solid fa-satellite-dish"
   title: "Matrix"
   text: "Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. Enjoy an innovative ecosystem that energizes your digital interactions and connects you globally."
-  url: https://{{domains.matrix}}
+  url: https://{{domains.matrix_synapse}}
   link_text: "Connect on Matrix Now!"
 
 {% endif %}

roles/docker-portfolio/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:             "portfolio"
 docker_repository_address:  "https://github.com/kevinveenbirkenbach/portfolio"
-config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml"
+config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"

roles/docker/README.md

@@ -21,8 +21,9 @@ docker volume rm $(docker volume ls -q -f "dangling=true")
 docker stop $(docker ps -a -q)
 docker rm $(docker ps -a -q)
 docker network prune -f
-sudo iptables -t nat -F DOCKER
+systemctl stop docker
-sudo iptables -t nat -F DOCKER-USER
+rm -fv /var/lib/docker/network/files/local-kv.db
+systemctl start docker
 ```
 
 ---

roles/nginx-modifier-css/templates/global.css.j2

@@ -8,6 +8,11 @@ HINT:
 
 */
 
+{% if design.font.import_url %}
+@import url('{{design.font.import_url}}');
+{% endif %}
+
+
 :root {
     /** Derived Colors from the Base Color **/
     {% for i in range(1, 100) %}
@@ -435,6 +440,9 @@ HINT:
   --pf-v5-global--icon--Color--light--dark:    var(--color-40);
   --pf-v5-global--icon--Color--dark--dark:     var(--color-10);
 
+  {# Additional Configuration #}
+  --pf-v5-c-button--m-tertiary--BackgroundColor: var(--color-62);
+
 }
 
 /* Additional Keykloak Configuration */
@@ -517,10 +525,43 @@ div.modal div.modal-content {
 }
 
 /** Peertube **/
-:root {
+body#custom-css {
-    --mainColor: var(--color-50);
+    --mainColor: var(--color-60); /* Original tone: hsl(24, 90%, 50%) – vibrant orange */
+    --mainColorLighter: var(--color-70); /* Original tone: #f5873d – lighter orange */
+    --mainColorLightest: var(--color-90); /* Original tone: #fce1cf – very light orange/beige */
+    --mainColorVeryLight: var(--color-95); /* Original tone: #fff5eb – almost white */
+    --mainHoverColor: var(--color-64); /* Original tone: #f47825 – hover orange */
+    --mainBackgroundHoverColor: var(--color-92); /* Original tone: #e9ecef – light gray */
+    --mainBackgroundColor: var(--color-99); /* Original tone: #fff – white */
+    --mainForegroundColor: var(--color-10); /* Original tone: #212529 – dark gray/black */
+    --greyForegroundColor: var(--color-50); /* Original tone: #585858 – medium gray */
+    --greyBackgroundColor: var(--color-90); /* Original tone: #E5E5E5 – light gray */
+    --greySecondaryBackgroundColor: var(--color-91); /* Original tone: #EFEFEF – very light gray */
+    --menuBackgroundColor: var(--color-01); /* Original tone: #000 – black */
+    --menuForegroundColor: var(--color-99); /* Original tone: #fff – white */
+    --submenuBackgroundColor: var(--color-95); /* Original tone: #F7F7F7 – off-white/light gray */
+    --channelBackgroundColor: var(--color-93); /* Original tone: #f6ede8 – warm light beige */
+    --inputForegroundColor: var(--color-10); /* Original tone: #212529 – dark gray */
+    --inputBackgroundColor: var(--color-99); /* Original tone: #fff – white */
+    --inputPlaceholderColor: var(--color-55); /* Original tone: #797676 – medium gray */
+    --inputBorderColor: var(--color-80); /* Original tone: #C6C6C6 – light gray */
+    --textareaForegroundColor: var(--color-10); /* Original tone: #212529 – dark gray */
+    --textareaBackgroundColor: var(--color-99); /* Original tone: #fff – white */
+    --markdownTextareaBackgroundColor: var(--color-91); /* Original tone: #EFEFEF – very light gray */
+    --actionButtonColor: var(--color-50); /* Original tone: #585858 – medium gray */
+    --supportButtonBackgroundColor: transparent; /* Original tone: transparent */
+    --supportButtonColor: var(--actionButtonColor); /* Original tone: same as actionButtonColor (#585858) */
+    --activatedActionButtonColor: var(--color-10); /* Original tone: #212529 – dark gray */
+    color: var(--mainForegroundColor);
+    background-color: var(--mainBackgroundColor);
 }
 
+div.searchbox input.autocomplete-input{
+    background-position: 12px;
+    background-repeat: no-repeat;
+}
+
+
 /** Pixelfed **/
 
 :root {
@@ -561,10 +602,10 @@ div.modal div.modal-content {
 /* Global Defaults (Colors Only) */
 body, html[native-dark-active] {
     background-color: var(--color-93);
-    background: linear-gradient(45deg, var(--color-93), var(--color-91), var(--color-95), var(--color-93));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-93), var(--color-91), var(--color-95), var(--color-93));
+    background-attachment: fixed;
     color: var(--color-40);
-    /* Use the corporate-design font family */
+    font-family: {{design.font.type}};
-    font-family: "Liberation Sans", Arial, sans-serif;
 }
 
 {# All links (applies to all anchor elements regardless of state) #}
@@ -592,14 +633,9 @@ a:active {
     color: var(--color-65);
 }
 
-/* Buttons (Background, Text, Border, and Shadow)
+/** Set default buttons transparent **/ 
-   Now using a button background that is only slightly darker than the overall background */
+html[native-dark-active] button, button{
-html[native-dark-active] button, html[native-dark-active] .btn, button, .btn {
      background-color: var(--color-87);
-    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-70), var(--color-91), var(--color-95), var(--color-95));
-    color: var(--color-50);
-    border-color: var(--color-80);
-    cursor: pointer;
 }
 
 button:hover, .btn:hover {
@@ -685,7 +721,7 @@ input:out-of-range,
 textarea:out-of-range,
 select:out-of-range {
     background-color: var(--color-10);
-    background: linear-gradient(45deg, var(--color-10), var(--color-30));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-10), var(--color-30));
     color: var(--color-10);
     border-color: var(--color-50);
 }
@@ -695,7 +731,7 @@ input:placeholder-shown,
 textarea:placeholder-shown,
 select:placeholder-shown {
     background-color: var(--color-82);
-    background: linear-gradient(45deg, var(--color-82), var(--color-90));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-82), var(--color-90));
     color: var(--color-40);
     border-color: var(--color-70);
 }
@@ -705,7 +741,7 @@ input:focus,
 textarea:focus,
 select:focus {
     background-color: var(--color-75);
-    background: linear-gradient(45deg, var(--color-75), var(--color-85));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-75), var(--color-85));
     color: var(--color-40);
     border-color: var(--color-50);
 }
@@ -715,7 +751,7 @@ input:hover,
 textarea:hover,
 select:hover {
     background-color: var(--color-78);
-    background: linear-gradient(45deg, var(--color-78), var(--color-88));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-78), var(--color-88));
     color: var(--color-40);
     border-color: var(--color-65);
 }
@@ -725,7 +761,7 @@ input:active,
 textarea:active,
 select:active {
     background-color: var(--color-68);
-    background: linear-gradient(45deg, var(--color-68), var(--color-78));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-68), var(--color-78));
     color: var(--color-40);
     border-color: var(--color-60);
 }
@@ -733,7 +769,7 @@ select:active {
 /* {# Checked state: specifically for radio buttons and checkboxes when selected. #} */
 input:checked {
     background-color: var(--color-90);
-    background: linear-gradient(45deg, var(--color-90), var(--color-99));
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-90), var(--color-99));
     color: var(--color-40);
     border-color: var(--color-70);
 }
@@ -755,6 +791,16 @@ h1, h2, h3, h4, h5, h6, p{
     color: var(--color-10);
 }
 
+/* Buttons (Background, Text, Border, and Shadow)
+   Now using a button background that is only slightly darker than the overall background */
+html[native-dark-active] .btn, .btn {
+    background-color: var(--color-87);
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-70), var(--color-91), var(--color-95), var(--color-95));
+    color: var(--color-50);
+    border-color: var(--color-80);
+    cursor: pointer;
+}
+
 /* Navigation (Background and Text Colors) */
 .navbar, .navbar-light, .navbar-dark {
     background-color: var(--color-90);
@@ -819,9 +865,7 @@ div#app header, div#app header *{
 
 /** LAM Specific **/
 .lam-vertical-tabs-navigation li, .lam-vertical-tabs-navigation{
-    background-color: transparent;
+    background-color: transparent !important;
-    /* New Gradient with transparent values */
-    background: linear-gradient({{ range(0, 361) | random }}deg, transparent, transparent, transparent, transparent);
     border-color:     transparent;
 }
 
@@ -867,10 +911,12 @@ html.ng-csp header#header{
     color: var(--color-90);
 }
 
+.files-list__row-name button, button.button-vue{
+    background: transparent;
+}
+
 html.ng-csp div#postsetupchecks ul.info{
     background-color: transparent;
-    /* New Gradient with transparent values */
-    background: linear-gradient({{ range(0, 361) | random }}deg, transparent, transparent, transparent, transparent);
 }
 
 div#mastodon .column-link{
@@ -920,15 +966,6 @@ header.op-app-header{
 /** Open Project **/
 div#wrapper button, div#wrapper input, button.top-menu-search-button, div.menu-sidebar a{
     background-color: transparent;
-    /* New Gradient with transparent values */
-    background: linear-gradient({{ range(0, 361) | random }}deg, transparent, transparent, transparent, transparent);
-}
-
- /* Peertube specific configuration */
-.peertube-container button {
-    background-color: transparent;
-    /* New Gradient with transparent values */
-    background: linear-gradient({{ range(0, 361) | random }}deg, transparent, transparent, transparent, transparent);
 }
 
 /* Pixelfed */
@@ -941,8 +978,6 @@ div.page-wrapper{
 
 section.main.kanban{
     background-color: transparent;
-    /* New Gradient with transparent values */
-    background: linear-gradient({{ range(0, 361) | random }}deg, transparent, transparent, transparent, transparent);
 }
 
 div.master, div.kanban-header, div.kanban-table-inner, section.kanban button,a.dropdown-project-list-projects{

tasks/copy-docker-compose-and-env.yml

@@ -14,7 +14,7 @@
   notify: docker compose project setup
   register: env_template
 
-- name: Check if docker compose has any running container and trigger setup if needed
+- name: "Check if any container is running in {{ docker_compose.directories.instance }}"
   command: docker compose ps -q --filter status=running
   args:
     chdir: "{{ docker_compose.directories.instance }}"
@@ -22,3 +22,6 @@
   changed_when: (docker_ps.stdout | trim) == ""
   notify: docker compose project setup
   when: not (docker_compose_template.changed or env_template.changed)
+
+- name: flush docker compose project setup
+  meta: flush_handlers

templates/docker/compose/networks.yml.j2

@@ -4,7 +4,7 @@ networks:
   central_{{ database_type }}:
     external: true
 {% endif %}
-{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %}
+{% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %}
   central_ldap:
     external: true
 {% endif %}

templates/docker/container/depends-on-also-database.yml.j2

@@ -1,4 +1,4 @@
-# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers
+{# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers #}
     depends_on:
 {% if not enable_central_database | bool %}
       database:

templates/docker/container/depends-on-database-redis.yml.j2

@@ -1,4 +1,4 @@
-# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes
+{# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #}
     depends_on:
 {% if not enable_central_database | bool %}
       database:

templates/docker/container/depends-on-just-database.yml.j2

@@ -1,4 +1,4 @@
-# This template needs to be included in docker-compose.yml containers, which just depend on a database
+{# This template needs to be included in docker-compose.yml containers, which just depend on a database #}
 {% if not enable_central_database | bool %}
     depends_on:
       database:

templates/docker/container/networks.yml.j2

@@ -1,9 +1,9 @@
-# This template needs to be included in docker-compose.yml containers
+{# This template needs to be included in docker-compose.yml containers #}
     networks:
 {% if enable_central_database | bool and database_type is defined %}
       central_{{ database_type }}:
 {% endif %}
-{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %}
+{% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %}
       central_ldap:
 {% endif %}
       default: