Restricted taiga port 80 to 127.0.0.1

Implemented static IP's to solve fastcgi bug in nextcloud. https://chatgpt.com/c/67aa957f-03fc-800f-b092-9b219e36c260
Optimized networking and matomo
2025-06-28 21:25:31 +02:00 · 2025-02-11 05:27:39 +01:00 · 2025-02-11 05:01:20 +01:00 · 2025-02-11 04:49:21 +01:00 · 2025-02-11 01:38:24 +01:00 · 2025-02-11 01:04:25 +01:00
23 changed files with 107 additions and 252 deletions
--- a/playbook.servers.yml
+++ b/playbook.servers.yml
@ -13,7 +13,36 @@
    - health-btrfs
    - system-btrfs-auto-balancer
-# Docker Roles
+#########################################################################
 ### Docker Roles                                                      ###
 #########################################################################
 # Priority: 1
 # Almost all other roles depend on the Matomo tracking
 - hosts: all
  tasks:
    - name: "setup matomo hosts if matomo hosts set or global_matomo_tracking_enabled"
      include_role:
        name: docker-matomo
      when: "'matomo' in group_names or (global_matomo_tracking_enabled | bool)"
  become: true
 # Priority: 2
 # Much other roles rely on a working ldap setup
 - name: setup ldap
  hosts: ldap
  become: true
  roles:
   -  role: docker-ldap
 # Priority: 3
 # Much other roles use OICD via Keycloak
 - name: setup keycloak
  hosts: keycloak
  become: true
  roles:
   -  role: docker-keycloak
 - name: setup nextcloud hosts
  hosts: nextcloud_server
  become: true
@ -122,12 +151,6 @@
  roles:
   -  role: docker-baserow
 - name: setup matomo hosts
  hosts: matomo
  become: true
  roles:
   -  role: docker-matomo
 - name: setup listmonk
  hosts: listmonk
  become: true
@ -197,18 +220,6 @@
  roles:
   -  role: docker-bluesky
 - name: setup keycloak
  hosts: keycloak
  become: true
  roles:
   -  role: docker-keycloak
 - name: setup ldap
  hosts: ldap
  become: true
  roles:
   -  role: docker-ldap
 - name: setup PHPMyAdmin
  hosts: phpmyadmin
  become: true
--- a/roles/docker-bigbluebutton/handlers/main.yml
+++ b/roles/docker-bigbluebutton/handlers/main.yml
@ -61,7 +61,7 @@
 - name: docker compose up bigbluebutton
  command:
-    cmd: docker-compose -p bigbluebutton up -d --force-recreate 
+    cmd: "docker-compose -p bigbluebutton up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    # Don't use the --build flag here. This leads to bugs
    chdir: "{{docker_compose.directories.instance}}"
  environment:
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -11,7 +11,7 @@
 # default setup for docker compose files
 - name: docker compose project setup
  command:
-    cmd: docker-compose -p "{{application_id}}" up -d --force-recreate
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
@ -22,7 +22,7 @@
 # for performance reasons it's not recommended to use this if there is no build tag specified
 - name: docker compose project build and setup 
  command:
-    cmd: docker-compose -p "{{application_id}}" up -d --force-recreate --build
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --build{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
--- a/roles/docker-funkwhale/templates/docker-compose.yml.j2
+++ b/roles/docker-funkwhale/templates/docker-compose.yml.j2
@ -1,5 +1,5 @@
 services:
-
+#  @todo Test which containers can be removed crom cental_database networks 
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
 {% include 'templates/docker/services/redis.yml.j2' %}
@ -57,7 +57,6 @@ services:
    ports:
      # override those variables in your .env file if needed
      - "127.0.0.1:{{http_port}}:80"
 {% include 'templates/docker/container/networks.yml.j2' %}
  typesense:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
--- a/roles/docker-matomo/tasks/main.yml
+++ b/roles/docker-matomo/tasks/main.yml
@ -1,4 +1,19 @@
 ---
 - name: check if matomo is up
  uri:
    url: "https://{{ domains.matomo }}/"
    method: GET
    return_content: yes
    status_code: 200
    validate_certs: yes
  register: site_check
  ignore_errors: yes
 - name: implement matomo tracking for matomo if matomo is up and tracking enabled
  set_fact:
    global_matomo_tracking_enabled: true
  when: site_check is defined and site_check.status == 200 and global_matomo_tracking_enabled | bool
 - name: "include docker-central-database"
  include_role: 
    name: docker-central-database
--- a/roles/docker-matomo/vars/main.yml
+++ b/roles/docker-matomo/vars/main.yml
@ -1,4 +1,7 @@
 ---
-application_id:  	  "matomo"
+application_id:  	              "matomo"
-database_type:      "mariadb"
+database_type:                  "mariadb"
-database_password:  "{{matomo_database_password}}"
+database_password:              "{{matomo_database_password}}"
 # Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary
 # global_matomo_tracking_enabled: false 
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -107,7 +107,7 @@
 - name: docker compose project setup
  command:
-    cmd: docker-compose -p "{{application_id}}" up -d
+    cmd: "docker-compose -p {{application_id}} up -d{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT:   600
--- a/roles/docker-moodle/templates/docker-compose.yml.j2
+++ b/roles/docker-moodle/templates/docker-compose.yml.j2
@ -2,6 +2,7 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  moodle:
    container_name: moodle
    image: docker.io/bitnami/moodle:{{applications.moodle.version}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
--- a/roles/docker-nextcloud/handlers/main.yml
+++ b/roles/docker-nextcloud/handlers/main.yml
@ -3,3 +3,4 @@
  command:
    cmd: "docker exec {{nextcloud_nginx_container_name}} nginx -s reload"
  listen: restart docker nginx service
  ignore_errors: true # Ignoring if container is restarting
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -25,6 +25,6 @@
  include_tasks: oidc.yml
  when: oidc.enabled | bool
- name: Include LDAP specific tasks
+#- name: Include LDAP specific tasks
-  include_tasks: ldap.yml
+#  include_tasks: ldap.yml
-  when: ldap.enabled | bool
+#  when: ldap.enabled | bool
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@ -9,9 +9,15 @@ services:
    container_name: {{nextcloud_application_container_name}} 
    volumes:
      - data:/var/www/html
    healthcheck:
      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
      interval: 1m
      timeout: 10s
      retries: 3
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
        ipv4_address: 192.168.102.69
  web:
    image: nginx:alpine
@ -30,7 +36,9 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
-{% include 'templates/docker/container/networks.yml.j2' %}
+    networks:
      default:
        ipv4_address: 192.168.102.67
  cron:
    container_name: nextcloud-cron
@ -41,8 +49,14 @@ services:
    volumes:
      - data:/var/www/html
    entrypoint: /cron.sh
    healthcheck:
      test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
      interval: 1m
      timeout: 10s
      retries: 3
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
        ipv4_address: 192.168.102.70
 {% include 'templates/docker/compose/volumes.yml.j2' %}
  data:
--- a/roles/docker-nextcloud/templates/internal-new.conf.j2
+++ b/roles/docker-nextcloud/templates/internal-new.conf.j2
@ -1,194 +0,0 @@
 # Internal configuration file for nextcloud
 worker_processes auto;
 # @see https://chatgpt.com/share/67aa3ce9-eea0-800f-85e8-ac54a3810b13
 error_log   /proc/self/fd/2 warn;
 pid         /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    types {
        application/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /proc/self/fd/1 main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout     65;
    fastcgi_send_timeout  900s;
    fastcgi_read_timeout  900s;
    proxy_buffering       off;
    #gzip  on;
    upstream php-handler {
        server application:9000;
    }
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
        default ", immutable";
    }
    server {
        listen 80;
        # HSTS settings
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"           always;
        add_header X-Content-Type-Options               "nosniff"               always;
        add_header X-Download-Options                   "noopen"                always;
        add_header X-Frame-Options                      "SAMEORIGIN"            always;
        add_header X-Permitted-Cross-Domain-Policies    "none"                  always;
        add_header X-Robots-Tag                         "noindex, nofollow"     always;
        add_header X-XSS-Protection                     "1; mode=block"         always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;
        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
        # Make a regex exception for `/.well-known` so that clients can still
        # access it despite the existence of the regex rule
        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
        # for `/.well-known`.
        location ^~ /.well-known {
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.
            location = /.well-known/carddav { return 301 /remote.php/dav/; }
            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
            location = /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
            location = /.well-known/nodeinfo  { return 301 /index.php/.well-known/nodeinfo; }
            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }
        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
            # Added due to this error: https://help.nextcloud.com/t/ldap-ad-authnetication-500-error-on-ajax-request/107168/3
            #rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            #fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            # HTTP response headers borrowed from Nextcloud `.htaccess`
            add_header Cache-Control                     "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
        }
        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }
        location / {
            try_files $uri $uri/ /index.php$request_uri;
        }
    }
 }
--- a/roles/docker-oauth2-proxy/templates/container.yml.j2
+++ b/roles/docker-oauth2-proxy/templates/container.yml.j2
@ -6,5 +6,4 @@
    ports:
      - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
    volumes:
-      - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
+      - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-openproject/templates/docker-compose.yml.j2
+++ b/roles/docker-openproject/templates/docker-compose.yml.j2
@ -1,3 +1,4 @@
 # @todo Test which containers can be removed crom cental_database networks
 x-op-app: &app
  logging:
    driver: journald
@ -15,7 +16,6 @@ services:
    image: memcached
    container_name: openproject-memcached
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
  proxy:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
@ -28,7 +28,6 @@ services:
      APP_HOST: web
    depends_on:
      - web
 {% include 'templates/docker/container/networks.yml.j2' %}
    volumes:
      - "data:/var/openproject/assets"
      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
--- a/roles/docker-peertube/templates/docker-compose.yml.j2
+++ b/roles/docker-peertube/templates/docker-compose.yml.j2
@ -8,8 +8,8 @@ services:
    image: chocobozzz/peertube:production-{{applications.peertube.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    ports:
-     - "1935:1935"
+     - "1935:1935"  # @todo Add to ports
-     - "{{http_port}}:9000" 
+     - "127.0.0.1:{{http_port}}:9000" 
    volumes:
      - assets:/app/client/dist
      - data:/data
--- a/roles/docker-taiga/templates/docker-compose.yml.j2
+++ b/roles/docker-taiga/templates/docker-compose.yml.j2
@ -77,9 +77,9 @@ services:
      taiga:
  taiga-gateway:
-    image: nginx:1.19-alpine
+    image: nginx:alpine
    ports:
-      - "{{http_port}}:80"
+      - "127.0.0.1:{{http_port}}:80"
    volumes:
      - {{docker_compose.directories.services}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
      - static-data:/taiga/static
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@ -29,6 +29,10 @@ DEFAULT_FROM_EMAIL  =   "{{system_email.from}}"
 EMAIL_USE_TLS   =   "{{ system_email.tls | lower | capitalize }}"         # use TLS (secure) connection with the SMTP server
 EMAIL_USE_SSL   =   "{{ 'False' if system_email.start_tls else 'True' }}" # use implicit TLS (secure) connection with the SMTP server
 RABBITMQ_USER=taiga
 RABBITMQ_PASS=taiga
 RABBITMQ_VHOST=taiga
 # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
 RABBITMQ_DEFAULT_RABBITMQ_USER  =   taiga  # user to connect to RabbitMQ
 RABBITMQ_DEFAULT_RABBITMQ_PASS  =   taiga  # RabbitMQ user's password
--- a/roles/docker/README.md
+++ b/roles/docker/README.md
@ -12,6 +12,16 @@
    docker volume rm $(docker volume ls -q -f "dangling=true")
 ```
 ### network issues
 ```bash 
 docker stop $(docker ps -a -q)
 docker rm $(docker ps -a -q)
 docker network prune -f
 sudo iptables -t nat -F DOCKER
 sudo iptables -t nat -F DOCKER-USER
 ```
 ## performance
 - https://forums.docker.com/t/mysql-slow-performance-in-docker/37179/21
--- a/roles/nginx-global-css/templates/global.css.j2
+++ b/roles/nginx-global-css/templates/global.css.j2
@ -198,6 +198,14 @@ html.ng-csp button.files-list__row-name-link, html.ng-csp button.button-vue{
    color: background-color: var(--button-bg-color) !important;
 }
 html.ng-csp div#postsetupchecks ul.warnings{
    color: var(--error-color) !important;
 }
 html.ng-csp div#postsetupchecks ul.info{
    background-color: transparent !important;
 }
 div#content-vue p, div#content-vue span{
    color: var(--background-dark-color) !important;
 }
--- a/roles/nginx-global-matomo/README.md
+++ b/roles/nginx-global-matomo/README.md
@ -11,23 +11,9 @@ This Ansible role automates the integration of Matomo tracking code into Nginx-s
 - Nginx installed on the target server.
 - Matomo analytics platform set up and accessible.
 ## Role Variables
 - `matomo_domain`: The domain of your Matomo installation.
 - `domain`: The domain of the website you wish to track.
 - `matomo_auth_token`: Matomo auth token
 ## Dependencies
 - None. This role is designed to be included in Nginx server block configurations.
 ## Example Usage
 To enable Matomo tracking on your Nginx website, include the role in your playbook and set the required variables.
 ```yaml
 - hosts: webserver
  roles:
    - { role: nginx-global-matomo, matomo_domain: 'matomo.example.com', base_domain: 'example.com', matomo_site_id: '1' }
 ```
 ## Customization
 You can customize the tracking script and the noscript image tracker by editing the `matomo-tracking.js.j2` and `matomo.subfilter.conf.j2` templates.
--- a/roles/nginx-global-matomo/tasks/main.yml
+++ b/roles/nginx-global-matomo/tasks/main.yml
@ -1,6 +1,6 @@
 - name: Check if site already exists in Matomo
  uri:
-    url: "https://{{matomo_domain}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}"
+    url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}"
    method: GET
    return_content: yes
    status_code: 200
@ -14,7 +14,7 @@
 - name: Add site to Matomo and get ID if not exists
  uri:
-    url: "https://{{ matomo_domain }}/index.php"
+    url: "https://{{ domains.matomo }}/index.php"
    method: POST
    body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ matomo_auth_token }}&format=json"
    body_format: form-urlencoded
--- a/roles/nginx-global-matomo/templates/matomo-tracking.js.j2
+++ b/roles/nginx-global-matomo/templates/matomo-tracking.js.j2
@ -7,7 +7,7 @@ _paq.push(["trackPageView"]);
 _paq.push(["trackAllContentImpressions"]);
 _paq.push(["enableLinkTracking"]);
 (function() {
-  var u="//{{matomo_domain}}/";
+  var u="//{{domains.matomo}}/";
  _paq.push(["setTrackerUrl", u+"matomo.php"]);
  _paq.push(["setSiteId", "{{matomo_site_id}}"]);
  var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];
--- a/roles/nginx-global-matomo/vars/main.yml
+++ b/roles/nginx-global-matomo/vars/main.yml
@ -1,2 +1 @@
 matomo_domain: "matomo.{{primary_domain}}"
 base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	7fc44b9a35	Restricted taiga port 80 to 127.0.0.1	2025-02-11 05:27:39 +01:00
Kevin Veen-Birkenbach	a7f50e05de	Implemented static IP's to solve fastcgi bug in nextcloud. https://chatgpt.com/c/67aa957f-03fc-800f-b092-9b219e36c260	2025-02-11 05:01:20 +01:00
Kevin Veen-Birkenbach	60c84d57ba	Optimized networking and matomo	2025-02-11 04:49:21 +01:00
Kevin Veen-Birkenbach	5cb1aa45ad	Added more nextcloud css	2025-02-11 01:38:24 +01:00
Kevin Veen-Birkenbach	0c3f088810	Solved Taiga variable bug	2025-02-11 01:04:25 +01:00
Kevin Veen-Birkenbach	12a390229c	Implemented health checks for nextcloud	2025-02-11 00:31:32 +01:00
Kevin Veen-Birkenbach	33aa31e55e	Added remove orphans	2025-02-11 00:16:54 +01:00
Kevin Veen-Birkenbach	0717d386e0	Optimized peertube	2025-02-11 00:06:41 +01:00
`@ -1,2 +1 @@`
	`matomo_domain: "matomo.{{primary_domain}}"`
	`base_domain: "{{ domain \| regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"`	`base_domain: "{{ domain \| regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"`