Optimized listmonk, wordpress and activity pub for wordpress

roles/docker-bigbluebutton/vars/main.yml

@@ -2,10 +2,13 @@ application_id:               "bigbluebutton"
 bbb_repository_directory:     "{{ docker_compose.directories.services }}"
 docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
 docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
+
+# Database configuration
 database_instance:            "bigbluebutton"
-database_name:                "" # Database name is empty, because bb uses multiple databases
+database_name:                "multiple_databases"
 database_username:            "postgres"
 database_password:            "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
+
 domain: 	                    "{{ domains[application_id] }}"
 http_port: 	                  "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -50,6 +50,10 @@ env:
   ## on initial signup example 'user1@example.com,user2@example.com'
   DISCOURSE_DEVELOPER_EMAILS:       {{users.administrator.email}}
 
+  # Set Logo
+  DISCOURSE_LOGO_URL:       "{{service_provider.platform.logo}}"
+  DISCOURSE_LOGO_SMALL_URL: "{{service_provider.platform.logo}}"
+
   # SMTP ADDRESS, username, and password are required
   # WARNING the char '#' in SMTP password can cause problems!
   DISCOURSE_SMTP_ADDRESS:           {{ system_email.host }}

roles/docker-listmonk/tasks/main.yml

@@ -19,21 +19,17 @@
     domain: 	"{{ domains[application_id] }}"
     http_port: 	"{{ ports.localhost.http[application_id] }}"
 
-- name: "copy docker-compose.yml and env file"
-  include_tasks: copy-docker-compose-and-env.yml
-
 - name: add config.toml
   template: 
     src:  "config.toml.j2" 
     dest: "{{docker_compose.directories.config}}config.toml"
   notify: docker compose project setup
 
-- name: flush docker service
-  meta: flush_handlers
-  when: applications.listmonk.setup |bool 
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml
 
 - name: setup routine for listmonk
   command:
     cmd:   docker compose run -T --rm application sh -c "yes | ./listmonk --install"
     chdir: "{{docker_compose.directories.instance}}"
-  when: applications.listmonk.setup |bool 
+  ignore_errors: true # Ignore errors if already setup

roles/docker-listmonk/templates/config.toml.j2

@@ -5,14 +5,6 @@
 # port, use port 80 (this will require running with elevated permissions).
 address = "0.0.0.0:9000"
 
-# BasicAuth authentication for the admin dashboard. This will eventually
-# be replaced with a better multi-user, role-based authentication system.
-# IMPORTANT: Leave both values empty to disable authentication on admin
-# only where an external authentication is already setup.
-# admin_username = "{{applications.listmonk.users.administrator.username}}"
-# admin_password = "{{listmonk_admin_password}}"
-# Deactivated for newer versions
-
 # Database.
 [db]
 host = "{{database_host}}"

roles/docker-listmonk/templates/env.j2

@@ -2,8 +2,8 @@ TZ=Etc/UTC
 
 # Administrator setup
 
-LISTMONK_ADMIN_USER={{users.administrator.username}}
-LISTMONK_ADMIN_PASSWORD={{users.administrator.password}}
+LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
+LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
 
 {% if applications[application_id].features.oidc | bool %}
 ################################### 

roles/docker-listmonk/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "listmonk"
-database_password:  "{{listmonk_database_password}}"
+database_password:  "{{applications[application_id].credentials.database.password}}"
 database_type:      "postgres"

roles/docker-mailu/vars/main.yml

@@ -1,6 +1,9 @@
 application_id:               "mailu"
+
+# Database Configuration
 database_password:  	        "{{applications.mailu.credentials.database.password}}"
 database_type:                "mariadb"
+
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false
 

roles/docker-mastodon/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{applications.mastodon.credentials.database.password}}"
+database_password:  "{{applications[application_id].credentials.database.password}}"
 database_type:      "postgres"

roles/docker-presentation/templates/env.j2

@@ -0,0 +1 @@
+FLASK_DEBUG={{ enable_debug }}

roles/docker-wordpress/tasks/discourse/README.md

@@ -1,4 +0,0 @@
-# Wordpress with Discourse Support
-
-This folder contains the files to setup Discourse support for Wordpress.
-IT's realized with the [WP Discourse Plugin](https://de.wordpress.org/plugins/wp-discourse/)

roles/docker-wordpress/tasks/discourse/generate-api-key.yml

@@ -1,38 +0,0 @@
----
-- name: Add /var/www/discourse to Git safe.directory
-  command: >
-    docker exec {{ applications.discourse.container }} \
-      git config --global --add safe.directory /var/www/discourse
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  changed_when: false
-
-- name: Revoke old WP Discourse API keys via Rails
-  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
-      cd /var/www/discourse && \
-      script/rails runner \"\
-        ApiKey.where(\
-          user_id: User.find_by_username('system').id,\
-          description: 'WP Discourse Integration',\
-          revoked_at: nil\
-        ).update_all(revoked_at: Time.current)\
-      \""
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  changed_when: false
-  failed_when: false
-
-- name: Generate new WP Discourse API key via Rake task
-  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
-      cd /var/www/discourse && \
-      bin/rake api_key:create_master['WP Discourse Integration']\
-    "
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  register: discourse_generated_api_key
-
-- name: Store the new WP Discourse API key in a fact
-  set_fact:
-    vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"

roles/docker-wordpress/tasks/discourse/install.yml

@@ -1,30 +0,0 @@
----
-- name: "Include docker-discourse"
-  include_role:
-    name: docker-discourse
-
-- name: "Generate Discourse API Key when WP Discourse is enabled"
-  include_tasks: generate-api-key.yml
-
-# Load after api key generation, so that it can be used
-- name: "Include WP Discourse vars"
-  include_vars:
-    file: "{{ role_path }}/vars/discourse.yml"
-    name: discourse_settings
-
-- name: "Install WP Discourse plugin"
-  command: >
-    docker-compose exec -u www-data -T application
-    wp plugin install wp-discourse --activate
-    --path={{ wordpress_docker_html_path }}
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
-- name: "Configure WP Discourse settings"
-  vars:
-    discourse_settings_json_b64: "{{ discourse_settings | to_json | b64encode }}"
-  command: >
-    docker-compose exec -u www-data -T application bash -lc
-    "wp eval \"update_option('wp_discourse_options', json_decode(base64_decode('{{ discourse_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"

roles/docker-wordpress/tasks/main.yml

@@ -37,10 +37,15 @@
 - name: "Install wordpress"
   include_tasks: install.yml
 
-- name: "Activating OIDC when enabled."
-  include_tasks: oidc/install.yml
-  when: applications[application_id].features.oidc | bool
-
-- name: "Activating WP Discourse when enabled"
-  include_tasks: discourse/install.yml
-  when: applications[application_id].plugins.discourse | bool
+- name: "Install and activate WordPress plugins from application config"
+  block:
+    - name: "Iterate through WordPress plugins"
+      include_tasks: plugin.yml
+      loop: "{{ applications[application_id].plugins | dict2items }}"
+      loop_control:
+        label: "{{ item.key }}"
+      vars:
+        plugin_name: "{{ item.key }}"
+        plugin_enabled: "{{ item.value.enabled | bool }}"
+        plugin_task_path: "{{ role_path }}/tasks/plugins/{{ plugin_name }}/install.yml"
+      when: plugin_enabled

roles/docker-wordpress/tasks/oidc/README.md

@@ -1,2 +0,0 @@
-# Wordpress with OIDC
-This folder contains the files to setup Wordpress with OIDC.

roles/docker-wordpress/tasks/oidc/install.yml

@@ -1,26 +0,0 @@
----
-- name: "Install OpenID Connect Generic Plugin via WP CLI"
-  command: >
-    docker-compose exec -u www-data -T application
-      wp plugin install daggerhart-openid-connect-generic
-      --path={{ wordpress_docker_html_path }}
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
-- name: Wait for Discourse API
-  wait_for:
-    host: "{{ domains.discourse }}"
-    port: 80
-    delay: 5
-    timeout: 600
-
-- name: "Activate OpenID Connect Generic Plugin"
-  command: >
-    docker-compose exec -u www-data -T application
-      wp plugin activate daggerhart-openid-connect-generic
-      --path={{ wordpress_docker_html_path }}
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
-- name: "Setup OIDC settings"
-  include_tasks: "settings.yml"

roles/docker-wordpress/tasks/plugin.yml

@@ -0,0 +1,18 @@
+---
+- name: "Check if plugin has a dedicated install task"
+  stat:
+    path: "{{ plugin_task_path }}"
+  register: plugin_task_file
+
+- name: "Include plugin-specific install task if it exists"
+  include_tasks: "{{ plugin_task_path }}"
+  when: plugin_task_file.stat.exists
+
+- name: "Install and activate WordPress plugin via WP CLI"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin install {{ plugin_name }} --activate
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  when: not plugin_task_file.stat.exists

roles/docker-wordpress/tasks/plugins/README.md

@@ -0,0 +1,15 @@
+# WordPress Plugins
+
+This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms:
+
+## 🔐 OpenID Connect Generic Client  
+Enables secure login via OpenID Connect (OIDC).  
+Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/)
+
+## 💬 WP Discourse  
+Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO).  
+Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/)
+
+## 🌍 ActivityPub  
+Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica.  
+Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/)

roles/docker-wordpress/tasks/plugins/wp-discourse.yml

@@ -0,0 +1,94 @@
+---
+- name: "Include docker-discourse"
+  include_role:
+    name: docker-discourse
+
+- name: Wait for Discourse API
+  wait_for:
+    host: "{{ domains.discourse }}"
+    port: 80
+    delay: 5
+    timeout: 600
+
+- name: Add /var/www/discourse to Git safe.directory
+  command: >
+    docker exec {{ applications.discourse.container }} \
+      git config --global --add safe.directory /var/www/discourse
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+
+- name: Revoke old WP Discourse API keys via Rails
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      script/rails runner \"\
+        ApiKey.where(\
+          user_id: User.find_by_username('system').id,\
+          description: 'WP Discourse Integration',\
+          revoked_at: nil\
+        ).update_all(revoked_at: Time.current)\
+      \""
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+  failed_when: false
+
+- name: Generate new WP Discourse API key via Rake task
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      bin/rake api_key:create_master['WP Discourse Integration']\
+    "
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: discourse_generated_api_key
+
+- name: Store the new WP Discourse API key in a fact
+  set_fact:
+    vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"
+
+- name: "Load WP Discourse settings"
+  include_vars:
+    file: "{{ role_path }}/vars/discourse.yml"
+
+- name: "Install WP Discourse plugin"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin install wp-discourse --activate
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+
+- name: "Configure WP Discourse settings"
+  loop: "{{ discourse_settings | map(attribute='name') | unique | list }}"
+  loop_control:
+    label: "{{ item }}"
+  vars:
+    option_name: "{{ item }}"
+
+    option_items: >-
+      {{ discourse_settings
+         | selectattr('name', 'equalto', option_name)
+         | list
+      }}
+
+    option_kv: >-
+      {{ dict(
+           option_items | map(attribute='key')
+           | zip(option_items | map(attribute='value'))
+         ) }}
+
+    option_json_b64: "{{ option_kv | to_json | b64encode }}"
+
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+      "wp eval \"update_option(
+         '{{ option_name }}',
+         json_decode(
+           base64_decode('{{ option_json_b64 }}'),
+           true
+         )
+       );\" --path={{ wordpress_docker_html_path }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"

roles/docker-wordpress/vars/discourse.yml

@@ -1,9 +1,245 @@
 # Defines WP Discourse plugin settings
 # @see https://github.com/discourse/wp-discourse
 
+# roles/docker-wordpress/vars/discourse.yml
+# Defines WP Discourse plugin settings (exported from your current wp_options dump)
+
 discourse_settings:
-  publish_discourse_posts:  true
-  discourse_url:           "https://{{ domains.discourse }}"
-  discourse_api_key:       "{{ vault_discourse_api_key }}" 
-  discourse_username:      "system"
-  discourse_use_sso:       false
+  #- name: wpdc_discourse_domain
+  #  key: wpdc_discourse_domain
+  #  value: ""
+
+  - name: discourse_connect
+    key: url
+    value: "https://{{ domains.discourse }}"
+  - name: discourse_connect
+    key: api-key
+    value: "{{ vault_discourse_api_key }}"
+  - name: discourse_connect
+    key: publish-username
+    value: "system"
+
+  #- name: discourse_publish
+  #  key: display-subcategories
+  #  value: false
+  #- name: discourse_publish
+  #  key: publish-category
+  #  value: false
+  #- name: discourse_publish
+  #  key: publish-category-update
+  #  value: false
+  #- name: discourse_publish
+  #  key: full-post-content
+  #  value: false
+  #- name: discourse_publish
+  #  key: allow-tags
+  #  value: false
+  #- name: discourse_publish
+  #  key: max-tags
+  #  value: 5
+  #- name: discourse_publish
+  #  key: publish-as-unlisted
+  #  value: false
+  #- name: discourse_publish
+  #  key: custom-excerpt-length
+  #  value: 55
+  #- name: discourse_publish
+  #  key: add-featured-link
+  #  value: false
+  #- name: discourse_publish
+  #  key: auto-publish
+  #  value: false
+  #- name: discourse_publish
+  #  key: force-publish
+  #  value: false
+  #- name: discourse_publish
+  #  key: force-publish-max-age
+  #  value: 0
+  #- name: discourse_publish
+  #  key: publish-failure-notice
+  #  value: true
+  #- name: discourse_publish
+  #  key: publish-failure-email
+  #  value: "{{ users.administrator.email }}"
+  #- name: discourse_publish
+  #  key: auto-track
+  #  value: true
+  #- name: discourse_publish
+  #  key: allowed_post_types
+  #  value:
+  #    - post
+  #- name: discourse_publish
+  #  key: hide-discourse-name-field
+  #  value: false
+  #- name: discourse_publish
+  #  key: discourse-username-editable
+  #  value: false
+#
+  #- name: discourse_comment
+  #  key: enable-discourse-comments
+  #  value: false
+  #- name: discourse_comment
+  #  key: comment-type
+  #  value: "display-comments"
+  #- name: discourse_comment
+  #  key: ajax-load
+  #  value: false
+  #- name: discourse_comment
+  #  key: cache-html
+  #  value: false
+  #- name: discourse_comment
+  #  key: clear-cached-comment-html
+  #  value: false
+  #- name: discourse_comment
+  #  key: discourse-new-tab
+  #  value: false
+  #- name: discourse_comment
+  #  key: comment-sync-period
+  #  value: 10
+  #- name: discourse_comment
+  #  key: hide-wordpress-comments
+  #  value: false
+  #- name: discourse_comment
+  #  key: show-existing-comments
+  #  value: false
+  #- name: discourse_comment
+  #  key: existing-comments-heading
+  #  value: ""
+  #- name: discourse_comment
+  #  key: max-comments
+  #  value: 5
+  #- name: discourse_comment
+  #  key: min-replies
+  #  value: 1
+  #- name: discourse_comment
+  #  key: min-score
+  #  value: 0
+  #- name: discourse_comment
+  #  key: min-trust-level
+  #  value: 1
+  #- name: discourse_comment
+  #  key: bypass-trust-level-score
+  #  value: 50
+  #- name: discourse_comment
+  #  key: custom-datetime-format
+  #  value: ""
+  #- name: discourse_comment
+  #  key: only-show-moderator-liked
+  #  value: false
+  #- name: discourse_comment
+  #  key: load-comment-css
+  #  value: false
+#
+  #- name: discourse_configurable_text
+  #  key: discourse-link-text
+  #  value: ""
+  #- name: discourse_configurable_text
+  #  key: start-discussion-text
+  #  value: "Start the discussion at"
+  #- name: discourse_configurable_text
+  #  key: continue-discussion-text
+  #  value: "Continue the discussion at"
+  #- name: discourse_configurable_text
+  #  key: join-discussion-text
+  #  value: "Join the discussion at"
+  #- name: discourse_configurable_text
+  #  key: comments-singular-text
+  #  value: "Comment"
+  #- name: discourse_configurable_text
+  #  key: comments-plural-text
+  #  value: "Comments"
+  #- name: discourse_configurable_text
+  #  key: no-comments-text
+  #  value: "Join the Discussion"
+  #- name: discourse_configurable_text
+  #  key: notable-replies-text
+  #  value: "Notable Replies"
+  #- name: discourse_configurable_text
+  #  key: comments-not-available-text
+  #  value: "Comments are not currently available for this post."
+  #- name: discourse_configurable_text
+  #  key: participants-text
+  #  value: "Participants"
+  #- name: discourse_configurable_text
+  #  key: published-at-text
+  #  value: "Originally published at:"
+  #- name: discourse_configurable_text
+  #  key: single-reply-text
+  #  value: "Reply"
+  #- name: discourse_configurable_text
+  #  key: many-replies-text
+  #  value: "Replies"
+  #- name: discourse_configurable_text
+  #  key: more-replies-more-text
+  #  value: "more"
+  #- name: discourse_configurable_text
+  #  key: external-login-text
+  #  value: "Log in with Discourse"
+  #- name: discourse_configurable_text
+  #  key: link-to-discourse-text
+  #  value: "Link your account to Discourse"
+  #- name: discourse_configurable_text
+  #  key: linked-to-discourse-text
+  #  value: "Your account is linked with Discourse!"
+#
+  #- name: discourse_webhook
+  #  key: use-discourse-webhook
+  #  value: false
+  #- name: discourse_webhook
+  #  key: webhook-secret
+  #  value: ""
+  #- name: discourse_webhook
+  #  key: webhook-match-old-topics
+  #  value: false
+  #- name: discourse_webhook
+  #  key: use-discourse-user-webhook
+  #  value: false
+  #- name: discourse_webhook
+  #  key: webhook-match-user-email
+  #  value: false
+#
+  #- name: discourse_sso_common
+  #  key: sso-secret
+  #  value: ""
+#
+  #- name: discourse_sso_provider
+  #  key: enable-sso
+  #  value: false
+  #- name: discourse_sso_provider
+  #  key: auto-create-sso-user
+  #  value: false
+  #- name: discourse_sso_provider
+  #  key: login-path
+  #  value: ""
+  #- name: discourse_sso_provider
+  #  key: real-name-as-discourse-name
+  #  value: false
+  #- name: discourse_sso_provider
+  #  key: force-avatar-update
+  #  value: false
+  #- name: discourse_sso_provider
+  #  key: redirect-without-login
+  #  value: false
+#
+  #- name: discourse_sso_client
+  #  key: sso-client-enabled
+  #  value: false
+  #- name: discourse_sso_client
+  #  key: sso-client-login-form-change
+  #  value: false
+  #- name: discourse_sso_client
+  #  key: sso-client-login-form-redirect
+  #  value: ""
+  #- name: discourse_sso_client
+  #  key: sso-client-sync-by-email
+  #  value: false
+  #- name: discourse_sso_client
+  #  key: sso-client-disable-create-user
+  #  value: false
+  #- name: discourse_sso_client
+  #  key: sso-client-sync-logout
+  #  value: false
+#
+  - name: discourse_logs
+    key: logs-enabled
+    value: "{{ enable_debug }}"

templates/vars/applications.yml.j2

@@ -121,7 +121,7 @@ defaults_applications:
 {% endraw %}{{ features.render_features({
   'matomo':   true,
   'css':      true,
-  'iframe':   true,
+  'iframe':   false,
   'oidc':     true,
   'database': true,
 }) }}{% raw %}
@@ -273,6 +273,9 @@ defaults_applications:
       administrator:
         username:                     "{{users.administrator.username}}"          # Listmonk administrator account username
 #        password:                     "{{users.administrator.password}}"          # Password to initialized Listmonk administrator with
+    credentials:
+      database:
+#        password:                     ""                                          # Database password
     public_api_activated:             False                                       # Security hole. Can be used for spaming
     version:                          "latest"                                    # Docker Image version
     setup:                            false                                       # Set true in inventory file to execute the setup and initializing procedures
@@ -817,8 +820,13 @@ defaults_applications:
 #       password:                                                             # Password of the wordpress administrator
         email:                    "{{users.administrator.email}}"             # Email of the wordpress adminsitrator
     plugins:
-      discourse:                  "{{ 'discourse' in group_names | lower }}"
-      oidc:                       true
+      wp-discourse:
+        enabled:  "{{ 'discourse' in group_names | lower }}"
+      daggerhart-openid-connect-generic:
+        enabled:  true
+      activitypub:
+        enabled:  true
+      
 {% endraw %}{{ features.render_features({
   'matomo':   	true,
   'css':      	false,