Refactored file creation

ansible.cfg

@@ -1,3 +1,4 @@
 [defaults]
 lookup_plugins = ./lookup_plugins
 filter_plugins = ./filter_plugins
+module_utils   = ./module_utils

cli/create_docker_role.py

@@ -0,0 +1,144 @@
+#!/usr/bin/env python3
+import argparse
+import os
+import shutil
+import yaml
+import ipaddress
+from jinja2 import Environment, FileSystemLoader
+
+# Paths to the group-vars files
+PORTS_FILE = './group_vars/all/09_ports.yml'
+NETWORKS_FILE = './group_vars/all/10_networks.yml'
+ROLE_TEMPLATE_DIR = './docker-template'
+ROLES_DIR = './roles'
+
+
+def load_yaml(path):
+    with open(path) as f:
+        return yaml.safe_load(f)
+
+
+def dump_yaml(data, path):
+    with open(path, 'w') as f:
+        yaml.safe_dump(data, f, sort_keys=False)
+
+
+def get_next_network(networks_dict, prefixlen):
+    # Collect all local subnets matching the given prefix length
+    nets = []
+    for name, info in networks_dict['defaults_networks']['local'].items():
+        net = ipaddress.ip_network(info['subnet'])
+        if net.prefixlen == prefixlen:
+            nets.append(net)
+    # Sort by network address and return the first one
+    nets.sort(key=lambda n: int(n.network_address))
+    return nets[0]
+
+
+def get_next_port(ports_dict, category, service):
+    used = set()
+    # Gather already taken ports under localhost.category
+    for svc, port in ports_dict['ports']['localhost'].get(category, {}).items():
+        used.add(int(port))
+    # Start searching from port 1 upwards
+    candidate = 1
+    while candidate in used:
+        candidate += 1
+    return candidate
+
+
+def render_template(src_dir, dst_dir, context):
+    env = Environment(
+        loader=FileSystemLoader(src_dir),
+        keep_trailing_newline=True,
+        autoescape=False,
+    )
+    for root, _, files in os.walk(src_dir):
+        rel_path = os.path.relpath(root, src_dir)
+        target_path = os.path.join(dst_dir, rel_path)
+        os.makedirs(target_path, exist_ok=True)
+        for filename in files:
+            template = env.get_template(os.path.join(rel_path, filename))
+            rendered = template.render(**context)
+            out_name = filename[:-3] if filename.endswith('.j2') else filename
+            with open(os.path.join(target_path, out_name), 'w') as f:
+                f.write(rendered)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Create a Docker Ansible role with Jinja2 templates, and assign network and ports"
+    )
+    parser.add_argument(
+        '--application-id', '-a', required=True,
+        help="Unique ID of the application (used in the role name)"
+    )
+    parser.add_argument(
+        '--network', '-n', choices=['24', '28'], required=True,
+        help="Network prefix length to assign (/24 or /28)"
+    )
+    parser.add_argument(
+        '--ports', '-p', nargs='+', metavar="CATEGORY.SERVICE", required=True,
+        help="List of ports in the format category.service (e.g. http.nextcloud)"
+    )
+    args = parser.parse_args()
+
+    app_id = args.application_id
+    role_name = f"docker-{app_id}"
+
+    # 1) Create the role from the template
+    role_dir = os.path.join(ROLES_DIR, role_name)
+    if os.path.exists(role_dir):
+        parser.error(f"Role {role_name} already exists at {role_dir}")
+    render_template(ROLE_TEMPLATE_DIR, role_dir, {
+        'application_id': app_id,
+        'role_name': role_name,
+    })
+    print(f"→ Role {role_name} created at {role_dir}")
+
+    # 2) Assign network
+    networks = load_yaml(NETWORKS_FILE)
+    prefix = int(args.network)
+    chosen_net = get_next_network(networks, prefix)
+    out_net = {
+        'defaults_networks': {
+            'application': {
+                app_id: str(chosen_net)
+            }
+        }
+    }
+    net_file = f'./group_vars/{app_id}_network.yml'
+    dump_yaml(out_net, net_file)
+    print(f"→ Assigned network {chosen_net} (/{prefix}) and wrote to {net_file}")
+
+    # 3) Assign ports
+    ports_yaml = load_yaml(PORTS_FILE)
+    assigned = {}
+    for entry in args.ports:
+        try:
+            category, service = entry.split('.', 1)
+        except ValueError:
+            parser.error(f"Invalid port spec: {entry}. Must be CATEGORY.SERVICE")
+        port = get_next_port(ports_yaml, category, service)
+        # Insert into the in-memory ports data under localhost
+        ports_yaml['ports']['localhost'].setdefault(category, {})[service] = port
+        assigned[entry] = port
+
+    # Backup and write updated all/09_ports.yml
+    backup_file = PORTS_FILE + '.bak'
+    shutil.copy(PORTS_FILE, backup_file)
+    dump_yaml(ports_yaml, PORTS_FILE)
+    print(f"→ Assigned ports: {assigned}. Updated {PORTS_FILE} (backup at {backup_file})")
+
+    # Also write ports to the application’s own vars file
+    out_ports = {'ports': {'localhost': {}}}
+    for entry, port in assigned.items():
+        category, service = entry.split('.', 1)
+        out_ports['ports']['localhost'].setdefault(category, {})[service] = port
+    ports_file = f'./group_vars/{app_id}_ports.yml'
+    dump_yaml(out_ports, ports_file)
+    print(f"→ Wrote assigned ports to {ports_file}")
+
+
+if __name__ == '__main__':
+    main()

docs/guides/developer/Role_Creation.md

@@ -97,8 +97,6 @@ Now that you have defined the application settings, domain, and application ID,
       vars:
         domain: "{{ domains | get_domain(application_id) }}"
         http_port: "{{ ports.localhost.http[application_id] }}"
-
-    - include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
     ```
 
 3. **`docker-compose.yml.j2`**:

filter_plugins/__init__.py

@@ -1,2 +0,0 @@
-from pkgutil import extend_path
-__path__ = extend_path(__path__, __name__)

filter_plugins/get_domain.py

@@ -0,0 +1,21 @@
+#!/usr/bin/python
+import os
+import sys
+from ansible.errors import AnsibleFilterError
+
+class FilterModule(object):
+    def filters(self):
+        # module_utils-Verzeichnis ermitteln und zum Import-Pfad hinzufügen
+        plugin_dir      = os.path.dirname(__file__)
+        project_root    = os.path.dirname(plugin_dir)
+        module_utils    = os.path.join(project_root, 'module_utils')
+        if module_utils not in sys.path:
+            sys.path.append(module_utils)
+
+        # jetzt kannst Du domain_utils importieren
+        try:
+            from domain_utils import get_domain
+        except ImportError as e:
+            raise AnsibleFilterError(f"could not import domain_utils: {e}")
+
+        return {'get_domain': get_domain}

filter_plugins/get_domain_filter.py

@@ -1,60 +0,0 @@
-from ansible.errors import AnsibleFilterError
-
-class FilterModule(object):
-    '''Ansible filter plugin to retrieve the correct domain for a given application_id.'''
-
-    def filters(self):
-        return {
-            'get_domain': self.get_domain,
-        }
-
-    def get_domain(self, domains, application_id):
-        """
-        Return the domain for application_id from the domains mapping:
-          - If value is a string, return it.
-          - If value is a dict, return its first value.
-          - If value is a list, return its first element.
-          - Otherwise, raise an error.
-        """
-        # Ensure domains is a mapping
-        if not isinstance(domains, dict):
-            raise AnsibleFilterError(f"'domains' must be a dict, got {type(domains).__name__}")
-
-        if application_id not in domains:
-            raise AnsibleFilterError(f"application_id '{application_id}' not found in domains mapping")
-
-        val = domains[application_id]
-
-        # String case
-        if isinstance(val, str):
-            if not val:
-                raise AnsibleFilterError(f"domains['{application_id}'] is an empty string")
-            return val
-
-        # Dict case
-        if isinstance(val, dict):
-            try:
-                first_val = next(iter(val.values()))
-            except StopIteration:
-                raise AnsibleFilterError(f"domains['{application_id}'] dict is empty")
-            if not isinstance(first_val, str) or not first_val:
-                raise AnsibleFilterError(
-                    f"first value of domains['{application_id}'] must be a non-empty string, got {first_val!r}"
-                )
-            return first_val
-
-        # List case
-        if isinstance(val, list):
-            if not val:
-                raise AnsibleFilterError(f"domains['{application_id}'] list is empty")
-            first = val[0]
-            if not isinstance(first, str) or not first:
-                raise AnsibleFilterError(
-                    f"first element of domains['{application_id}'] must be a non-empty string, got {first!r}"
-                )
-            return first
-
-        # Other types
-        raise AnsibleFilterError(
-            f"domains['{application_id}'] has unsupported type {type(val).__name__}, must be str, dict or list"
-        )

filter_plugins/get_url.py

@@ -0,0 +1,27 @@
+#!/usr/bin/python
+import os
+import sys
+from ansible.errors import AnsibleFilterError
+
+class FilterModule(object):
+    def filters(self):
+        return {'get_url': self.get_url}
+
+    def get_url(self, domains, application_id, protocol):
+        # 1) module_utils-Verzeichnis in den Pfad aufnehmen
+        plugin_dir   = os.path.dirname(__file__)
+        project_root = os.path.dirname(plugin_dir)
+        module_utils = os.path.join(project_root, 'module_utils')
+        if module_utils not in sys.path:
+            sys.path.append(module_utils)
+
+        # 2) jetzt domain_utils importieren
+        try:
+            from domain_utils import get_domain
+        except ImportError as e:
+            raise AnsibleFilterError(f"could not import domain_utils: {e}")
+
+        # 3) Validierung und Aufruf
+        if not isinstance(protocol, str):
+            raise AnsibleFilterError("Protocol must be a string")
+        return f"{protocol}://{ get_domain(domains, application_id) }"

module_utils/domain_utils.py

@@ -0,0 +1,52 @@
+# filter_plugins/domain_utils.py
+from ansible.errors import AnsibleFilterError
+
+def get_domain(domains, application_id):
+    """
+    Return the domain for application_id from the domains mapping:
+      - If value is a string, return it.
+      - If value is a dict, return its first value.
+      - If value is a list, return its first element.
+      - Otherwise, raise an error.
+    """
+    if not isinstance(domains, dict):
+        raise AnsibleFilterError(f"'domains' must be a dict, got {type(domains).__name__}")
+
+    if application_id not in domains:
+        raise AnsibleFilterError(f"application_id '{application_id}' not found in domains mapping")
+
+    val = domains[application_id]
+
+    # String case
+    if isinstance(val, str):
+        if not val:
+            raise AnsibleFilterError(f"domains['{application_id}'] is an empty string")
+        return val
+
+    # Dict case
+    if isinstance(val, dict):
+        try:
+            first_val = next(iter(val.values()))
+        except StopIteration:
+            raise AnsibleFilterError(f"domains['{application_id}'] dict is empty")
+        if not isinstance(first_val, str) or not first_val:
+            raise AnsibleFilterError(
+                f"first value of domains['{application_id}'] must be a non-empty string, got {first_val!r}"
+            )
+        return first_val
+
+    # List case
+    if isinstance(val, list):
+        if not val:
+            raise AnsibleFilterError(f"domains['{application_id}'] list is empty")
+        first = val[0]
+        if not isinstance(first, str) or not first:
+            raise AnsibleFilterError(
+                f"first element of domains['{application_id}'] must be a non-empty string, got {first!r}"
+            )
+        return first
+
+    # Unsupported type
+    raise AnsibleFilterError(
+        f"domains['{application_id}'] has unsupported type {type(val).__name__}, must be str, dict or list"
+    )

roles/docker-akaunting/templates/env.j2

@@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL={{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL={{ domains | get_url(application_id, web_protocol) }}
 LOCALE={{ HOST_LL }}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)

roles/docker-baserow/tasks/main.yml

@@ -9,5 +9,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-bigbluebutton/templates/env.j2

@@ -290,6 +290,6 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT=https://{{domains | get_domain(application_id)}}
+OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, web_protocol) }}
 # OPENID_CONNECT_UID_FIELD=sub default
 {% endif %}

roles/docker-bigbluebutton/vars/main.yml

@@ -11,3 +11,5 @@ domain:                       "{{ domains | get_domain(application_id) }}"
 http_port:                    "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    
 bbb_env_file_origine:         "{{ bbb_repository_directory }}.env"
+
+docker_compose_skipp_file_creation: true # Skipp creation of docker-compose.yml file

roles/docker-bluesky/tasks/main.yml

@@ -46,5 +46,3 @@
     dest: "{{social_app_path}}"
     version: "main"
   notify: docker compose up 
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-collabora/tasks/main.yml

@@ -16,5 +16,3 @@
       - subnet: "{{ networks.local.collabora.subnet }}"
   when: run_once_docker_mariadb is not defined
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-

roles/docker-compose/defaults/main.yml

@@ -0,0 +1 @@
+docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped

roles/docker-compose/tasks/create-files.yml

@@ -1,23 +1,27 @@
-- name:           "Create (optional) '{{ docker_compose.files.dockerfile }}'"
+- name: Create (optional) Dockerfile
   template:
-    src:          "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
+    src: "{{ item }}"
-    dest:         "{{ docker_compose.files.dockerfile }}"
+    dest: "{{ docker_compose.files.dockerfile }}"
-  notify:         docker compose up
+  with_first_found:
-  ignore_errors:  false
+    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
-  register:       create_dockerfile_result
+    - "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile"
+  notify: docker compose up
+  register: create_dockerfile_result
   failed_when:
     - create_dockerfile_result is failed
     - "'Could not find or access' not in create_dockerfile_result.msg"
 
 - name:           "Create (optional) '{{ docker_compose.files.env }}'"
   template:
-    src:          "env.j2"
+    src:          "{{ item }}"
     dest:         "{{ docker_compose.files.env }}"
     mode:         '770'
     force:        yes
   notify:         docker compose up
   register:       env_template
-  ignore_errors:  false
+  with_first_found:
+    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2"
+    - "{{ playbook_dir }}/roles/{{ role_name }}/files/env"
   failed_when:
     - env_template is failed
     - "'Could not find or access' not in env_template.msg"

roles/docker-compose/tasks/main.yml

@@ -16,11 +16,5 @@
     mode: '0755'
   with_dict: "{{ docker_compose.directories }}"
 
-- name: flush docker service
+- include_tasks: "create-files.yml"
-  meta: flush_handlers
+  when: not docker_compose_skipp_file_creation | bool
-  when: run_once_docker_compose is not defined
-
-- name: run the docker tasks once
-  set_fact:
-    run_once_docker_compose: true
-  when: run_once_docker_compose is not defined

roles/docker-coturn/tasks/main.yml

@@ -9,5 +9,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-espocrm/tasks/main.yml

@@ -14,8 +14,6 @@
     domain:               "{{ domains | get_domain(application_id) }}"
     http_port:            "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Set OIDC scopes in EspoCRM config (inside web container)
   ansible.builtin.shell: |
     docker compose exec -T web php -r '

roles/docker-espocrm/templates/env.j2

@@ -23,7 +23,7 @@ ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.usern
 ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
 
 # Public base URL of the EspoCRM instance
-ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains | get_domain(application_id) }}
+ESPOCRM_SITE_URL={{ domains | get_url(application_id, web_protocol) }}
 
 # ------------------------------------------------
 # General UI & locale settings

roles/docker-friendica/tasks/main.yml

@@ -21,8 +21,6 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Build friendica_addons based on features
   set_fact:
     friendica_addons: >-

roles/docker-funkwhale/tasks/main.yml

@@ -10,6 +10,4 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 

roles/docker-fusiondirectory/tasks/main.yml

@@ -8,5 +8,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-  
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-gitea/tasks/main.yml

@@ -10,8 +10,6 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Wait for Gitea HTTP endpoint
   wait_for:
     host: "127.0.0.1"

roles/docker-gitea/templates/env.j2

@@ -4,7 +4,7 @@
 # General
 DOMAIN={{domains | get_domain(application_id)}}
 RUN_MODE="{{ 'dev' if (CYMAIS_ENVIRONMENT | lower) == 'development' else 'prod' }}"
-ROOT_URL="{{ web_protocol }}://{{domains | get_domain(application_id)}}/"
+ROOT_URL="{{ domains | get_url(application_id, web_protocol) }}/"
 APP_NAME="{{ applications[application_id].title }}"
 USER_UID=1000
 USER_GID=1000

roles/docker-gitlab/tasks/main.yml

@@ -9,5 +9,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-joomla/tasks/main.yml

@@ -12,5 +12,3 @@
   loop: "{{ domains }}"
   loop_control:
     loop_var: domain
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-keycloak/tasks/main.yml

@@ -10,8 +10,6 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: "create directory {{import_directory_host}}"
   file:
     path: "{{import_directory_host}}"

roles/docker-keycloak/templates/import/realm.json.j2

@@ -517,7 +517,7 @@
         "/realms/{{ keycloak_realm }}/account/*"
       ],
       "webOrigins": [
-        "{{ web_protocol }}://{{domains | get_domain('keycloak')}}"
+        "{{ domains | get_url('keycloak', web_protocol) }}"
       ],
       "notBefore": 0,
       "bearerOnly": false,

roles/docker-lam/tasks/main.yml

@@ -8,5 +8,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-  
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-ldap/tasks/main.yml

@@ -23,8 +23,6 @@
     ipam_config:
       - subnet: "{{ networks.local.central_ldap.subnet }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: "Reset LDAP admin passwords"
   include_tasks: reset_admin_passwords.yml
   when: applications[application_id].network.local

roles/docker-listmonk/tasks/main.yml

@@ -25,8 +25,6 @@
     dest: "{{docker_compose.directories.config}}config.toml"
   notify: docker compose up
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Check if listmonk database is already initialized
   command: docker compose exec -T {{database_host}} psql -U {{database_username}} -d {{database_name}} -c "\dt"
   register: db_tables

roles/docker-listmonk/vars/main.yml

@@ -3,7 +3,7 @@ database_type:      "postgres"
 
 listmonk_settings:
   - key: "app.root_url"
-    value: '"{{ web_protocol }}://{{ domains | get_domain(application_id) }}"'
+    value: '"{{ domains | get_url(application_id, web_protocol) }}"'
 
   - key: "app.notify_emails"
     value: "{{ [ users.administrator.email ] | to_json }}"

roles/docker-mailu/tasks/main.yml

@@ -18,9 +18,6 @@
     name: nginx-docker-cert-deploy
   when: run_once_docker_mailu is not defined
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-  when: run_once_docker_mailu is not defined
-
 - name: Flush docker service handlers
   meta: flush_handlers
   when: run_once_docker_mailu is not defined

roles/docker-mastodon/tasks/main.yml

@@ -16,8 +16,6 @@
     client_max_body_size: "80m"
     vhost_flavour:        "ws_generic"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: flush docker service
   meta: flush_handlers
   when: applications.mastodon.setup |bool 

roles/docker-matomo/tasks/main.yml

@@ -12,9 +12,6 @@
     http_port:   "{{ ports.localhost.http[application_id] }}"
   when: run_once_docker_matomo is not defined
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-  when: run_once_docker_matomo is not defined
-
 - name: run the docker matomo tasks once
   set_fact:
     run_once_docker_matomo: true

roles/docker-matomo/vars/main.yml

@@ -2,7 +2,7 @@
 application_id:       "matomo"
 database_type:        "mariadb"
 matomo_excluded_ips:  "{{ applications.matomo.excluded_ips }}"
-matomo_index_php_url: "{{ web_protocol }}://{{ domains | get_domain('matomo') }}/index.php"
+matomo_index_php_url: "{{ domains | get_url('matomo', web_protocol) }}/index.php"
 matomo_auth_token:    "{{ applications.matomo.credentials.auth_token }}"
 
 

roles/docker-mobilizon/tasks/main.yml

@@ -15,5 +15,3 @@
     src:  "config.exs.j2" 
     dest: "{{ mobilizon_host_conf_exs_file }}"
   notify: docker compose up
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-mobilizon/vars/main.yml

@@ -3,6 +3,6 @@ application_id:                 mobilizon
 database_type:                  "postgres"
 database_gis_enabled:           true
 
-mobilizon_oidc_callback_url:    "{{ web_protocol }}://{{ domains | get_domain(application_id) }}/auth/openid_connect/callback"
+mobilizon_oidc_callback_url:    "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback"
 mobilizon_exposed_docker_port:  4000
 mobilizon_host_conf_exs_file:   "{{docker_compose.directories.config}}config.exs"

roles/docker-moodle/tasks/main.yml

@@ -10,8 +10,6 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Wait until the Moodle container is healthy
   shell: docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ container_name }}
   register: health_check

roles/docker-moodle/tasks/oidc.yml

@@ -39,7 +39,7 @@
     - { name: "field_lock_lastname",  value: "locked" }
     - { name: "field_map_email",      value: "locked" }
     #- { name: "showloginform",        value: 0 }  # Deactivate if OIDC is active
-    - { name: "alternateloginurl",    value: "{{ web_protocol }}://{{ domains | get_domain(application_id) }}/auth/oidc/" }
+    - { name: "alternateloginurl",    value: "{{ domains | get_url(application_id, web_protocol) }}/auth/oidc/" }
   loop_control:
     label: "{{ item.name }}"
   command: >

roles/docker-nextcloud/tasks/main.yml

@@ -35,8 +35,6 @@
     dest: "{{docker_compose.directories.volumes}}nginx.conf"
   notify: restart nextcloud nginx service
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: Flush all handlers immediately so that occ can be used
   meta: flush_handlers
 

roles/docker-nextcloud/templates/env.j2

@@ -32,7 +32,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications[application_id].credentials.admi
 NEXTCLOUD_TRUSTED_DOMAINS=      "{{domains | get_domain(application_id)}}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
-OVERWRITECLIURL=                "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
 OVERWRITEPROTOCOL=              "https"
 
 # Redis Configuration

roles/docker-nextcloud/vars/plugins/bbb.yml

@@ -4,4 +4,4 @@ plugin_configuration:
     configvalue:  "{{ applications.bigbluebutton.credentials.shared_secret }}"
   - appid:        "bbb"
     configkey:    "api.url"
-    configvalue:  "{{ web_protocol }}://{{domains | get_domain('bigbluebutton')}}{{applications.bigbluebutton.api_suffix}}"
+    configvalue:  "{{ domains | get_url('bigbluebutton', web_protocol) }}{{applications.bigbluebutton.api_suffix}}"

roles/docker-nextcloud/vars/system.yml

@@ -18,4 +18,4 @@ nextcloud_system_config:
     value: "{{domains | get_domain(application_id)}}"
 
   - parameter: "overwrite.cli.url"
-    value: "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+    value: "{{ domains | get_url(application_id, web_protocol) }}"

roles/docker-openproject/tasks/main.yml

@@ -33,8 +33,6 @@
     state: directory
     mode: 0755
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: flush docker service
   meta: flush_handlers
 

roles/docker-peertube/tasks/main.yml

@@ -11,8 +11,6 @@
   vars:
     http: "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
-
 - name: "Install and activate auth-openid-connect plugin if OIDC is enabled"
   include_tasks: enable-oidc.yml
   when: applications | is_feature_enabled('oidc',application_id)

roles/docker-pgadmin/tasks/main.yml

@@ -13,5 +13,3 @@
 - name: "configure pgadmin servers"
   include_tasks: configuration.yml
   when: applications[application_id].server_mode | bool
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-phpldapadmin/tasks/main.yml

@@ -8,5 +8,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-  
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-phpldapadmin/templates/env.j2

@@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    {{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL=    {{ domains | get_url(application_id, web_protocol) }}
 LDAP_HOST=  {{ldap.server.domain}}

roles/docker-phpmyadmin/tasks/main.yml

@@ -9,5 +9,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-pixelfed/tasks/main.yml

@@ -9,5 +9,3 @@
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-pixelfed/templates/env.j2

@@ -5,7 +5,7 @@ APP_KEY={{applications[application_id].credentials.app_key}}
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL={{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL={{ domains | get_url(application_id, web_protocol) }}
 APP_DOMAIN="{{domains | get_domain(application_id)}}"
 ADMIN_DOMAIN="{{domains | get_domain(application_id)}}"
 SESSION_DOMAIN="{{domains | get_domain(application_id)}}"

roles/docker-presentation/tasks/main.yml

@@ -25,5 +25,3 @@
   vars:
     domain:     "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-roulette-wheel/tasks/main.yml

@@ -11,5 +11,3 @@
   notify: docker compose up
   become: true
   ignore_errors: true
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-simpleicons/files/Dockerfile

@@ -0,0 +1,16 @@
+FROM node:latest AS builder
+
+WORKDIR /app
+COPY package*.json ./
+
+RUN npm install
+
+FROM node:latest
+
+WORKDIR /app
+COPY --from=builder /app/node_modules ./node_modules
+COPY server.js .
+
+EXPOSE 3000
+
+CMD ["node", "server.js"]

roles/docker-simpleicons/files/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "simpleicons-server",
+  "type": "module",
+  "dependencies": {
+    "express": "^4.18.2",
+    "simple-icons": "^9.0.0",
+    "sharp": "^0.32.0"
+  }
+}

roles/docker-simpleicons/templates/docker-compose.yml.j2

@@ -0,0 +1,14 @@
+services:
+  application:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: simpleicons-server:latest
+    container_name: simpleicons-server
+    ports:
+      - "{{ports.localhost.http[application_id]}}:3000"
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'templates/docker/container/networks.yml.j2' %}
+
+{% include 'templates/docker/compose/networks.yml.j2' %}
+

roles/docker-simpleicons/templates/server.js.j2

@@ -0,0 +1,62 @@
+import express from 'express';
+import * as icons from 'simple-icons';
+import sharp from 'sharp';
+
+const app = express();
+const port = process.env.PORT || 3000;
+
+// Helper: convert 'nextcloud' → 'siNextcloud'
+function getExportName(slug) {
+  return 'si' + slug
+    .split('-')
+    .map(part => part[0].toUpperCase() + part.slice(1))
+    .join('');
+}
+
+// Root: redirect to your documentation
+app.get('/', (req, res) => {
+  res.redirect('https://docs.cymais.cloud/roles/docker-{{ application_id }}/README.html');
+});
+
+// GET /:slug.svg
+app.get('/:slug.svg', (req, res) => {
+  const slug = req.params.slug.toLowerCase();
+  const exportName = getExportName(slug);
+  const icon = icons[exportName];
+
+  if (!icon) {
+    return res.status(404).send('Icon not found');
+  }
+
+  res.type('image/svg+xml');
+  res.send(icon.svg);
+});
+
+// GET /:slug.png?size=...
+app.get('/:slug.png', async (req, res) => {
+  const slug = req.params.slug.toLowerCase();
+  const size = parseInt(req.query.size, 10) || 128;
+  const exportName = getExportName(slug);
+  const icon = icons[exportName];
+
+  if (!icon) {
+    return res.status(404).send('Icon not found');
+  }
+
+  try {
+    const pngBuffer = await sharp(Buffer.from(icon.svg))
+      .resize(size, size)
+      .png()
+      .toBuffer();
+
+    res.type('image/png');
+    res.send(pngBuffer);
+  } catch (err) {
+    console.error('PNG generation error:', err);
+    res.status(500).send('PNG generation error');
+  }
+});
+
+app.listen(port, () => {
+  console.log(`Simple-Icons server listening at http://0.0.0.0:${port}`);
+});

roles/docker-simpleicons/vars/main.yml

@@ -0,0 +1 @@
+application_id: simpleicons

roles/docker-snipe-it/tasks/main.yml

@@ -10,7 +10,6 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
 
 - name: "Configure Snipe-IT LDAP settings"
   import_tasks: ldap.yml

roles/docker-snipe-it/vars/main.yml

@@ -1,4 +1,4 @@
 application_id:     "snipe-it"
 database_password:  "{{ applications[application_id].credentials.database_password }}"
 database_type:      "mariadb"
-snipe_it_url:       "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+snipe_it_url:       "{{ domains | get_url(application_id, web_protocol) }}"

roles/docker-sphinx/tasks/main.yml

@@ -21,5 +21,3 @@
   vars:
     domain:     "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
-
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-syncope/tasks/main.yml

@@ -27,4 +27,3 @@
     force: yes
   notify: docker compose up
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-syncope/templates/docker-compose.yml.j2

@@ -13,7 +13,7 @@ services:
      environment:
        SPRING_PROFILES_ACTIVE: docker,postgresql,saml2
        OPENJPA_REMOTE_COMMIT: sjvm
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[rest]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[rest]}}/
     # database variablen auslesen
 
    console: 
@@ -25,7 +25,7 @@ services:
      restart: always
      environment:
        SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[console]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[console]}}/
 
    enduser: 
      depends_on:
@@ -36,5 +36,5 @@ services:
      restart: always
      environment:
        SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[enduser]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[enduser]}}/
        

roles/docker-taiga/tasks/main.yml

@@ -28,4 +28,3 @@
     dest:  "{{docker_compose_init}}"
   notify: docker compose up
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-template/README.md

@@ -0,0 +1,2 @@
+# Docker Role Template
+This folder contains a template to setup docker roles

roles/docker-template/vars/main.yml

@@ -0,0 +1 @@
+application_id: template

roles/docker-wordpress/tasks/install.yml

@@ -2,7 +2,7 @@
   command: >
     docker-compose exec -T -u www-data application
     wp core install
-      --url="{{ web_protocol }}://{{ domains | get_domain(application_id) }}"
+      --url="{{ domains | get_url(application_id, web_protocol) }}"
       --title="{{ applications[application_id].title }}"
       --admin_user="{{ applications[application_id].users.administrator.username }}"
       --admin_password="{{ applications[application_id].credentials.administrator_password }}"

roles/docker-wordpress/tasks/main.yml

@@ -25,7 +25,6 @@
     dest: "{{ host_msmtp_conf }}"
   notify: docker compose up
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"
 
 - name: "Install wordpress"
   include_tasks: install.yml

roles/docker-wordpress/vars/discourse.yml

@@ -11,7 +11,7 @@ discourse_settings:
 
   - name: discourse_connect
     key: url
-    value: "{{ web_protocol }}://{{ domains | get_domain('discourse') }}"
+    value: "{{ domains | get_url('discourse', web_protocol) }}"
   - name: discourse_connect
     key: api-key
     value: "{{ vault_discourse_api_key }}"

roles/docker-yourls/tasks/main.yml

@@ -10,4 +10,3 @@
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml"

roles/docker-yourls/templates/env.j2

@@ -2,7 +2,7 @@ YOURLS_DB_HOST: "{{database_host}}"
 YOURLS_DB_USER: "{{database_username}}"
 YOURLS_DB_PASS: "{{database_password}}"
 YOURLS_DB_NAME: "{{database_name}}"
-YOURLS_SITE:    "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+YOURLS_SITE:    "{{ domains | get_url(application_id, web_protocol) }}"
 YOURLS_USER:    "{{applications.yourls.users.administrator.username}}"
 YOURLS_PASS:    "{{applications[application_id].credentials.administrator_password}}"
 # The following deactivates the login mask for admins, if the oauth2 proxy is activated 

roles/nginx-modifier-matomo/vars/main.yml

@@ -1,4 +1,4 @@
 base_domain:              "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
-matomo_index_php_url:     "{{ web_protocol }}://{{ domains | get_domain('matomo') }}/index.php"
+matomo_index_php_url:     "{{ domains | get_url('matomo', web_protocol) }}/index.php"
 matomo_auth_token:        "{{ applications.matomo.credentials.auth_token }}"
 matomo_verification_url:  "{{ matomo_index_php_url }}?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{ base_domain }}&format=json&token_auth={{ matomo_auth_token }}"

tasks/plays/01_constructor.yml

@@ -1,4 +1,17 @@
 ---
+
+- name: Show effective filter_plugins setting
+  shell: ansible-config dump --only-changed | grep -i filter_plugins || echo "using default"
+  register: filter_cfg
+
+- name: Debug filter_plugins config
+  debug:
+    msg: "{{ filter_cfg.stdout_lines }}"
+
+- name: "Debug: show which ansible.cfg was used"
+  debug:
+    msg: "{{ ansible_config_file }}"
+
 - name: Merge variables
   block:
   - name: Merge users

tests/unit/filter_plugins/test_get_domain.py

@@ -1,17 +1,8 @@
-# tests/unit/test_get_domain_filter.py
+# tests/unit/test_get_domain.py
 import unittest
 import sys
 import os
-
+from filter_plugins.get_domain import FilterModule
-# Ensure filter_plugins directory is on the path
-sys.path.insert(
-    0,
-    os.path.abspath(
-        os.path.join(os.path.dirname(__file__), '../../../filter_plugins')
-    )
-)
-
-from get_domain_filter import FilterModule
 from ansible.errors import AnsibleFilterError
 
 class TestGetDomainFilter(unittest.TestCase):

tests/unit/filter_plugins/test_get_url.py

@@ -0,0 +1,77 @@
+# tests/unit/filter_plugins/test_get_url.py
+import unittest
+import sys
+import os
+
+# Ensure filter_plugins directory is on the path
+sys.path.insert(
+    0,
+    os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '../../../filter_plugins')
+    )
+)
+
+from get_url import FilterModule
+from ansible.errors import AnsibleFilterError
+
+class TestGetUrlFilter(unittest.TestCase):
+    def setUp(self):
+        # Retrieve the get_url filter function
+        self.get_url = FilterModule().filters()['get_url']
+
+    def test_string_domain(self):
+        domains = {'app': 'example.com'}
+        url = self.get_url(domains, 'app', 'https')
+        self.assertEqual(url, 'https://example.com')
+
+    def test_dict_domain(self):
+        domains = {'app': {'primary': 'primary.com', 'secondary': 'secondary.com'}}
+        url = self.get_url(domains, 'app', 'http')
+        self.assertEqual(url, 'http://primary.com')
+
+    def test_list_domain(self):
+        domains = {'app': ['first.com', 'second.com']}
+        url = self.get_url(domains, 'app', 'ftp')
+        self.assertEqual(url, 'ftp://first.com')
+
+    def test_missing_application_id(self):
+        domains = {'app': 'example.com'}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'missing', 'https')
+
+    def test_domains_not_dict(self):
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(['not', 'a', 'dict'], 'app', 'https')
+
+    def test_empty_string_domain(self):
+        domains = {'app': ''}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 'https')
+
+    def test_empty_dict_domain(self):
+        domains = {'app': {}}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 'https')
+
+    def test_empty_list_domain(self):
+        domains = {'app': []}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 'https')
+
+    def test_non_string_in_dict_domain(self):
+        domains = {'app': {'key': 123}}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 'https')
+
+    def test_non_string_in_list_domain(self):
+        domains = {'app': [123]}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 'https')
+
+    def test_protocol_not_string(self):
+        domains = {'app': 'example.com'}
+        with self.assertRaises(AnsibleFilterError):
+            self.get_url(domains, 'app', 123)
+
+if __name__ == '__main__':
+    unittest.main()