2025-04-28 18:30:24 +02:00
14 changed files with 72 additions and 301 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -10,34 +10,28 @@ docker_restart_policy:        "unless-stopped"
 # Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
 # If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
 # helper
 _applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled | default(true) }}"
 _applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
 _applications_nextcloud_oidc_flavor:  "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
 defaults_applications:
  ## Akaunting
  akaunting:
-    version:            "latest"
+    version:              "latest"
-    company_name:       "{{primary_domain}}"
+    company_name:         "{{primary_domain}}"
-    company_email:      "{{users.administrator.email}}"
+    company_email:        "{{users.administrator.email}}"
-    setup_admin_email:  "{{users.administrator.email}}"
+    setup_admin_email:    "{{users.administrator.email}}"
    database:
-      central_storage:  True
+      central_storage:                True
  ## Attendize 
  attendize:
-    version:            "latest"
+    version:              "latest"
    database:
-      central_storage:  True
+      central_storage:                True
  ## Baserow 
  baserow:
-    version:            "latest"
+    version:              "latest"
    database:
-      central_storage:  True
+      central_storage:                True
  ## Big Blue Button
  bigbluebutton:
@ -251,219 +245,28 @@ defaults_applications:
  ## Nextcloud
  nextcloud:
-    version:                "production"                                  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
+    version:                "production"                                # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
    ldap:
-      enabled:              True                                          # Enables LDAP by default
+      enabled:              True                                        # Enables LDAP by default
    oidc:
-      enabled:              "{{ _applications_nextcloud_oidc_enabled }}"  # Activate OIDC for Nextcloud
+      enabled:              true                                        # Activate OIDC for Nextcloud
      # floavor decides which OICD plugin should be used. 
      # Available options: oidc_login, sociallogin
      # @see https://apps.nextcloud.com/apps/oidc_login
      # @see https://apps.nextcloud.com/apps/sociallogin
-      flavor:               "oidc_login"                                  # Keeping on sociallogin because the other option is not implemented yet                                             
+      flavor:               "oidc_login"                                # Keeping on sociallogin because the other option is not implemented yet                                             
-    force_import:           False                                         # Forces the import of the LDIF files
+    force_import:           False                                       # Forces the import of the LDIF files
    database:
-      central_storage:      True                                          # Activate Central Database Storage
+      central_storage:      True                                        # Activate Central Database Storage
    credentials:
-#     database_password:    Null                                          # Needs to be set in inventory file
+#     database_password:    Null                                        # Needs to be set in inventory file
    users:      
      administrator:
        username:           "{{users.administrator.username}}"
        initial_password:   "{{users.administrator.initial_password}}"
-    default_quota:          '1000000000'                                  # Quota to assign if no quota is specified in the OIDC response (bytes)
+    default_quota:          '1000000000'                                # Quota to assign if no quota is specified in the OIDC response (bytes)
    legacy_login_mask:   
-      enabled:              False                                         # If true, then legacy  login mask is shown. Otherwise just SSO
+      enabled:              False                                       # If true, then legacy  login mask is shown. Otherwise just SSO 
    container:
      application:          "nextcloud-application"                       # Nextcloud application container name
      proxy:                "nextcloud-web"                               # Nextcloud Proxy Container Name
    plugins:                                                  
    # List for Nextcloud Plugin Routine
    # Decides if plugins should be activated or deactivated
      appointments:
        # Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments)
        enabled: true
      bbb:
        # Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb)
        enabled: "{{ 'bigbluebutton' in group_names | lower }}"
      #- bookmarks 
      #  # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks)
      #  enabled: false
      calendar:
        # Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar)
        enabled: true
      cfg_share_links:
        # Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links)
        enabled: true
      collectives:
        # Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives)
        enabled: true
      contacts:
        # Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts)
        enabled: true
      cospend:
        # Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend)
        enabled: true
      deck:
        # Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
        enabled: true
      drawio:
        # Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
        enabled: true
      duplicatefinder:
        # Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder)
        enabled: true
      emlviewer:
        # Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer)
        enabled: true
      event_update_notification:
        # Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification)
        enabled: true
      epubviewer:
        # Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer)
        enabled: true
      external:
        # Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external)
        enabled: true 
      #files_accesscontrol
      #  # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol)
      #  enabled: false
      #files_archive
      #  # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive)
      #  enabled: false
      #files_automatedtagging
      #  # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging)
      #  enabled: false
      files_bpm:
        # Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm)
        enabled: true
      files_downloadactivity:
        # Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity)
        enabled: true
      files_linkeditor:
        # Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor)
        enabled: true
      files_mindmap:
        # Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap)
        enabled: true
      files_texteditor:
        # Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor)
        # Not available for Nextcloud < 27
        enabled: false
      fileslibreofficeedit:
        # Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit)
        enabled: true
      forms:
        # Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms)
        enabled: true
      gestion:
        # Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion)
        enabled: true
      groupfolders:
        # Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders)
        enabled: true
      gpxpod:
        # Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod)
        enabled: true
      integration_discourse:
        # Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse)
        enabled: false
      integration_gitlab:
        # Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
        enabled: "{{ 'gitlab' in group_names in group_names | lower }}"
      integration_github:
        # Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
        enabled: false
      integration_google:
        # Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google)
        enabled: true
      integration_mastodon:
        # Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
        enabled: "{{ 'mastodon' in group_names | lower }}"
      integration_openai:
        # Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
        enabled: false
      integration_openproject:
        # Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
        enabled: "{{ 'openproject' in group_names | lower }}"
      integration_peertube:
        # Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
        enabled: "{{ 'peertube' in group_names | lower }}"
      #keeweb 
      #  # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
      #  # This isn't maintained anymore. The alternatives don't support keepass files
      #  enabled: false
      keeporsweep:
        # Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
        enabled: true
      mail:
        # Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
        enabled: true
      maps:
        # Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps)
        enabled: true
      metadata:
        # Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata)
        enabled: true
      news:
        # Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news)
        enabled: true
      oidc_login:
        # Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login)
        enabled:    "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}"
        incompatible_plugins:  
          - user_oidc   # Will be disabled
          - sociallogin # Will be disabled
      phonetrack:
        # Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack)
        enabled: true
      polls:
        # Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls)
        enabled: true
      quota_warning:
        # Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning)
        enabled: true
      recognize:
        # Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize)
        enabled: false # Deactivated because it let to bugs
      richdocuments:
        # Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
        enabled: true
      sociallogin:
        # Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
        enabled:    "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
        incompatible_plugins:  
          - user_oidc   # Will be disabled
          - oidc_login  # Will be disabled
      spreed:
        # Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
        enabled: true
      tables:
        # Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
        enabled: true
      tasks:
        # Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks)
        enabled: true
      #terms_of_service 
      #  # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service)
      #  enabled: false
      twofactor_nextcloud_notification:
        # Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
        enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
      twofactor_totp:
        # Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
        enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
      user_ldap:
        # Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
        enabled: "{{ _applications_nextcloud_ldap_enabled | lower }}"
      user_oidc:
        # Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
        enabled:    "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
        incompatible_plugins:  
          - oidc_login
          - sociallogin
      whiteboard:
        # Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
        enabled: true
  ## OAuth2 Proxy
  oauth2_proxy:
--- a/group_vars/all/08_on_calendar.yml
+++ b/group_vars/all/08_on_calendar.yml
@ -23,4 +23,3 @@ on_calendar_msi_keyboard_color:               "*-*-* *:*:00"
 on_calendar_cleanup_failed_docker:            "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
 on_calendar_btrfs_auto_balancer:              "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month
 on_calendar_restart_docker:                   "Sun *-*-* 08:00:00"                    # Restart docker instances every Sunday at 8:00 AM
 on_calendar_nextcloud:                        "22"                                    # Do nextcloud maintanace between 22:00 and 02:00
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@ -125,6 +125,11 @@ docker compose exec -it -u www-data application php occ user:delete {{username}}
 docker compose exec -u www-data application php occ config:list {{app_name}}
 ```
 ## App Relevant Tables 🗃️
 - `oc_appconfig`
 - `oc_migrations`
 ### Initialize Duplicates
 ```bash
 docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
@ -139,28 +144,6 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo
 ---
 ## Apps
 ### App Relevant Tables 🗃️
 - `oc_appconfig`
 - `oc_migrations`
 ### Cospend 
 #### Relevant SQL Commands for Cospend
 Debugguging Migrations: 
 https://github.com/julien-nc/cospend-nc/issues/325
 ```sql
 -- Show all Cospend Tables
 SHOW TABLES where Tables_in_nextcloud LIKE "%cospend%";
 -- Show Cospend Configuration
 SELECT * FROM `oc_appconfig` WHERE appid LIKE "%cospend%";
 -- Show Cospend Database Migrations 
 SELECT * FROM `oc_migrations` WHERE app LIKE "%cospend%";
 ```
 # Identity and Access Management (IAM)
 ## OpenID Connect (OIDC) Support 🔐
--- a/roles/docker-nextcloud/handlers/main.yml
+++ b/roles/docker-nextcloud/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart docker nginx service
  command:
-    cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
+    cmd: "docker exec {{nextcloud_nginx_container_name}} nginx -s reload"
  listen: restart docker nginx service
  ignore_errors: true # Ignoring if container is restarting
--- a/roles/docker-nextcloud/tasks/ldap.yml
+++ b/roles/docker-nextcloud/tasks/ldap.yml
@ -1,6 +1,14 @@
 # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
 # @todo implement
 - name: install LDAP plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install user_ldap"
  ignore_errors: true
 - name: Activate Nextcloud LDAP App
  command: "docker exec -u www-data {{ nextcloud_application_container_name }} php occ app:enable user_ldap"
 - name: Load LDAP Nextcloud configuration variables
  include_vars:
    file: ldap.yml
@ -8,10 +16,10 @@
 - name: Set Nextcloud LDAP config
  loop: "{{ nextcloud_ldap_configuration }}"
  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
+    docker exec -u www-data {{ nextcloud_application_container_name }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
 - name: Set Nextcloud LDAP bind password
  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
+    docker exec -u www-data {{ nextcloud_application_container_name }}
    php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
--- a/roles/docker-nextcloud/tasks/legacy_login_mask.yml
+++ b/roles/docker-nextcloud/tasks/legacy_login_mask.yml
@ -1,5 +1,5 @@
 - name: Set hide_login_form to true
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
 - name: "Set auth.webauthn.enabled to false"
-  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -13,13 +13,9 @@
 - name: Remove OIDC configuration lines from config.php if present (container)
  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
+    docker exec -u www-data {{ nextcloud_application_container_name }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
  when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool 
 - name: Set maintanance window 
  command: >
    docker exec -u www-data {{ applications.nextcloud.container.application }} php occ config:system:set maintenance_window_start --type=integer --value={{on_calendar_nextcloud}}"
 - name: "include role for {{application_id}} to recieve certs & do modification routines"
  include_role:
    name: nginx-https-get-cert-modify-all
@ -39,18 +35,6 @@
 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml
 - name: Flush all handlers immediately so that occ can be used
  meta: flush_handlers
 - name: Setup Nextcloud Plugins
  include_tasks: plugin.yml
  loop: "{{applications[application_id].plugins | dict2items }}"
  loop_control:
    loop_var: plugin_item
  vars:
    plugin_name: "{{ plugin_item.key }}"
    plugin_configuration: "{{ plugin_item.value }}"
 - name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
  include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
  when: applications[application_id].oidc.enabled | bool
--- a/roles/docker-nextcloud/tasks/oidc_login.yml
+++ b/roles/docker-nextcloud/tasks/oidc_login.yml
@ -1,3 +1,13 @@
 - name: enable sociallogin plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable sociallogin"
  ignore_errors: true
  when: 
    - mode_cleanup | bool
 - name: install oidc_login plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install oidc_login"
  ignore_errors: true
 - name: Add OIDC configuration if not implemented yet
  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
+    docker exec -u www-data {{ nextcloud_application_container_name }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
--- a/roles/docker-nextcloud/tasks/plugin.yml
+++ b/roles/docker-nextcloud/tasks/plugin.yml
@ -1,29 +0,0 @@
 - name: "Disable incompatible plugins for {{plugin_name}}."
  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}"
  loop: "{{plugin_configuration.incompatible_plugins}}"
  loop_control: 
    loop_var: incompatible_plugin
  register: disable_incompatible_plugin_result
  changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
  when: 
    - plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0
    - plugin_configuration.enabled | bool
 - name: disable {{ plugin_name }} nextcloud plugin
  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:disable {{ plugin_name }}"
  register: disable_result
  changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
  when: not (plugin_configuration.enabled | bool)
 - name: install {{ plugin_name }} nextcloud plugin
  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}"
  register: install_result
  failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout)
  changed_when: install_result.rc == 0 and ("already installed" not in install_result.stdout)
  when: plugin_configuration.enabled | bool
 - name: enable {{plugin_name}} nextcloud plugin
  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}"
  register: enable_result
  changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
  when: plugin_configuration.enabled | bool
--- a/roles/docker-nextcloud/tasks/sociallogin.yml
+++ b/roles/docker-nextcloud/tasks/sociallogin.yml
@ -1,4 +1,21 @@
 # @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
 - name: Flush all handlers immediately so that occ can be used
  meta: flush_handlers
 - name: disable oidc_login plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login"
  ignore_errors: true
  when: 
    - mode_cleanup | bool  
 - name: install sociallogin plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install sociallogin"
  ignore_errors: true
 - name: enable sociallogin plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:enable sociallogin"
 - name: Load Sociallogin configuration variables
  include_vars:
    file: sociallogin.yml
@ -7,5 +24,5 @@
  loop: "{{ nextcloud_sociallogin_configuration}}"
  # The | to_json function is necessary to escape custom_providers correct.
  command: >
-    docker exec -u www-data {{ applications.nextcloud.container.application }}
+    docker exec -u www-data {{ nextcloud_application_container_name }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@ -6,7 +6,7 @@ services:
  application:
    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
-    container_name: {{applications.nextcloud.container.application}}
+    container_name: {{nextcloud_application_container_name}}
    volumes:
      - data:{{nextcloud_docker_path}}
 {% if applications[application_id].oidc.flavor == "oidc_login" %}
@ -24,7 +24,7 @@ services:
  web:
    image: nginx:alpine
-    container_name: {{applications.nextcloud.container.proxy}}
+    container_name: {{nextcloud_nginx_container_name}}
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@ -2,9 +2,11 @@
 application_id:                           "nextcloud"
 database_password:  	                    "{{applications.nextcloud.credentials.database_password}}"
 database_type:                            "mariadb"
 nextcloud_application_container_name:     "nextcloud-application"
 nextcloud_nginx_container_name:           "nextcloud-web"
 nextcloud_config_file_host_path:          "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
 domain:                                   "{{domains[application_id]}}"
 http_port:                                "{{ ports.localhost.http[application_id] }}"
 nextcloud_docker_path:                    "/var/www/html/"
 nextcloud_docker_oidc_login_config_path:  "{{nextcloud_docker_path}}config/oidc.config.php"
-nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
+nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
--- a/roles/nginx-https-get-cert/tasks/main.yml
+++ b/roles/nginx-https-get-cert/tasks/main.yml
@ -35,9 +35,7 @@
      # AND: The domain is a direct first-level subdomain of the primary domain
    - domain != primary_domain  
      # The domain is not the primary domain
-  register: certbot_result
+  ignore_errors: true
  failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
  changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr)
 - name: run the recieve_certificate tasks once
  set_fact:
--- a/roles/nginx-modifier-css/templates/global.css.j2
+++ b/roles/nginx-modifier-css/templates/global.css.j2
@ -503,10 +503,6 @@ div#mastodon, div#admin-wrapper {
  --overlay-icon-shadow: drop-shadow(0 0 8px rgba(var(--color-rgb-01), 0.25));
 }
 .swal2-popup {
    color: #000;
 }
 /* Modal Overwrittes */ 
 div.modal div.modal-content {
  /* Colors – adjusted to the existing scheme */