2025-06-25 19:55:31 +02:00
23 changed files with 131 additions and 477 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -66,15 +66,7 @@ defaults_applications:
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
-    credentials:
+
 #      shared_secret:                                                       # Needs to be defined in inventory file
 #      etherpad_api_key:                                                    # Needs to be defined in inventory file                                             
 #      rails_secret:                                                        # Needs to be defined in inventory file
 #      postgresql_secret:                                                   # Needs to be defined in inventory file   
 #      fsesl_password:                                                      # Needs to be defined in inventory file
 #      turn_secret:                                                         # Needs to be defined in inventory file  
    urls:
      api:                        "https://{{domains.bigbluebutton}}/bigbluebutton/"  # API Address used by Nextcloud Integration
  ## Bluesky
  bluesky:
    users:
@ -205,7 +197,7 @@ defaults_applications:
    import_realm:       True                                                # If True realm will be imported. If false skip.
    database: 
      central_storage:  True                                                # Activate Central Database Storage
-#   database_password:                                                      # Needs to be defined in inventory file
+#   database_password:                                                      # Needs to be defined in inventory file   
 #   administrator_password:                                                 # Needs to be defined in inventory file
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
@ -707,14 +699,12 @@ defaults_applications:
  ## Taiga
  taiga:
-    version:                      "latest"
+    version:           "latest"
    database:
-      central_storage:            True                                      # Activate Central Database Storage
+      central_storage:  True    # Activate Central Database Storage
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
    oidc:
      enabled:                    True                                      # Activate OIDC for Mastodon
  ## YOURLS
  yourls:
@ -726,10 +716,10 @@ defaults_applications:
      enabled:          true
      application:      "application"
      port:             "80"
-      location:         "/admin/"                                           # Protects the admin area
+      location:         "/admin/"                           # Protects the admin area
-#     cookie_secret:    None                                                # Set via openssl rand -hex 16
+#     cookie_secret:    None                                # Set via openssl rand -hex 16
    database:
-      central_storage:  True                                                # Activate Central Database Storage
+      central_storage:  True                                # Activate Central Database Storage
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
--- a/roles/backup-docker-to-local/tasks/main.yml
+++ b/roles/backup-docker-to-local/tasks/main.yml
@ -10,7 +10,7 @@
 - name: Set fact for backup_docker_to_local_folder
  set_fact:
-    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
+    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}"
  when: run_once_backup_docker_to_local is not defined
 - name: configure backup-docker-to-local-everything.cymais.service
--- a/roles/docker-bigbluebutton/Administration.md
+++ b/roles/docker-bigbluebutton/Administration.md
@ -0,0 +1,16 @@
 ## Administration
 ## cleanup
 ```bash
    docker compose down -v
 ```
 ## check container status 
 ```bash
 watch -n 2 "docker compose ps -a"
 ```
 ## database access
 ```bash
 sudo docker-compose exec -it postgres psql -U postgres
 ```
--- a/roles/docker-bigbluebutton/README.md
+++ b/roles/docker-bigbluebutton/README.md
@ -1,47 +1,19 @@
-# Docker BigBlueButton 📡
+# docker bigbluebutton
@TODO Database needs to be decoupled 
-## Description
+Role to deploy [BigBlueButton](https://bigbluebutton.org/). 
-This Ansible role deploys [BigBlueButton](https://bigbluebutton.org/) using Docker Compose. It includes support for Greenlight, OIDC, LDAP, TURN/STUN, health checks, and a modular `.env` setup. This role is ideal for educational institutions and teams requiring a self-hosted video conferencing solution.
+## SSO
 - https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
-> 🔧 **Note**: The database layer should be decoupled in a future release to improve modularity and integration.
+## Other Resources
-
+- https://github.com/bigbluebutton/docker
-## Overview
+- https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials
-
+- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/
-This role provides a fully automated deployment of [BigBlueButton](https://bigbluebutton.org/) using Docker Compose on Arch Linux. It manages the entire lifecycle of the deployment, from cloning the upstream Docker repository and generating the `.env` configuration to customizing `docker-compose.yml` for volume usage, WebSocket proxying, and optional LDAP/OIDC integration.
+- https://github.com/docker/compose/issues/4799
-
+- https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/
-The setup includes conditional Greenlight activation, WebRTC support via TURN/STUN, and various fixes for known container orchestration issues. The role is modular and integrates seamlessly with the CyMaIS infrastructure, including reverse proxy configuration, domain management, and secrets templating.
+- https://www.cyberciti.biz/faq/linux-restart-network-interface/
-
+- https://stackoverflow.com/questions/53347951/docker-network-not-found
-By default, BigBlueButton is deployed with best-practice hardening, modular secrets, and support for multiple authentication methods and scalable storage backends.
+- https://github.com/bigbluebutton/docker/issues/325
-
+- https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
-## Features
+- https://atproto.com/specs/handle#handle-resolution @toto micoservice für dynamische did auflösung implementieren
 - 🐳 **Docker-based** deployment via official [bigbluebutton/docker](https://github.com/bigbluebutton/docker)
 - ✅ **Greenlight** (v3) frontend support
 - 🔐 **SSO with OIDC & LDAP** (optional)
 - 🧱 Automatic `.env` templating and domain/Nginx integration
 - 🛠 Volume patching and Docker Compose customization
 - 📬 SMTP integration and Greenlight admin creation
 - 🧪 Workarounds for known Docker Compose or Etherpad issues
 ## Single Sign-On (SSO)
 - Docs: [External Authentication](https://docs.bigbluebutton.org/greenlight/v3/external-authentication/)
 - Supports:
  - ✅ OpenID Connect (OIDC)
  - ✅ LDAP (with custom DN and filters)
  - 🧩 Custom OAuth2 flows via ENV vars
 ## System Requirements
 - Arch Linux with Docker, Compose, and Nginx roles pre-installed
 - DNS and reverse proxy configuration using `nginx-docker-reverse-proxy`
 - Functional email system for Greenlight SMTP
 ## Important Resources
 - [BigBlueButton Docker Docs](https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials)
 - [Networking Fixes & Issues](https://stackoverflow.com/questions/53347951/docker-network-not-found)
 - [Traefik + Docker Tutorial](https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/)
 - [Etherpad Healthcheck Bug](https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b)
 - [Virtual Interfaces Cleanup](https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/)
--- a/roles/docker-bigbluebutton/Setup.md
+++ b/roles/docker-bigbluebutton/Setup.md
@ -1,6 +0,0 @@
 # Setup
 ## Passwords
 ```bash
 docker run --rm ruby:latest ruby -rsecurerandom -e 'puts SecureRandom.hex(64)'
 ```
--- a/roles/docker-bigbluebutton/handlers/main.yml
+++ b/roles/docker-bigbluebutton/handlers/main.yml
@ -2,35 +2,29 @@
 - name: create docker-compose.yml for bigbluebutton
  command:
    cmd: bash ./scripts/generate-compose
-    chdir: "{{ bbb_repository_directory }}"
+    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
  listen: setup bigbluebutton
- name: Copy docker-compose.yml from origin to final location
+- name: replace postgres bind mount by volume mount
-  ansible.builtin.copy:
+  replace:
-    src:  "{{ docker_compose_file_origine }}"
+    path: "{{docker_compose_file}}"
-    dest: "{{ docker_compose_file_final }}"
+    regexp: '\./postgres-data:/var/lib/postgresql/data'
-    remote_src: yes
+    replace: 'database:/var/lib/postgresql/data'
  listen: setup bigbluebutton
- name: Replace bind mounts by named volume mounts
+- name: replace greenlight bind mount by volume mount
-  ansible.builtin.replace:
+  replace:
-    path: "{{ docker_compose_file_final }}"
+    path: "{{docker_compose_file}}"
-    regexp: "{{ item.regexp }}"
+    regexp: '\./greenlight-data:/usr/src/app/storage'
-    replace: "{{ item.replace }}"
+    replace: 'greenlight:/usr/src/app/storage'
  loop:
    - { regexp: '\./data/postgres:/var/lib/postgresql/data', replace: 'database:/var/lib/postgresql/data' }
    - { regexp: '\./data/bigbluebutton:/var/bigbluebutton', replace: 'bigbluebutton:/var/bigbluebutton' }
    - { regexp: '\./data/freeswitch-meetings:/var/freeswitch/meetings', replace: 'freeswitch:/var/freeswitch/meetings' }
    - { regexp: '\./data/greenlight:/usr/src/app/storage', replace: 'greenlight:/usr/src/app/storage' }
    - { regexp: '\./data/mediasoup:/var/mediasoup', replace: 'mediasoup:/var/mediasoup' }
  listen: setup bigbluebutton
 - name: add volume to redis
  lineinfile:
-    path: "{{ docker_compose_file_final }}"
+    path: "{{ docker_compose_file }}"
    insertafter: "^\\s*redis:"
    line: "    volumes:\n      - redis:/data"
    firstmatch: yes
@ -38,7 +32,7 @@
 - name: add volume to coturn
  lineinfile:
-    path: "{{ docker_compose_file_final }}"
+    path: "{{ docker_compose_file }}"
    insertafter: "- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf"
    line: "      - coturn:/var/lib/coturn"
  listen: setup bigbluebutton
@ -46,54 +40,30 @@
 # Implemented due to etherpad health bug.
 # @todo Remove when health check is working fine
 # @see https://chatgpt.com/c/67a0fc7e-5104-800f-bb6b-3731e2f83b7b
-#- name: "Update docker-compose.yml for Etherpad health check"
+- name: "Update docker-compose.yml for Etherpad health check"
-#  lineinfile: 
+  lineinfile: 
-#    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
+    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://127.0.0.1:9001\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
-#    path: "{{docker_compose_file_final}}"
+    path: "{{docker_compose_file}}"
-#    insertafter: "etherpad:"
+    insertafter: "etherpad:"
-#  listen: setup bigbluebutton
+  listen: setup bigbluebutton
- name: Add volumes block after services in docker compose
+- name: add volumes to docker compose
  blockinfile:
-    path: "{{ docker_compose_file_final }}"
+    path: "{{docker_compose_file}}"
-    block: |
+    block: |2
      volumes:
        database:
        greenlight:
        redis:
        coturn:
        #freeswitch:
        bigbluebutton:
    marker: "# {mark} ANSIBLE MANAGED BLOCK FOR VOLUMES"
-    insertbefore: "^services:"
+    insertafter: "html5-static:"
  listen: setup bigbluebutton
 - name: Replace all './' with '/services/' in docker-compose.yml
  ansible.builtin.replace:
    path:     "{{ docker_compose_file_final }}"
    regexp:   '\./'
    replace:  './services/'
  listen: setup bigbluebutton
 - name: "Update healthcheck for bbb-graphql-server"
  # This is neccessary because the healthcheck doesn't listen to the correct port
  lineinfile: 
    line: "    healthcheck:\n      test: [\"CMD\", \"curl\", \"-f\", \"http://localhost:8085/healthz\"]\n      interval: 30s\n      timeout: 10s\n      retries: 5\n      start_period: 10s"
    path: "{{docker_compose_file_final}}"
    insertafter: "bbb-graphql-server:"
  listen: setup bigbluebutton
 - name: docker compose pull bigbluebutton
  command:
    cmd: "docker-compose pull"
    chdir: "{{ bbb_repository_directory }}"
  listen: setup bigbluebutton
 - name: docker compose up bigbluebutton
  command:
    cmd: "docker-compose -p bigbluebutton up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    # Don't use the --build flag here. This leads to bugs
-    chdir: "{{ docker_compose.directories.instance }}"
+    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
--- a/roles/docker-bigbluebutton/meta/main.yml
+++ b/roles/docker-bigbluebutton/meta/main.yml
@ -1,28 +0,0 @@
 ---
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: "Deploys BigBlueButton with Greenlight and SSO"
  license: "CyMaIS NonCommercial License (CNCL)"
  license_url: "https://s.veen.world/cncl"
  company: |
    Kevin Veen-Birkenbach  
    Consulting & Coaching Solutions  
    https://www.veen.world
  min_ansible_version: "2.9"
  platforms:
    - name: Archlinux
      versions:
        - rolling
  galaxy_tags:
    - docker
    - bigbluebutton
    - conferencing
    - education
    - greenlight
    - sso
    - oidc
    - ldap
    - archlinux
  repository: https://s.veen.world/cymais
  issue_tracker_url: https://s.veen.world/cymaisissues
  documentation: https://s.veen.world/cymais
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@ -3,18 +3,24 @@
  include_role: 
    name: docker-compose
 # Leave this in the code until big blue button was working for a while. 
 # This is necessary due to the reason that big blue button wasn't fully tested after refactoring
 #
 #- name: "include task certbot-and-globals.yml"
 #  include_tasks: certbot-and-globals.yml
 #
 #- name: configure {{domains[application_id]}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
 #    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
 #  notify: restart nginx
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
-
+  vars:
- name: pull docker repository
+    domain: 	"{{ domains[application_id] }}"
-  git:
+    http_port: 	"{{ ports.localhost.http[application_id] }}"
    repo: "https://github.com/bigbluebutton/docker.git"
    dest: "{{ bbb_repository_directory }}"
    update: yes
    recursive: yes
    version: main
  notify: setup bigbluebutton
 - name: configure websocket_upgrade.conf
  copy: 
@ -22,23 +28,20 @@
    dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
  notify: restart nginx
- name: "Remove directory {{ docker_compose.directories.env }}"
+- name: pull docker repository
-  ansible.builtin.file:
+  git:
-    path: "{{ docker_compose.directories.env }}"
+    repo: "https://github.com/bigbluebutton/docker.git"
-    state: absent
+    dest: "{{docker_compose.directories.instance}}"
    update: yes
    recursive: yes
    version: main
  notify: setup bigbluebutton
  ignore_errors: true
 - name: deploy .env
-  template: 
+  template: src=env.j2 dest={{docker_compose.directories.instance}}/.env
    src:  env.j2
    dest: "{{ bbb_env_file_origine }}"
  notify: setup bigbluebutton
 - name: Create symbolic link from .env file to target location
  ansible.builtin.file:
    src:    "{{ bbb_env_file_origine }}"
    dest:   "{{ bbb_env_file_link }}"
    state:  link
 - name: flush docker service
  meta: flush_handlers
@ -50,7 +53,7 @@
 - name: create admin
  command:
    cmd: docker compose exec greenlight bundle exec rake admin:create
-    chdir: "{{ docker_compose.directories.instance }}"
+    chdir: "{{docker_compose.directories.instance}}"
  when: applications.bigbluebutton.setup | bool
  ignore_errors: true
  register: admin_creation_result
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@ -28,11 +28,11 @@ RECORDING_MAX_AGE_DAYS=365
 # SECRETS
 # ====================================
 # important! change these to any random values
-SHARED_SECRET={{applications.bigbluebutton.shared_secret}}
+SHARED_SECRET={{bigbluebutton_shared_secret}}
-ETHERPAD_API_KEY={{applications.bigbluebutton.etherpad_api_key}}
+ETHERPAD_API_KEY={{bigbluebutton_etherpad_api_key}}
-RAILS_SECRET={{applications.bigbluebutton.rails_secret}}
+RAILS_SECRET={{bigbluebutton_rails_secret}}
-POSTGRESQL_SECRET={{applications.bigbluebutton.postgresql_secret}}
+POSTGRESQL_SECRET={{bigbluebutton_postgresql_secret}}
-FSESL_PASSWORD={{applications.bigbluebutton.fsesl_password}}
+FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
@ -54,7 +54,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
 # TURN SERVER
 # uncomment and adjust following two lines to add an external TURN server
 TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
-TURN_SECRET={{applications.bigbluebutton.turn_secret}}
+TURN_SECRET={{bigbluebutton_turn_secret}}
 # Allowed SIP IPs
 # due to high traffic caused by bots, by default the SIP port is blocked.
--- a/roles/docker-bigbluebutton/vars/main.yml
+++ b/roles/docker-bigbluebutton/vars/main.yml
@ -1,12 +1,6 @@
-application_id:               "bigbluebutton"
+application_id:       "bigbluebutton"
-bbb_repository_directory:     "{{ docker_compose.directories.services }}"
+docker_compose_file:  "{{docker_compose.directories.instance}}docker-compose.yml"
-docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
+database_instance:    "bigbluebutton"
-docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
+database_name:        "greenlight-v3"
-database_instance:            "bigbluebutton"
+database_username:    "postgres"
-database_name:                "greenlight-v3"
+database_password:    "{{bigbluebutton_postgresql_secret}}"
 database_username:            "postgres"
 database_password:            "{{applications.bigbluebutton.postgresql_secret}}"
 domain: 	                    "{{ domains[application_id] }}"
 http_port: 	                  "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    
 bbb_env_file_origine:         "{{ bbb_repository_directory }}.env"
--- a/roles/docker-compose/Administration.md
+++ b/roles/docker-compose/Administration.md
@ -1,13 +0,0 @@
 # Docker Compose
 ## Delete all containers, networks and volumes
 ```bash
 docker compose down -v
 ```
 ## Show the state of all containers
 ```bash
 watch -n 2 "docker compose ps -a"
 ```
--- a/roles/docker-compose/Debug.md
+++ b/roles/docker-compose/Debug.md
@ -1,14 +0,0 @@
    # Debug
    ## Bind for 127.0.0.1:XXXX failed: port is already allocated
    If their are port allocated messages ``Bind for 127.0.0.1:XXXX failed: port is already allocated"`` execute the following command:
    ```bash
    find /opt/docker -maxdepth 1 -type d -exec bash -c '[ -f "{}/docker-compose.yml" ] && echo "Stopping: {}" && docker compose -f "{}/docker-compose.yml" down' \; &
    systemctl restart docker
    find /opt/docker -maxdepth 1 -type d -exec bash -c '[ -f "{}/docker-compose.yml" ] && echo "Starting: {}" && docker compose -f "{}/docker-compose.yml" up -d' \; &
    ```
    Then try to run the ansible script again.
--- a/roles/docker-compose/README.md
+++ b/roles/docker-compose/README.md
@ -1,35 +0,0 @@
 # Docker Compose 🧱
 ## Description
 This Ansible role manages Docker Compose project structures and workflows for applications on Arch Linux. It creates dedicated instance directories, manages `.env` and `docker-compose.yml` files, and provides automation logic for project reset, rebuild, and startup sequences.
 Refer to the [Docker Compose documentation](https://docs.docker.com/compose/), the [Arch Wiki – Docker](https://wiki.archlinux.org/title/Docker), and [Compose CLI reference](https://docs.docker.com/compose/cli-command/) for more details.
 ## Overview
 This role creates a flexible directory layout for managing Docker Compose projects across environments. It ensures directories are initialized, optionally reset, and kept clean using internal flags like `mode_reset` or `mode_cleanup`.
 ## Purpose
 To offer a centralized, extensible system for managing containerized applications using Docker Compose within the CyMaIS architecture. The role allows easy integration of services, secrets, configurations, and custom behaviors per application.
 ## Features
 - **Dynamic Directory Structure:** Creates per-application instance folders for Compose setups.
 - **Reset Logic:** Cleans previous Compose project files and data when `mode_reset` is enabled.
 - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers.
 - **Template-ready Service Files:** Predefined service base and health check templates.
 - **Integration Support:** Compatible with `nginx-docker-reverse-proxy` and other CyMaIS service roles.
 ## Administration Tips
 For administration tips checkout [this](Administration.md).
 ## Credits 📝
 Developed and maintained by **Kevin Veen-Birkenbach**  
 Learn more at [www.veen.world](https://www.veen.world)
 Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
 License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/docker-compose/meta/main.yml
+++ b/roles/docker-compose/meta/main.yml
@ -1,28 +1,2 @@
 ---
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: "Manages Docker Compose project structure and execution logic on Arch Linux."
  license: "CyMaIS NonCommercial License (CNCL)"
  license_url: "https://s.veen.world/cncl"
  company: |
    Kevin Veen-Birkenbach  
    Consulting & Coaching Solutions  
    https://www.veen.world
  min_ansible_version: "2.9"
  platforms:
    - name: Archlinux
      versions:
        - rolling
  galaxy_tags:
    - docker
    - compose
    - container
    - infrastructure
    - devops
    - automation
    - archlinux
  repository: https://s.veen.world/cymais
  issue_tracker_url: https://s.veen.world/cymaisissues
  documentation: https://s.veen.world/cymais
 dependencies:
-  - nginx-docker-reverse-proxy
+- nginx-docker-reverse-proxy
--- a/roles/docker-nextcloud/vars/plugins/bbb.yml
+++ b/roles/docker-nextcloud/vars/plugins/bbb.yml
@ -1,7 +0,0 @@
 plugin_configuration:
  - appid:        "bbb"
    configkey:    "api.secret"
    configvalue:  "{{ applications.bigbluebutton.credentials.shared_secret }}"
  - appid:        "bbb"
    configkey:    "api.url"
    configvalue:  "{{ applications.bigbluebutton.urls.api }}"
--- a/roles/docker-postgres/Administration.md
+++ b/roles/docker-postgres/Administration.md
@ -1,5 +1,3 @@
 # Administration
 ## Root Access
 To access the database via the root account execute the following on the server:
 ```bash
--- a/roles/docker-postgres/Upgrade.md
+++ b/roles/docker-postgres/Upgrade.md
@ -1,92 +0,0 @@
 # PostgreSQL Docker Upgrade: Major Version Migration
 This guide explains how to safely upgrade a PostgreSQL Docker container from one major version to another (e.g., version 12 to 16) using a **dump and restore** method. This is the recommended approach in Docker environments.
 ---
 ## ⚠️ Important
 PostgreSQL data directories are **not compatible across major versions**. You cannot just point a newer version to the old data volume. You must export and re-import your data.
 ---
 ## 💾 Step 1: Start a temporary container with your current PostgreSQL version
 Replace `<old-version>` with your current PostgreSQL version (e.g., `12`).
 ```bash
 docker run --rm -d \
  --name pg-old \
  -v pgdata:/var/lib/postgresql/data \
  postgres:<old-version>
 ```
 This container mounts your old data volume and runs the matching PostgreSQL version.
 ---
 ## ⬇️ Step 2: Dump all databases
 ```bash
 docker exec pg-old pg_dumpall -U postgres > backup.sql
 ```
 Stop the old container:
 ```bash
 docker stop pg-old
 ```
 ---
 ## 💥 Step 3: Remove the old data volume
 ```bash
 docker volume rm pgdata
 ```
 ⚠️ This will permanently delete your old PostgreSQL data files. Make sure you have a successful backup (`backup.sql`) before running this!
 ---
 ## 📦 Step 4: Start a new container with your target PostgreSQL version
 Replace `<new-version>` with the version you want to upgrade to (e.g., `16`).
 ```bash
 docker run --rm -d \
  --name pg-new \
  -v pgdata:/var/lib/postgresql/data \
  -e POSTGRES_PASSWORD=secret \
  postgres:<new-version>
 ```
 This creates a clean PostgreSQL instance with a fresh data directory.
 ---
 ## ⬆️ Step 5: Restore your data
 ```bash
 cat backup.sql | docker exec -i pg-new psql -U postgres
 ```
 This restores all roles, databases, and data into your new PostgreSQL instance.
 ---
 ## ✅ Done!
 You now have the target PostgreSQL version running with your old data successfully restored.
 ---
 ## 📝 Tips
 - Always test this procedure in a staging environment before running it in production.
 - You can automate this with Ansible or a custom script.
 - For large databases, consider using `pg_dump` per database and `pg_restore` with parallel jobs.
 ---
 ## 🔗 References
 - [PostgreSQL Backup Documentation](https://www.postgresql.org/docs/current/backup-dump.html)
 - [PostgreSQL Docker Image](https://hub.docker.com/_/postgres)
--- a/roles/docker-taiga/README.md
+++ b/roles/docker-taiga/README.md
@ -1,52 +1,31 @@
-# Docker Taiga 🐳📋
+# Docker Taiga Role 🐳📋
-## Description
+This Ansible role sets up and configures a Taiga project management platform using Docker. It includes tasks for setting up the database, Nginx proxy, and updating the repository with necessary files.
-[Taiga](https://www.taiga.io/) is a powerful and intuitive open-source project management platform tailored for agile teams. Whether you're practicing Scrum, Kanban, or a custom hybrid workflow, Taiga offers a rich, customizable environment to plan, track, and collaborate on your projects — without the complexity of enterprise tools or the vendor lock-in of SaaS platforms.
+## Tasks
-This Ansible role deploys Taiga in a Docker-based environment, allowing fast, reproducible, and secure installations. It also optionally integrates [OpenID Connect (OIDC)](https://openid.net/connect/) for single sign-on via providers like Keycloak.
+The main tasks included in this role are:
---
+- Setting up the database.
 - Configuring Nginx as a proxy.
 - Updating the repository with necessary files.
-## Why Taiga?
+## Variables
-Taiga is ideal for developers, designers, and agile teams who want:
+Key variables used in this role include the Docker Compose project name, database type and password, and the repository address.
- ✅ **Beautiful UI:** Clean, modern, and responsive interface.
+## Templates
 - 📌 **Agile Workflows:** Supports Scrum, Kanban, Scrumban, and Epics.
 - 🗃️ **Backlog & Sprint Management:** Create user stories, tasks, and sprints with ease.
 - 📈 **Burn-down Charts & Metrics:** Monitor velocity and progress.
 - 🔄 **Custom Workflows:** Define your own states, priorities, and permissions.
 - 📎 **Attachments & Wiki:** Collaborate with file uploads and internal documentation.
 - 🔐 **SSO/Authentication Plugins:** OpenID Connect, LDAP, GitHub, GitLab and more.
 - 🌍 **Multilingual UI:** Used by teams worldwide.
---
+The role includes several Jinja2 templates to configure the environment and Docker Compose setup, including:
-## Purpose
+- **docker-compose-inits.yml.j2**
-
+- **.env.j2**
-This role automates the deployment and configuration of a complete, production-ready Taiga stack using Docker Compose. It ensures integration with common infrastructure tools such as Nginx, PostgreSQL, and RabbitMQ, while optionally enabling OpenID Connect authentication for enterprise-grade SSO.
+- **docker-compose.yml.j2**
 By using this role, teams can set up Taiga in minutes on Arch Linux systems — whether in a homelab, dev environment, or production cluster.
 ---
 ## Features
 - 🐳 **Docker-Based Deployment:** Easy containerized setup of backend, frontend, async workers, and events service.
 - 🛡️ **OIDC Support:** Seamless login integration with providers like Keycloak when `applications[application_id].oidc.enabled` is `true`.
 - 📨 **Email Backend:** Supports SMTP and console backends for development.
 - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system.
 - 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `nginx-domain-setup` role.
 - 🧩 **Composable Design:** Integrates cleanly with other CyMaIS infrastructure roles.
 ---
 ## Author
-Developed and maintained by **Kevin Veen-Birkenbach**  
+This role was created by Kevin Veen-Birkenbach. You can reach him at [kevin@veen.world](mailto:kevin@veen.world). Visit his website at [veen.world](https://www.veen.world/).
 Email: [kevin@veen.world](mailto:kevin@veen.world)  
 Website: [veen.world](https://www.veen.world)
-Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+## Note
-License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
+
 This README was created with the assistance of ChatGPT. [Link to conversation](https://chatgpt.com/share/fee718ab-cfe1-46f3-b97f-8f8c896ffd11).
--- a/roles/docker-taiga/meta/main.yml
+++ b/roles/docker-taiga/meta/main.yml
@ -1,26 +0,0 @@
 ---
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: "Deploy and configure the Taiga project management platform, with OpenID Connect support."
  license: "CyMaIS NonCommercial License (CNCL)"
  license_url: "https://s.veen.world/cncl"
  company: | 
    Kevin Veen-Birkenbach
    Consulting & Coaching Solutions
    https://www.veen.world
  min_ansible_version: "2.9"
  platforms:
    - name: Archlinux
      versions:
        - rolling
  galaxy_tags:
    - taiga
    - docker
    - project-management
    - oidc
    - openid
    - archlinux
    - cymais
  repository: https://s.veen.world/cymais
  issue_tracker_url: https://s.veen.world/cymaisissues
  documentation: https://s.veen.world/cymais
--- a/roles/docker-taiga/templates/docker-compose.yml.j2
+++ b/roles/docker-taiga/templates/docker-compose.yml.j2
@ -2,7 +2,7 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  taiga-back:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    image: {{taiga_image_backend}}:{{applications.taiga.version}}
+    image: taigaio/taiga-back:{{applications.taiga.version}}
    volumes:
      # These volumens will be used by taiga-back and taiga-async.
      - static-data:/taiga-back/static
@ -18,7 +18,7 @@ services:
  taiga-async:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    image: {{taiga_image_backend}}:{{applications.taiga.version}}
+    image: taigaio/taiga-back:latest
    entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
    volumes:
      # These volumens will be used by taiga-back and taiga-async.
@ -43,7 +43,7 @@ services:
      taiga:
  taiga-front:
-    image: {{taiga_image_frontend}}:{{applications.taiga.version}}
+    image: taigaio/taiga-front:latest
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@ -46,22 +46,3 @@ MAX_AGE             =   360
 # Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
 ENABLE_TELEMETRY    =   True
 {% if applications[application_id].oidc.enabled %}
 # OICD 
 # @See https://github.com/robrotheram/taiga-contrib-openid-auth
 ENABLE_OPENID="True"
 OPENID_URL="{{oidc.client.authorize_url}}"
 OPENID_USER_URL="{{oidc.client.user_info_url}}"
 OPENID_TOKEN_URL="{{oidc.client.torken_url}}"
 OPENID_CLIENT_ID="{{oidc.client.id}}"
 OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
 OPENID_NAME="SSO"
 # Default Values
 #
 # OPENID_ID_FIELD="sub"
 # OPENID_USERNAME_FIELD="preferred_username"
 # OPENID_FULLNAME_FIELD="name"
 # OPENID_EMAIL_FIELD="email"
 # OPENID_SCOPE="openid email"
 {% endif %}
--- a/roles/docker-taiga/vars/main.yml
+++ b/roles/docker-taiga/vars/main.yml
@ -1,8 +1,6 @@
-application_id:             "taiga"
+application_id:              "taiga"
-database_type:              "postgres"
+database_type:               "postgres"
-database_password:          "{{taiga_database_password}}"
+database_password:           "{{taiga_database_password}}"
-docker_repository_address:  "https://github.com/taigaio/taiga-docker"
+docker_repository_address:   "https://github.com/taigaio/taiga-docker"
-email_backend:              "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
+email_backend:               "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
-docker_compose_init:        "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
+docker_compose_init:         "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
 taiga_image_backend:        "{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-back' }}"
 taiga_image_frontend:       "{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled else 'taigaio/taiga-front' }}"
--- a/roles/gcc/meta/main.yml
+++ b/roles/gcc/meta/main.yml
@ -1,7 +1,7 @@
 ---
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
-  description: "Installs the GNU Compiler Collection (GCC)."
+  description: "Installs the GNU Compiler Collection (GCC)"
  license: "CyMaIS NonCommercial License (CNCL)"
  license_url: "https://s.veen.world/cncl"
  company: |