Uncommented code

group_vars/all/00_general.yml

@@ -10,9 +10,9 @@ primary_domain_sld:     "cymais"                                        # Second
 primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
 
 # Administrator
-administrator_username: "administrator"                                 # Username of the administrator
+administrator_username:           "administrator"                                 # Username of the administrator
-administrator_email:    "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
+administrator_email:              "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
-#user_administrator_initial_password: EXAMPLE_PASSWORD_123456           # Example initialisation password needs to be set in inventory file
+# administrator_initial_password: Null                                            # Example initialisation password needs to be set in inventory file
 
 # Test Email
 test_email:             "test@{{primary_domain}}"

group_vars/all/03_domains.yml

@@ -19,7 +19,7 @@ defaults_domains:
   keycloak:                "auth.{{primary_domain}}"
   ldap:                    "ldap.{{primary_domain}}"
   listmonk:                "newsletter.{{primary_domain}}"
-  mailu:                   "{{system_email.host}}"
+  mailu:                   "mail.{{primary_domain}}"
   mastodon:                "microblog.{{primary_domain}}"
   # ATTENTION: Will be owerwritten by the values in domains. Not merged.
   mastodon_alternates:    ["mastodon.{{primary_domain}}"]
@@ -54,6 +54,7 @@ defaults_redirect_domain_mappings:
 - { source: "gitea.{{primary_domain}}",       target: "{{domains.gitea}}" }
 - { source: "keycloak.{{primary_domain}}",    target: "{{domains.keycloak}}" }
 - { source: "listmonk.{{primary_domain}}",    target: "{{domains.listmonk}}" }
+- { source: "mail.{{primary_domain}}",        target: "{{domains.mailu}}" }
 - { source: "moodle.{{primary_domain}}",      target: "{{domains.moodle}}" }
 - { source: "nextcloud.{{primary_domain}}",   target: "{{domains.nextcloud}}" }
 - { source: "openproject.{{primary_domain}}", target: "{{domains.openproject}}" }

group_vars/all/07_applications.yml

@@ -18,14 +18,20 @@ defaults_applications:
     company_name:         "{{primary_domain}}"
     company_email:        "{{administrator_email}}"
     setup_admin_email:    "{{administrator_email}}"
+    database:
+      central_storage:                True
 
   ## Attendize 
   attendize:
     version:              "latest"
+    database:
+      central_storage:                True
 
   ## Baserow 
   baserow:
     version:              "latest"
+    database:
+      central_storage:                True
 
   ## Big Blue Button
   bigbluebutton:
@@ -33,6 +39,8 @@ defaults_applications:
     setup:                false                           # Set to true in inventory file for initial setup
     oidc:
       enabled:               true                         # Activate OIDC
+    database:
+      central_storage:                True
 
   ## Bluesky
   bluesky:
@@ -42,6 +50,8 @@ defaults_applications:
       #jwt_secret:                            # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
       #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 
       #admin_password:                        # Needs to be defined in inventory file - Use: openssl rand -base64 16
+    database:
+      central_storage:                True
 
   ## Discourse:
   discourse:
@@ -51,25 +61,35 @@ defaults_applications:
     # database_password:                      # Needs to be defined in inventory file
     oidc:
       enabled:               true             # Activate OIDC
+    database:
+      central_storage:                True
 
   ## Friendica
   friendica:
     version:              "latest"
     oidc:
       enabled:               true             # Activate OIDC. Plugin is not working yet
+    database:
+      central_storage:                True
 
   ## Funkwhale
   funkwhale:
     version:              "1.4.0"
-    ldap_enabled:         True                # Enables LDAP by default 
+    ldap_enabled:         True                # Enables LDAP by default
+    database:
+      central_storage:                True
 
   ## Gitea
   gitea:
     version:              "latest"
+    database:
+      central_storage:                True
 
   ## Gitlab
   gitlab:
     version:              "latest"
+    database:
+      central_storage:                True
 
   ## Joomla
   joomla:
@@ -79,7 +99,9 @@ defaults_applications:
   keycloak:
     version:                  "latest"
     administrator_username:   "{{administrator_username}}"  # Administrator Username for Keycloak
-    ldap_enabled:             True                          # Enables LDAP by default 
+    ldap_enabled:             True                          # Enables LDAP by default
+    database:
+      central_storage:                True
 #   database_password:                                      # Needs to be defined in inventory file   
 #   administrator_password:                                 # Needs to be defined in inventory file      
 
@@ -87,7 +109,7 @@ defaults_applications:
   ldap:
     lam:
       version:                        "latest"
-      administrator_password:         "{{user_administrator_initial_password}}" # CHANGE for security reasons
+      administrator_password:         "{{administrator_initial_password}}" # CHANGE for security reasons
     openldap:
       version:                        "latest"
       network:
@@ -104,6 +126,8 @@ defaults_applications:
       enabled:                        true                                      # Activate the OAuth2 Proxy for the LDAP Webinterface
       application:                    lam                                       # Needs to be the same as webinterface
       port:                           80                                        # If you use phpldapadmin set it to 8080
+    database:
+      central_storage:                false                                     # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later. 
     # administrator_password:                                                   # CHANGE for security reasons in inventory file
     # administrator_database_password:                                          # CHANGE for security reasons in inventory file
 
@@ -113,6 +137,8 @@ defaults_applications:
     public_api_activated:             False                                     # Security hole. Can be used for spaming
     version:                          "latest"                                  # Docker Image version
     setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
+    database:
+      central_storage:                True
 
   mailu:
     version:                          "2024.06"                                 # Docker Image Version
@@ -121,11 +147,13 @@ defaults_applications:
       enabled:                        true                                      # Activate OIDC for Mailu
     domain:                           "{{primary_domain}}"                      # The main domain from which mails will be send \ email suffix behind @
     # I don't know why the database deactivation is necessary
-    enable_central_database:          False                                     # Deactivate central database for mailu
+    database:
+      central_storage:                False                                     # Deactivate central database for mailu
     credentials:                                     
 #     secret_key:                                                               # Set to a randomly generated 16 bytes string
 #     database_password:                                                        # Needs to be set in inventory file
 #     api_token:                                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
+#     initial_administrator_password:                                           # Initial administrator password for setup 
 
   ## MariaDB
   mariadb:
@@ -139,13 +167,17 @@ defaults_applications:
 #   database_password:                Null                          # Needs to be set in inventory file
 #   auth_token:                       Null                          # Needs to be set in inventory file
     css:
-      enabled:       false                                          # The css isn't optimized yet for Matomo
+      enabled:                        false                         # The css isn't optimized yet for Matomo
+    database:
+      central_storage:                True
 
   ## Mastodon
   mastodon:
     version:                          "latest"
     single_user_mode:                 false                         # Set true for initial setup
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
+    database:
+      central_storage:                True
     oidc:
         enabled:                        true                          # Activate OIDC for Mastodon
     credentials:
@@ -172,6 +204,8 @@ defaults_applications:
     element:
       version:                        "latest"
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
+    database:
+      central_storage:                True
 
   ## Moodle
   moodle:
@@ -179,19 +213,29 @@ defaults_applications:
     administrator_name:               "{{administrator_username}}"
     administrator_email:              "{{administrator_email}}"
     version:                          "latest"
+    database:
+      central_storage:                True
 
   ## MyBB
   mybb:
     version:                   "latest"
+    database:
+      central_storage:                True
 
   ## Nextcloud
   nextcloud:
     version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
     ldap_enabled:         True          # Enables LDAP by default, missing ansible setup tasks @todo setup
-#   database_password:    Null          # Needs to be set in inventory file
     oidc:
       enabled:            true          # Activate OIDC for Nextcloud
     force_import:         False         # Forces the import of the LDIF files
+    database:
+      central_storage:    True
+    credentials:
+#     database_password:  Null          # Needs to be set in inventory file
+      administrator_username:           "{{administrator_username}}"
+      administrator_initial_password:   "{{administrator_initial_password}}"
+
 
   ## OAuth2 Proxy
   oauth2_proxy:
@@ -208,11 +252,15 @@ defaults_applications:
       enabled:            true    # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
       application:        "proxy"
       port:               "80"
-    ldap_enabled:         True    # Enables LDAP by default 
+    ldap_enabled:         True    # Enables LDAP by default
+    database:
+      central_storage:    True 
 
   ## Peertube
   peertube:
     version:              "bookworm"
+    database:
+      central_storage:    True 
 
   ## PHPMyAdmin
   phpmyadmin:
@@ -222,24 +270,36 @@ defaults_applications:
       enabled:            true
       port:               "80"
       application:        "application"
+    database:
+      central_storage:    True
 
   ## Pixelfed
   pixelfed:
-    titel:    "Pictures on {{primary_domain}}"
+    titel:                "Pictures on {{primary_domain}}"
-    version:  "latest"
+    version:              "latest"
+    database:
+      central_storage:    True
 
   ## Postgres
   # Please set an version in your inventory file - Rolling release for postgres isn't recommended
   postgres:
     database.version:  "latest"
 
+  portfolio:
+    database:
+      central_storage:  False # Portfolio doesn't use any database
+
   # Snipe-IT
   snipe_it:
     version:           "latest"
+    database:
+      central_storage:  True
 
   ## Taiga
   taiga:
     version:           "latest"
+    database:
+      central_storage:  True
 
   ## YOURLS
   yourls:
@@ -250,7 +310,8 @@ defaults_applications:
       application:            "application"
       port:                   "80"
       location:               "/admin/"                       # Protects the admin area
-    
+    database:
+      central_storage:        True
 
   wordpress:
 # Deactivate Global theming for wordpress role
@@ -260,4 +321,6 @@ defaults_applications:
 # May a solution could be to generate a template or css file dedicated
 # for wordpress based on the theming values and import it. 
     css:
-      enabled:       false
+      enabled:          false
+    database:
+      central_storage:  True

group_vars/all/12_storage.yml

@@ -1,6 +1,3 @@
-## Enable Central Postgress and MariaDB instead of dedicated container per application
-enable_central_database:          true
-
 ## Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer:  true
 

roles/docker-akaunting/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "include tasks update-repository-with-files.yml"
   include_tasks: update-repository-with-files.yml

roles/docker-akaunting/templates/docker-compose.yml.j2

@@ -10,7 +10,7 @@ services:
     build:
       context: .
     ports:
-      - 127.0.0.1:{{http_port}}:80
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80
     volumes:
       - data:/var/www/html
     environment:

roles/docker-akaunting/templates/env.j2

@@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 LOCALE={{locale}}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)

roles/docker-attendize/tasks/main.yml

@@ -3,19 +3,20 @@
   include_role: 
     name: docker-central-database
 
-- name: "include tasks to receive attendize certbot certificate"
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
-  include_role: 
+  include_role:
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert-modify-all
   vars:
     domain: "{{ item }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
   loop:
     - "{{ domains.mailu }}"
     - "{{ domain }}"
     
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
 
 - name: "include tasks update-repository-with-files.yml"

roles/docker-attendize/templates/docker-compose.yml.j2

@@ -7,7 +7,7 @@ services:
   web:
     image: "attendize_web:{{applications.attendize.version}}"
     ports:
-    - "{{http_port}}:80"
+    - "{{ports.localhost.http[application_id]}}:80"
     volumes:
       - .:/usr/share/nginx/html
       - .:/var/www

roles/docker-baserow/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-baserow/templates/docker-compose.yml.j2

@@ -11,7 +11,7 @@ services:
     volumes:
       - data:/baserow/data
     ports:
-      - "{{http_port}}:80"
+      - "{{ports.localhost.http[application_id]}}:80"
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 

roles/docker-baserow/vars/main.yml

@@ -1,3 +1,5 @@
 application_id:     "baserow"
 database_password:  "{{ baserow_database_password }}"
-database_type:      "postgres"
+database_type:      "postgres"
+domain: 	          "{{ domains[application_id] }}"
+http_port: 	        "{{ ports.localhost.http[application_id] }}"

roles/docker-bigbluebutton/tasks/main.yml

@@ -9,15 +9,18 @@
 #- name: "include task certbot-and-globals.yml"
 #  include_tasks: certbot-and-globals.yml
 #
-#- name: configure {{domain}}.conf
+#- name: configure {{domains[application_id]}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+#    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
 #  notify: restart nginx
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: configure websocket_upgrade.conf
   copy: 

roles/docker-bigbluebutton/templates/env.j2

@@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
 # CONNECTION
 # ====================================
 
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
 
 EXTERNAL_IPv4={{networks.internet.ip4}}
 # The following line is not tested and could lead to bugs:
@@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
 
 # TURN SERVER
 # uncomment and adjust following two lines to add an external TURN server
-TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
+TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
 TURN_SECRET={{bigbluebutton_turn_secret}}
 
 # Allowed SIP IPs
@@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
 # Please refer to your SMTP provider to get the values for the variables below
 
 SMTP_SERVER={{system_email.host}}
-SMTP_DOMAIN={{domain}}
+SMTP_DOMAIN={{system_email.domain}}
 SMTP_PORT={{system_email.port}}
 SMTP_USERNAME={{system_email.username}}
 SMTP_PASSWORD={{system_email.password}}
@@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT=https://{{domain}}
+OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
 {% endif %}

roles/docker-central-database/README.md

@@ -47,7 +47,7 @@ When executed, the role will:
 1. Load database configuration variables.
 2. Generate the appropriate environment file for the database.
 3. Incorporate the Docker Compose routines.
-4. Create a central database if `enable_central_database` is set to `true`.
+4. Create a central database if `applications[application_id].database.central_storage` is set to `true`.
 
 ---
 

roles/docker-central-database/tasks/main.yml

@@ -14,9 +14,9 @@
     src: "env/{{database_type}}.env.j2"
     dest: "{{database_env}}"
   notify: docker compose project build and setup
-  when: not enable_central_database | bool
+  when: not applications[application_id].database.central_storage | bool
 
 - name: create central database
   include_role:
     name: "docker-{{database_type}}"
-  when: enable_central_database | bool
+  when: applications[application_id].database.central_storage | bool

roles/docker-central-database/templates/services/mariadb.yml.j2

@@ -1,5 +1,5 @@
 # This template needs to be included in docker-compose.yml, which depend on a mariadb database
-{% if not enable_central_database | bool %}
+{% if not applications[application_id].database.central_storage | bool %}
   database:
     container_name: {{application_id}}-database
     logging:

roles/docker-central-database/templates/services/postgres.yml.j2

@@ -1,5 +1,5 @@
 # This template needs to be included in docker-compose.yml, which depend on a postgres database
-{% if not enable_central_database | bool %}  
+{% if not applications[application_id].database.central_storage | bool %}  
   database:
     image: postgres:{{applications.postgres.database_version}}-alpine
     container_name: {{application_id}}-database

roles/docker-central-database/vars/database.yml

@@ -1,6 +1,8 @@
-database_instance:  "{{ 'central-' + database_type if enable_central_database | bool else application_id }}"
+database_instance:  "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else application_id }}"
-database_host:      "{{ 'central-' + database_type if enable_central_database | bool else 'database' }}"
+database_host:      "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else 'database' }}"
 database_name:      "{{ application_id }}"
 database_username:  "{{ application_id }}"
 database_port:      "{{ 3306 if database_type == 'mariadb' else 5432 }}"
-database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
+database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
+
+# Don't set application_id . It would conflict with central database logic

roles/docker-compose/handlers/main.yml

@@ -28,3 +28,9 @@
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600
   listen: docker compose project build and setup
+
+- name: docker compose restart
+  command:
+    cmd: "docker compose restart"
+    chdir: "{{docker_compose.directories.instance}}"
+  listen: docker compose restart

roles/docker-compose/tasks/main.yml

@@ -1,19 +1,6 @@
 - name: "load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
   include_vars: "{{ role_path }}/vars/docker-compose.yml"
 
-- name: "Set global domain based on application_id"
-  set_fact:
-    domain: "{{ domains[application_id] }}"
-  when:
-    - application_id in domains
-    - domains[application_id] is string
-  # Default case: One domain exists. Some applications like matrix don't have an default domain
-
-- name: "Set global http_port to {{ ports.localhost.http[application_id] }}"
-  set_fact:
-    http_port: "{{ ports.localhost.http[application_id] if application_id in ports.localhost.http else None }}"
-  # Default case: One port exists. Some applications like matrix don't have an default port
-
 - name: "remove {{ docker_compose.directories.instance }} and all its contents"
   file:
     path: "{{ docker_compose.directories.instance }}"

roles/docker-discourse/handlers/main.yml

@@ -11,7 +11,7 @@
   command:
     cmd: "docker network connect {{applications.discourse.network}} central-{{ database_type }}"
   ignore_errors: true
-  when: enable_central_database | bool
+  when: applications[application_id].database.central_storage | bool
   listen: recreate discourse
 
 - name: rebuild discourse

roles/docker-discourse/tasks/main.yml

@@ -11,8 +11,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "cleanup central database from {{application_id}}_default network"
   command:
@@ -65,10 +68,10 @@
   command:
     cmd: "docker network connect central_postgres {{applications.discourse.container}}"
   ignore_errors: true
-  when: enable_central_database | bool
+  when: applications[application_id].database.central_storage | bool
   
 - name: "remove central database from {{application_id}}_default"
   command:
     cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
   ignore_errors: true
-  when: enable_central_database | bool
+  when: applications[application_id].database.central_storage | bool

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -1,5 +1,5 @@
 templates:
-{% if not enable_central_database | bool %}
+{% if not applications[application_id].database.central_storage | bool %}
   - "templates/postgres.template.yml"
 {% endif %}
   #- "templates/redis.template.yml"
@@ -15,7 +15,7 @@ templates:
 ## If you want Discourse to share a port with another webserver like Apache or nginx,
 ## see https://meta.discourse.org/t/17247 for details
 expose:
-  - "127.0.0.1:{{http_port}}:80"   # http
+  - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"   # http
 
 params:
   db_default_text_search_config: "pg_catalog.english"
@@ -41,7 +41,7 @@ env:
   UNICORN_WORKERS: 8
 
   ## Required. Discourse will not work with a bare IP number.
-  DISCOURSE_HOSTNAME: {{domain}}
+  DISCOURSE_HOSTNAME: {{domains[application_id]}}
 
   ## Uncomment if you want the container to be started with the same
   ## hostname (-h option) as specified above (default "$hostname-$config")
@@ -122,7 +122,7 @@ run:
   - exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
   - exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"         
   - exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"     
-  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
   - exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
   - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
 {% endif %}

roles/docker-elk/tasks/main.yml

@@ -1,8 +1,11 @@
 ---
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: create elasticsearch-sysctl.conf
   copy:

roles/docker-elk/templates/docker-compose.yml.j2

@@ -57,7 +57,7 @@ services:
         target: /usr/share/kibana/config/kibana.yml
         read_only: true
     ports:
-      - "127.0.0.1:{{ http_port }}:5601"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:5601"
     depends_on:
       - elasticsearch
 

roles/docker-friendica/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-friendica/templates/docker-compose.yml.j2

@@ -8,7 +8,7 @@ services:
     volumes:
       - data:/var/www/html
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     healthcheck:
       # This health check ensures the test email is sent only once to prevent 
       # hitting SMTP rate limits due to multiple health check executions.
@@ -20,7 +20,7 @@ services:
       test:
         [
           "CMD-SHELL",
-          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
+          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
         ]
       interval: 1m
       timeout: 10s

roles/docker-friendica/templates/env.j2

@@ -1,8 +1,8 @@
 # The configuration options can be found here: 
 # @see https://hub.docker.com/_/friendica
 
-FRIENDICA_URL= https://{{domain}}
+FRIENDICA_URL= https://{{domains[application_id]}}
-HOSTNAME= {{domain}}
+HOSTNAME= {{domains[application_id]}}
 FRIENDICA_NO_VALIDATION={{no_validation | lower}}
       
 # Debugging

roles/docker-funkwhale/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-funkwhale/templates/docker-compose.yml.j2

@@ -56,7 +56,7 @@ services:
       #- "{{static_root}}:{{static_root}}:ro"
     ports:
       # override those variables in your .env file if needed
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
   
   typesense:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}

roles/docker-funkwhale/templates/env.j2

@@ -32,7 +32,7 @@ FUNKWHALE_VERSION={{applications.funkwhale.version}}
 FUNKWHALE_API_IP=127.0.0.1
 # Assuming that the following variable isn't used anymore. 
 # @todo remove it if this is true
-FUNKWHALE_API_PORT={{http_port}}
+FUNKWHALE_API_PORT={{ports.localhost.http[application_id]}}:
 
 # The number of web workers to start in parallel. Higher means you can handle
 # more concurrent requests, but also leads to higher CPU/Memory usage
@@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
 # Replace this by the definitive, public domain you will use for
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
-FUNKWHALE_HOSTNAME={{domain}}
+FUNKWHALE_HOSTNAME={{domains[application_id]}}
 FUNKWHALE_PROTOCOL=https
 
 # Log level (debug, info, warning, error, critical)

roles/docker-gitea/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-gitea/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     image: "gitea/gitea:{{applications.gitea.version}}"
     ports:
-      - "127.0.0.1:{{http_port}}:3000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
       - "{{ports.public.ssh[application_id]}}:22"
     volumes:
       - data:/data

roles/docker-gitea/templates/env.j2

@@ -7,7 +7,7 @@ DB_USER={{database_username}}
 DB_PASSWD={{database_password}}
 SSH_PORT={{ports.public.ssh[application_id]}}
 SSH_LISTEN_PORT=22
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
-SSH_DOMAIN={{domain}}
+SSH_DOMAIN={{domains[application_id]}}
 RUN_MODE="{{run_mode}}"
-ROOT_URL="https://{{domain}}/"
+ROOT_URL="https://{{domains[application_id]}}/"

roles/docker-gitlab/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-gitlab/templates/docker-compose.yml.j2

@@ -6,10 +6,10 @@ services:
 
   web:
     image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
-    hostname: '{{domain}}'
+    hostname: '{{domains[application_id]}}'
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
       - "{{ports.public.ssh[application_id]}}:22"
     volumes:
       - 'config:/etc/gitlab'

roles/docker-jenkins/tasks/main.yml

@@ -1,6 +1,9 @@
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "docker jenkins"
   docker_compose:
@@ -10,7 +13,7 @@
         image: jenkins/jenkins:lts
         restart: "{{docker_restart_policy}}"
         ports:
-          - "127.0.0.1:{{http_port}}:8080"
+          - "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
         volumes:
           - jenkins_data:/var/jenkins_home
         log_driver: journald

roles/docker-joomla/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
   loop: "{{ domains }}"
   loop_control:
     loop_var: domain

roles/docker-joomla/templates/docker-compose.yml.j2

@@ -8,7 +8,7 @@ services:
     volumes:
       - data:/var/www/html
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 

roles/docker-keycloak/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-keycloak/templates/docker-compose.yml.j2

@@ -8,7 +8,7 @@ services:
     command: start --import-realm # imports realms on startup
     {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
-      - "127.0.0.1:{{http_port}}:8080"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
     volumes:
       - "{{import_directory_host}}:{{import_directory_docker}}"
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

roles/docker-keycloak/templates/env.j2

@@ -2,7 +2,7 @@
 # Documentation can be found here: 
 # @see https://www.keycloak.org/server/containers
 
-KC_HOSTNAME=                    https://{{domain}}
+KC_HOSTNAME=                    https://{{domains[application_id]}}
 KC_HTTP_ENABLED=                true
 
 # Health Checks

roles/docker-ldap/tasks/main.yml

@@ -4,19 +4,22 @@
     name: docker-compose
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
-- name: Create {{domain}}.conf if LDAP is exposed to internet
+- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
   template: 
     src:  "nginx.stream.conf.j2" 
-    dest: "{{nginx.directories.streams}}{{domain}}.conf"
+    dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
   notify: restart nginx
   when: applications.ldap.openldap.network.public | bool
 
-- name: Remove {{domain}}.conf if LDAP is not exposed to internet
+- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
   file:
-    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
+    path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
     state: absent
   when: not applications.ldap.openldap.network.public | bool
 

roles/docker-ldap/templates/phpldapadmin.env.j2

@@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    https://{{domain}}
+APP_URL=    https://{{domains[application_id]}}
 LDAP_HOST=  openldap

roles/docker-listmonk/tasks/main.yml

@@ -13,8 +13,11 @@
       {% endif %}
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-listmonk/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     image: listmonk/listmonk:{{applications.listmonk.version}}
     ports:
-      - "127.0.0.1:{{http_port}}:9000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
     volumes:
       - {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
 {% include 'templates/docker/container/networks.yml.j2' %}

roles/docker-mailu/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
   vars:
     nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
 
@@ -18,11 +21,9 @@
 
 - name: flush docker service
   meta: flush_handlers
-  when: applications.mailu.setup |bool 
 
 - name: execute database migration
   command:
-    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}"
+    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}"
     chdir: "{{docker_compose.directories.instance}}"
-  ignore_errors: true
+  ignore_errors: true
-  when: applications.mailu.setup |bool 

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -15,7 +15,7 @@ services:
     image: {{docker_source}}/nginx:{{applications.mailu.version}}
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
-      - "127.0.0.1:{{ http_port }}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
       - "{{networks.internet.ip4}}:25:25"
       - "{{networks.internet.ip4}}:465:465"
       - "{{networks.internet.ip4}}:587:587"

roles/docker-mailu/templates/env.j2

@@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
 DOMAIN={{applications.mailu.domain}}
 
 # Hostnames for this server, separated with comas
-HOSTNAMES={{domain}}
+HOSTNAMES={{domains[application_id]}}
 
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
@@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
 SITENAME=Mailservices
 
 # Linked Website URL
-WEBSITE=https://{{domain}}
+WEBSITE=https://{{domains[application_id]}}
 
 
 
@@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
 # OpenID Connect provider configuration URL
 OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
 # OpenID redirect URL if HOSTNAME not matching your login url
-OIDC_REDIRECT_URL=https://{{domain}}
+OIDC_REDIRECT_URL=https://{{domains[application_id]}}
 # OpenID Connect Client ID for Mailu
 OIDC_CLIENT_ID={{oidc.client.id}}
 # OpenID Connect Client secret for Mailu

roles/docker-mailu/vars/main.yml

@@ -4,11 +4,9 @@ database_type:                "mariadb"
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false
 
-# I don't know why this configuration is necessary.
-# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
-# @todo research
-enable_central_database:      "{{applications.mailu.enable_central_database}}"
-
 # Use dedicated source for oidc if activated  
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
-docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
+docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
+
+domain:     "{{ domains[application_id] }}"
+http_port: 	"{{ ports.localhost.http[application_id] }}"

roles/docker-mastodon/tasks/create-domains.yml

@@ -1,6 +1,6 @@
-- name: "include role receive certbot certificate"
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
-  include_role: 
+  include_role:
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert-modify-all
     
 - name: configure {{domain}}.conf
   template: 

roles/docker-mastodon/tasks/main.yml

@@ -3,11 +3,13 @@
   include_role: 
     name: docker-central-database
 
-- name: "include create-domains.yml"
+- name: "include create-domains.yml for mastodon"
   include_tasks: create-domains.yml
-  loop: "{{ [domain] + domains.mastodon_alternates }}"
+  loop: "{{ [domains.mastodon] + domains.mastodon_alternates }}"
   loop_control:
     loop_var: domain
+  vars:
+    http_port: "{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-mastodon/templates/docker-compose.yml.j2

@@ -11,7 +11,7 @@ services:
     healthcheck:
       test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
     ports:
-      - "127.0.0.1:{{http_port}}:3000"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
     volumes:
       - data:/mastodon/public/system

roles/docker-mastodon/templates/env.j2

@@ -3,7 +3,7 @@
 # @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
 
 
-LOCAL_DOMAIN={{domain}}
+LOCAL_DOMAIN={{domains[application_id]}}
 ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
 SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
 
@@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
 OIDC_SCOPE="openid,profile,email"
 OIDC_UID_FIELD=preferred_username                       # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
 OIDC_CLIENT_ID={{oidc.client.id}}
-OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
+OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
 OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
 OIDC_CLIENT_SECRET={{oidc.client.secret}}
 OMNIAUTH_ONLY=true                                      # uncomment to only use OIDC for login / registration buttons

roles/docker-mastodon/templates/mastodon.conf.j2

@@ -4,7 +4,7 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
-  server_name {{domain}};
+  server_name {{domains[application_id]}};
 
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 

roles/docker-matomo/tasks/main.yml

@@ -5,8 +5,11 @@
   when: run_once_docker_matomo is not defined
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
   when: run_once_docker_matomo is not defined
 
 - name: "copy docker-compose.yml and env file"

roles/docker-matrix-ansible/templates/vars.yml.j2

@@ -32,7 +32,7 @@ matrix_playbook_ssl_enabled: true
 devture_traefik_config_entrypoint_web_secure_enabled: false
 
 # If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
-devture_traefik_container_web_host_bind_port: "127.0.0.1:{{http_port}}"
+devture_traefik_container_web_host_bind_port: "127.0.0.1:{{ports.localhost.http[application_id]}}"
 
 # We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
 # a reverse-proxy running on the local machine is safe enough.

roles/docker-matrix-compose/tasks/create-and-seed-database.yml

@@ -7,7 +7,7 @@
 - name: "create {{database_name}} database"
   include_role:
     name: docker-postgres
-  when: enable_central_database | bool
+  when: applications[application_id].database.central_storage | bool
 
 - name: "include seed-database-to-backup.yml"
   include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

roles/docker-matrix-compose/tasks/main.yml

@@ -3,9 +3,9 @@
   include_role: 
     name: docker-central-database
 
-- name: "include role receive certbot certificate"
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
-  include_role: 
+  include_role:
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert-modify-all
   vars:
     domain:     "{{domains.matrix_synapse}}"
     http_port:  "{{ports.localhost.http.matrix_synapse}}"
@@ -26,7 +26,7 @@
     src:  "templates/nginx.conf.j2" 
     dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
   vars:
-    # domain:     "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
+    domain:     "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
     http_port:  "{{ports.localhost.http.matrix_synapse}}"
   notify: restart nginx
         

roles/docker-matrix-compose/templates/nginx.conf.j2

@@ -1,9 +1,10 @@
 server {
-    # Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary
+    {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
+    {# Could be that this is related to the set_fact use #}
     {% set domain = domains.matrix_synapse %}
     {% set http_port = ports.localhost.http.matrix_synapse %}
 
-    server_name {{domain}};
+    server_name {{domains.matrix_synapse}};
     {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port

roles/docker-mediawiki/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: add docker-compose.yml
   template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml

roles/docker-mediawiki/templates/docker-compose.yml.j2

@@ -10,7 +10,7 @@ services:
         volumes:
           - "mediawiki-data:/var/www/html/"
         ports:
-          - "127.0.0.1:{{http_port}}:80"
+          - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 

roles/docker-moodle/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-moodle/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
     container_name: moodle
     image: docker.io/bitnami/moodle:{{applications.moodle.version}}
     ports:
-      - 127.0.0.1:{{http_port}}:8080
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - 'moodle:/bitnami/moodle'

roles/docker-mybb/tasks/main.yml

@@ -3,7 +3,7 @@
   include_role: 
     name: docker-central-database
 
-- name: "include tasks setup-domain.yml with {{domain}}"
+- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
   include_tasks: setup-domain.yml
   loop: "{{ mybb_domains + [source_domain] }}"
   loop_control:

roles/docker-mybb/tasks/setup-domain.yml

@@ -1,13 +1,15 @@
-# Recieves https certificate and setup proxy with domain replace
+{# Recieves https certificate and setup proxy with domain replace #}
 
 - name: "include role receive certbot certificate"
   include_role: 
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert
+  vars:
+    domain: "{{domains[application_id]}}"
 
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
   vars: 
-    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"
+    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"

roles/docker-mybb/templates/docker-compose.yml.j2

@@ -22,7 +22,7 @@ services:
     image: nginx:mainline
     restart: {{docker_restart_policy}}
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:
     - "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
     - "data:/var/www/html:ro"

roles/docker-nextcloud/README.md

@@ -84,11 +84,6 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
 docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
 ```
 
-Check the process with:
-```sql
-show processlist;
-```
-
 ---
 
 ## OCC (Nextcloud Command Line) 🔧
@@ -125,6 +120,12 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo
 
 OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
 
+### Verify OIDC Configuration
+
+```bash
+docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
+```
+
 ## LDAP 
 
 More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html

roles/docker-nextcloud/tasks/config.yml

@@ -0,0 +1,33 @@
+- name: "Substitute http with https in {{ nextcloud_config_file_path }}"
+  replace:
+    path: "{{ nextcloud_config_file_path }}"
+    regexp: "http://{{ domain | regex_escape }}"
+    replace: "https://{{ domain }}"
+  notify:
+    - docker compose restart
+
+#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_path }}
+#  block:
+#     Deactivated because it was really heavy to fix. 
+#     @todo implement
+#    - name: Check if 'overwriteprotocol' is already set
+#      lineinfile:
+#        path: "{{ nextcloud_config_file_path }}"
+#        regexp: "^\s*overwriteprotocol\s*=>\s*http"
+#        line: "overwriteprotocol => 'https',"
+#        backrefs: yes
+#        state: present
+#        notify:
+#          - docker compose restart
+#
+#    - name: Add 'overwriteprotocol' => 'https' if not present
+#      lineinfile:
+#        path: "{{ nextcloud_config_file_path }}"
+#        regexp: "^\s*\);$"
+#        line: "overwriteprotocol => 'https',"
+#        insertafter: "^\s*\);$"
+#        state: present
+#        notify:
+#          - docker compose restart        
+#  notify:
+#    - docker compose restart

roles/docker-nextcloud/tasks/main.yml

@@ -3,14 +3,14 @@
   include_role: 
     name: docker-central-database
 
-- name: "include role receive certbot certificate"
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
-  include_role: 
+  include_role:
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert-modify-all
 
 - name: create nextcloud nginx proxy configuration file
   template: 
     src:  "proxy-nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
 
 - name: create internal nextcloud nginx configuration
@@ -28,4 +28,7 @@
 
 - name: Include LDAP specific tasks
   include_tasks: ldap.yml
-  when: applications[application_id].ldap_enabled | bool
+  when: applications[application_id].ldap_enabled | bool
+
+- name: Include Config specific tasks
+  include_tasks: config.yml

roles/docker-nextcloud/tasks/oidc.yml

@@ -14,6 +14,13 @@
   # This configuration allows users to connect multiple accounts to their Nextcloud profile
   # using the sociallogin app.
 
+- name: install sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
+  ignore_errors: true
+
+- name: enable sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
+
 - name: Set custom_providers
   command: >
     docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ

roles/docker-nextcloud/templates/docker-compose.yml.j2

@@ -26,7 +26,7 @@ services:
       driver: journald
     restart: {{docker_restart_policy}}
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:
         - "{{docker_compose.directories.volumes}}nginx.conf:/etc/nginx/nginx.conf:ro"
     volumes_from:

roles/docker-nextcloud/templates/env.j2

@@ -18,5 +18,11 @@ SMTP_NAME=      {{system_email.username}}
 SMTP_PASSWORD=  {{system_email.password}}
 
 # Email from configuration
-MAIL_FROM_ADDRESS=no-reply
+MAIL_FROM_ADDRESS=          "{{system_email.local}}"
-MAIL_DOMAIN= {{system_email.domain}}
+MAIL_DOMAIN=                "{{system_email.domain}}"
+
+# Initial Admin Data
+NEXTCLOUD_ADMIN_USER=       "{{applications[application_id].credentials.administrator_username}}"
+NEXTCLOUD_ADMIN_PASSWORD=   "{{applications[application_id].credentials.administrator_initial_password}}"
+
+NEXTCLOUD_TRUSTED_DOMAINS=  "{{domains[application_id]}}"

roles/docker-nextcloud/vars/main.yml

@@ -1,6 +1,9 @@
 ---
 application_id:                       "nextcloud"
-database_password:  	                "{{applications.nextcloud.database_password}}"
+database_password:  	                "{{applications.nextcloud.credentials.database_password}}"
 database_type:                        "mariadb"
 nextcloud_application_container_name: "nextcloud-application"
-nextcloud_nginx_container_name:       "nextcloud-web"
+nextcloud_nginx_container_name:       "nextcloud-web"
+nextcloud_config_file_path:           "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
+domain:                               "{{domains[application_id]}}"
+http_port:                            "{{ ports.localhost.http[application_id] }}"

roles/docker-openproject/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "Create {{openproject_plugins_service}}"
   file:

roles/docker-openproject/templates/docker-compose.yml.j2

@@ -23,7 +23,7 @@ services:
     container_name: openproject-proxy
     command: "./docker/prod/proxy"
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     environment:
       APP_HOST: web
     depends_on:

roles/docker-openproject/templates/env.j2

@@ -7,7 +7,7 @@
 #   https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 #
 OPENPROJECT_HTTPS=true
-OPENPROJECT_HOST__NAME={{domain}}
+OPENPROJECT_HOST__NAME={{domains[application_id]}}
 OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
 IMAP_ENABLED=false
 POSTGRES_PASSWORD="{{ database_password }}"

roles/docker-peertube/tasks/create-domains.yml

@@ -1,6 +1,6 @@
-- name: "include role receive certbot certificate"
+- name: "include role for {{application_id}} to recieve certs & do modification routines"
-  include_role: 
+  include_role:
-    name: nginx-https-recieve-certificate
+    name: nginx-https-get-cert-modify-all
 
 - name: configure {{domain}}.conf
   template: 

roles/docker-peertube/tasks/main.yml

@@ -3,11 +3,13 @@
   include_role: 
     name: docker-central-database
   
-- name: "include create-domains.yml"
+- name: "include create-domains.yml for peertube"
   include_tasks: create-domains.yml
-  loop: "{{ [domain] + domains.peertube_alternates }}"
+  loop: "{{ [domains.peertube] + domains.peertube_alternates }}"
   loop_control:
     loop_var: domain
+  vars:
+    http: "{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-peertube/templates/docker-compose.yml.j2

@@ -9,7 +9,7 @@ services:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
      - "1935:1935"  # @todo Add to ports
-     - "127.0.0.1:{{http_port}}:9000" 
+     - "127.0.0.1:{{ports.localhost.http[application_id]}}:9000" 
     volumes:
       - assets:/app/client/dist
       - data:/data

roles/docker-peertube/templates/env.j2

@@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
 PEERTUBE_DB_HOSTNAME={{database_host}}
 
 # PeerTube server configuration
-PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
+PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
 
 PEERTUBE_SECRET={{peertube_secret}}

roles/docker-peertube/templates/peertube.conf.j2

@@ -1,5 +1,5 @@
 server {
-  server_name {{domain}};
+  server_name {{domains[application_id]}};
 
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
@@ -21,7 +21,7 @@ server {
     send_timeout          10m;
 
     #adapt
-    proxy_pass http://127.0.0.1:{{http_port}};
+    proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
   }
 
   location / {
@@ -62,7 +62,7 @@ server {
     proxy_set_header   Upgrade         $http_upgrade;
     proxy_set_header   Connection      "upgrade";
 
-    proxy_pass http://127.0.0.1:{{http_port}};
+    proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
   }
 
   location /socket.io {

roles/docker-phpmyadmin/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-compose
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-phpmyadmin/templates/docker-compose.yml.j2

@@ -7,7 +7,7 @@ services:
     container_name: phpmyadmin
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
     healthcheck:

roles/docker-phpmyadmin/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:       "phpmyadmin"
 database_type:        "mariadb"
-database_host:        "{{ 'central-' + database_type if enable_central_database}}"
+database_host:        "{{ 'central-' + database_type if applications[application_id].database.central_storage}}"

roles/docker-pixelfed/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-pixelfed/templates/docker-compose.yml.j2

@@ -11,7 +11,7 @@ services:
       - "data:/var/www/storage"
       - "./env:/var/www/.env"
     ports:
-      - "{{http_port}}:80"
+      - "{{ports.localhost.http[application_id]}}:80"
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
   worker:

roles/docker-pixelfed/templates/env.j2

@@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
-APP_DOMAIN="{{domain}}"
+APP_DOMAIN="{{domains[application_id]}}"
-ADMIN_DOMAIN="{{domain}}"
+ADMIN_DOMAIN="{{domains[application_id]}}"
-SESSION_DOMAIN="{{domain}}"
+SESSION_DOMAIN="{{domains[application_id]}}"
 
 OPEN_REGISTRATION=false
 ENFORCE_EMAIL_VERIFICATION=false

roles/docker-portfolio/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-compose
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "include role docker-repository-setup for {{application_id}}"
   include_role: 

roles/docker-portfolio/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
     image: application-portfolio
     container_name: portfolio
     ports:
-      - 127.0.0.1:{{http_port}}:5000
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
     volumes:
       - {{docker_repository_path}}app:/app
     restart: unless-stopped

roles/docker-roulette-wheel/templates/docker-compose.yml.j2

@@ -4,5 +4,5 @@ services:
         build:
             context: .
         ports:
-        - 127.0.0.1:{{http_port}}:8080
+        - 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
         restart: {{docker_restart_policy}}

roles/docker-snipe_it/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-snipe_it/templates/env.j2

@@ -5,7 +5,7 @@ APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
 # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
 APP_KEY={{applications.snipe_it.app_key}}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='{{timezone}}'
 APP_LOCALE={{locale}}
@@ -27,7 +27,7 @@ DB_DATABASE={{database_name}}
 DB_USERNAME={{database_username}}
 DB_PASSWORD={{database_password}}
 
-{% if not enable_central_database | bool %}
+{% if not applications[application_id].database.central_storage | bool %}
 MYSQL_ROOT_PASSWORD={{database_password}}
 DB_PREFIX=null
 DB_DUMP_PATH='/usr/bin'

roles/docker-snipe_it/vars/main.yml

@@ -1,4 +1,3 @@
 application_id:           "snipe_it"
 database_password:        "{{applications.snipe_it.database_password}}"
-database_type:            "mariadb"
+database_type:            "mariadb"
-# enable_central_database:  false For debugging reasons here

roles/docker-taiga/tasks/main.yml

@@ -4,8 +4,11 @@
     name: docker-central-database
 
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
+  vars:
+    domain: 	"{{ domains[application_id] }}"
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
 
 - name: "include role docker-repository-setup for {{application_id}}"
   include_role: 

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -79,7 +79,7 @@ services:
   taiga-gateway:
     image: nginx:alpine
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:
       - {{docker_repository_path}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
       - static-data:/taiga/static

roles/docker-taiga/templates/env.j2

@@ -1,6 +1,6 @@
 # Taiga's URLs - Variables to define where Taiga should be served
 TAIGA_SITES_SCHEME  =   https          # serve Taiga using "http" or "https" (secured) connection
-TAIGA_SITES_DOMAIN  =   "{{domain}}"   # Taiga's base URL
+TAIGA_SITES_DOMAIN  =   "{{domains[application_id]}}"   # Taiga's base URL
   
 TAIGA_SUBPATH       =   ""  # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
 WEBSOCKETS_SCHEME   =   wss # events connection protocol (use either "ws" or "wss")

roles/docker-wordpress/tasks/main.yml

@@ -4,13 +4,14 @@
     name: docker-central-database
   
 - name: "include role nginx-domain-setup for {{application_id}}"
-  include_role: 
+  include_role:
     name: nginx-domain-setup
   loop: "{{ domains.wordpress }}"
   loop_control:
     loop_var: domain
   vars:
     nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{wordpress_max_upload_size}};"
+    http_port: 	                                    "{{ ports.localhost.http[application_id] }}"
 
 - name: "Transfering upload.ini to {{docker_compose.directories.instance}}"
   template:

roles/docker-wordpress/templates/docker-compose.yml.j2

@@ -9,7 +9,7 @@ services:
     build:
       context: .
     ports:
-      - "127.0.0.1:{{http_port}}:80"
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
     volumes:
       - data:/var/www/html
     healthcheck: