Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces

- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
  * cmp-db-docker → sys-stk-back-stateful
  * cmp-docker-oauth2 → sys-stk-back-stateless
  * srv-domain-provision → sys-stk-front
  * cmp-db-docker-proxy → sys-stk-full-stateful
  * cmp-docker-proxy → sys-stk-full-stateless
  * cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.

Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431

roles/categories.yml

@@ -1,9 +1,4 @@
 roles:
-  cmp:
-    title: "Compositions"
-    description: "Composition of other roles."
-    icon: "fas fa-sitemap"
-    invokable: false
   docker:
     title: "Docker Toolkit"
     description: "Generic Docker helpers and utilities (compose wrappers, container tooling)."
@@ -56,6 +51,11 @@ roles:
       description: "DNS providers, records, and rDNS management (Cloudflare, Hetzner, etc.)."
       icon: "fas fa-network-wired"
       invokable: false
+    stk:
+      title: "Stack"
+      description: "Stack levels to setup the server"
+      icon: "fas fa-bars-staggered"
+      invokable: false
   update:
     title: "Updates & Package Management"
     description: "OS & package updates"

roles/cmp-db-docker-proxy/README.md

@@ -1,11 +0,0 @@
-# Database Docker with Web Proxy
-
-This role builds on `cmp-db-docker` by adding a reverse-proxy frontend for HTTP access to your database service.
-
-## Features
-
-- **Database Composition**  
-  Leverages the `cmp-db-docker` role to stand up your containerized database (PostgreSQL, MariaDB, etc.) with backups and user management.
-
-- **Reverse Proxy**  
-  Includes the `srv-domain-provision` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.

roles/cmp-db-docker/vars/main.yml

@@ -1 +0,0 @@
-DATABASE_VARS_FILE: "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"

roles/cmp-rdbms/templates/services/main.yml.j2

@@ -1 +0,0 @@
-{% include 'roles/cmp-rdbms/templates/services/' + database_type + '.yml.j2' %}

roles/docker-compose/templates/base.yml.j2

@@ -2,7 +2,7 @@
 services:
 {# Load Database #}
 {% if applications | is_docker_service_enabled(application_id, 'database') %}
-{% include 'roles/cmp-rdbms/templates/services/main.yml.j2' %}
+{% include 'roles/sys-svc-rdbms/templates/services/main.yml.j2' %}
 {% endif %}
 {# Load Redis #}
 {% if applications | is_docker_service_enabled(application_id, 'redis') or applications | get_app_conf(application_id, 'features.oauth2', False) %}

roles/sys-service/handlers/main.yml

@@ -4,5 +4,6 @@
     daemon_reload: yes
     enabled: yes
     state: "{{ system_service_state }}"
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  async:  "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:   "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  when:   not (system_service_suppress_flush | bool)

roles/sys-service/tasks/05_service.yml

@@ -46,5 +46,5 @@
     command: /bin/true
     notify: refresh systemctl service
     when: not system_service_uses_at
-  when: (SYS_SERVICE_ALL_ENABLED | bool or system_force_flush | bool) and not system_service_suppress_flush | bool
+  when: (SYS_SERVICE_ALL_ENABLED | bool or system_force_flush | bool)
 

roles/sys-stk-back-stateful/README.md

@@ -1,18 +1,18 @@
 # Database Docker Composition
 
-This role combines the central RDBMS role (`cmp-rdbms`) with Docker Compose to deliver a ready-to-use containerized database environment.
+This role combines the central RDBMS role (`sys-svc-rdbms`) with Docker Compose to deliver a ready-to-use containerized database environment.
 
 ## Features
 
 - **Central RDBMS Integration**  
-  Includes the `cmp-rdbms` role, which handles backups, restores, user and permission management for your relational database system (PostgreSQL, MariaDB, etc.).
+  Includes the `sys-svc-rdbms` role, which handles backups, restores, user and permission management for your relational database system (PostgreSQL, MariaDB, etc.).
 
 - **Docker Compose**  
   Utilizes the standalone `docker-compose` role to define and bring up containers, networks, and volumes automatically.
 
 - **Variable Load Order**  
   1. Docker Compose variables (`roles/docker-compose/vars/docker-compose.yml`)  
-  2. Database variables (`roles/cmp-rdbms/vars/database.yml`)  
+  2. Database variables (`roles/sys-svc-rdbms/vars/database.yml`)  
   Ensures compose ports and volumes are defined before the database role consumes them.
 
 The role will load both sub-roles and satisfy all dependencies transparently.
@@ -22,4 +22,4 @@ The role will load both sub-roles and satisfy all dependencies transparently.
 1. **Set Fact** `database_application_id` to work around lazy‐loading ordering.
 2. **Include Vars** in the specified order.
 3. **Invoke** `docker-compose` role to create containers, networks, and volumes.
-4. **Invoke** `cmp-rdbms` role to provision the database, backups, and users.
+4. **Invoke** `sys-svc-rdbms` role to provision the database, backups, and users.

roles/sys-stk-back-stateful/tasks/main.yml

@@ -1,4 +1,4 @@
-# run_once_cmp_db_docker: disabled
+# run_once_sys_stk_back_stateful: disabled
 
 - name: "For '{{ application_id }}': Set database_application_id (Needed due to lazzy loading issue)"
   set_fact:
@@ -12,8 +12,8 @@
 
 - name: "For '{{ application_id }}': Load central RDBMS"
   include_role:
-    name: cmp-rdbms
+    name: sys-svc-rdbms
 
-- name: "For '{{ application_id }}': Load cmp-docker-oauth2"
+- name: "For '{{ application_id }}': Load sys-stk-back-stateless"
   include_role:
-    name: cmp-docker-oauth2
+    name: sys-stk-back-stateless

roles/sys-stk-back-stateful/vars/main.yml

@@ -0,0 +1 @@
+DATABASE_VARS_FILE: "{{ playbook_dir }}/roles/sys-svc-rdbms/vars/database.yml"

roles/sys-stk-back-stateless/README.md

@@ -1,4 +1,4 @@
-# cmp-docker-oauth2
+# sys-stk-back-stateless
 
 This Ansible role enhances a Docker Compose application by conditionally enabling OAuth2-based authentication. It ensures that the `docker-compose` role is always loaded, and if the application has OAuth2 support enabled via `features.oauth2`, it also configures the OAuth2 proxy.
 

roles/sys-stk-back-stateless/tasks/main.yml

@@ -1,4 +1,4 @@
-# run_once_cmp_docker_oauth2: disabled
+# run_once_sys_stk_back_stateless: disabled
 
 - name: "For '{{ application_id }}': Load docker-compose"
   include_role: 

roles/sys-stk-front/README.md

@@ -6,7 +6,7 @@ This role bootstraps **per-domain Nginx configuration**: it requests TLS certifi
 
 ## Overview
 
-A higher-level orchestration wrapper, *srv-domain-provision* ties together several lower-level roles:
+A higher-level orchestration wrapper, *sys-stk-front* ties together several lower-level roles:
 
 1. **`sys-srv-web-inj-compose`** – applies global tweaks and includes.  
 2. **`srv-tls-core`** – obtains Let’s Encrypt certificates.  

roles/sys-stk-front/tasks/cloudflare/02_enable_cf_dev_mode.yml

@@ -1,4 +1,3 @@
-# roles/srv-domain-provision/tasks/02_enable_cf_dev_mode.yml
 ---
 # Enables Cloudflare Development Mode (bypasses cache for ~3 hours).
 # Uses the same auth token as in 01_cleanup.yml: CLOUDFLARE_API_TOKEN

roles/sys-stk-front/tasks/main.yml

@@ -4,7 +4,7 @@
       name: srv-proxy-core
     when: run_once_srv_proxy_core is not defined
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_domain_provision is not defined
+  when: run_once_sys_stk_front is not defined
 
 - include_tasks: "01_cloudflare.yml"
   when: DNS_PROVIDER == "cloudflare"

roles/sys-stk-full-stateful/README.md

@@ -0,0 +1,11 @@
+# Database Docker with Web Proxy
+
+This role builds on `sys-stk-back-stateful` by adding a reverse-proxy frontend for HTTP access to your database service.
+
+## Features
+
+- **Database Composition**  
+  Leverages the `sys-stk-back-stateful` role to stand up your containerized database (PostgreSQL, MariaDB, etc.) with backups and user management.
+
+- **Reverse Proxy**  
+  Includes the `sys-stk-front` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.

roles/sys-stk-full-stateful/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
   description: >
-    Extends cmp-db-docker by adding an HTTP reverse proxy via srv-domain-provision.
+    Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front.
   company: |
     Kevin Veen-Birkenbach
     Consulting & Coaching Solutions

roles/sys-stk-full-stateful/tasks/main.yml

@@ -1,16 +1,16 @@
-# run_once_cmp_db_docker_proxy: deactivated
+# run_once_sys_stk_full_stateful: deactivated
 
 - include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
   vars:
     handler_role_name: "svc-prx-openresty"
 
-- name: "For '{{ application_id }}': load docker and db"
+- name: "For '{{ application_id }}': include role sys-stk-front"
   include_role:
-    name: cmp-db-docker
-
-- name: "For '{{ application_id }}': include role srv-domain-provision"
-  include_role:
-    name: srv-domain-provision
+    name: sys-stk-front
   vars:
     domain:     "{{ domains | get_domain(application_id) }}"
     http_port:  "{{ ports.localhost.http[application_id] }}"
+
+- name: "For '{{ application_id }}': load docker and db"
+  include_role:
+    name: sys-stk-back-stateful

roles/sys-stk-full-stateless/README.md

@@ -8,4 +8,4 @@ This role combines the standard Docker Compose setup with a reverse-proxy for an
   Brings up containers, networks, and volumes via the `docker-compose` role.
 
 - **Reverse Proxy**  
-  Uses the `srv-domain-provision` role to expose your application under a custom domain and port.
+  Uses the `sys-stk-front` role to expose your application under a custom domain and port.

roles/sys-stk-full-stateless/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
   description: >
-    Combines the docker-compose role with srv-domain-provision to
+    Combines the docker-compose role with sys-stk-front to
     deploy applications behind a reverse proxy.
   company: |
     Kevin Veen-Birkenbach

roles/sys-stk-full-stateless/tasks/main.yml

@@ -1,14 +1,13 @@
-# run_once_cmp_docker_proxy: deactivated
+# run_once_sys_stk_full_stateless: deactivated
 
 # Load the proxy first, so that openresty handlers are flushed before the main docker compose
-- name: "For '{{ application_id }}': include role srv-domain-provision"
+- name: "For '{{ application_id }}': include role sys-stk-front"
   include_role:
-    name: srv-domain-provision
+    name: sys-stk-front
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
 
-- name: "For '{{ application_id }}': Load cmp-docker-oauth2"
+- name: "For '{{ application_id }}': Load sys-stk-back-stateless"
   include_role: 
-    name: cmp-docker-oauth2
-
+    name: sys-stk-back-stateless

roles/sys-svc-rdbms/tasks/main.yml

@@ -1,4 +1,4 @@
-# run_once_cmp_rdbms: deactivated
+# run_once_sys_svc_rdbms: deactivated
 
 # The following env file will just be used from the dedicated mariadb container
 # and not the central one

roles/sys-svc-rdbms/templates/services/main.yml.j2

@@ -0,0 +1 @@
+{% include 'roles/sys-svc-rdbms/templates/services/' + database_type + '.yml.j2' %}

roles/web-app-akaunting/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - name: "For '{{ application_id }}': load docker, db and proxy"
   include_role:
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
   vars:
     # Forward flag into compose templating
     cmp_extra_facts:

roles/web-app-attendize/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: "For '{{ application_id }}': load docker and db"
   include_role: 
-    name: cmp-db-docker
+    name: sys-stk-back-stateful
   vars:
     docker_compose_flush_handlers: true 
     

roles/web-app-baserow/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
 - name: "For '{{ application_id }}': load docker, db and proxy"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful

roles/web-app-bigbluebutton/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless
   vars:
     docker_compose_flush_handlers: false
 - name: "include 04_seed-database-to-backup.yml"

roles/web-app-bluesky/tasks/main.yml

@@ -2,9 +2,9 @@
   include_role: 
     name: docker-compose
 
-- name: "include role srv-domain-provision for {{ application_id }}"
+- name: "include role sys-stk-front for {{ application_id }}"
   include_role:
-    name: srv-domain-provision
+    name: sys-stk-front
   vars:
     domain: "{{ item.domain }}"
     http_port: "{{ item.http_port }}"

roles/web-app-desktop/tasks/01_core.yml

@@ -7,7 +7,7 @@
 
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless
 
 - name: "Check if host-specific config.yaml exists in {{ DESKTOP_INVENTORY_CONFIG_PATH }}"
   stat:

roles/web-app-discourse/tasks/02_reset.yml

@@ -6,7 +6,7 @@
     file: "{{ item }}"
   loop:
     - "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
-    - "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"
+    - "{{ playbook_dir }}/roles/sys-svc-rdbms/vars/database.yml"
 
 - name: Sanity check for required vars
   assert:

roles/web-app-discourse/tasks/03_docker.yml

@@ -6,7 +6,7 @@
 
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
   vars:
     docker_compose_flush_handlers: true
 

roles/web-app-elk/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 
-- name: "include role srv-domain-provision for {{ application_id }}"
+- name: "include role sys-stk-front for {{ application_id }}"
   include_role:
-    name: srv-domain-provision
+    name: sys-stk-front
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"

roles/web-app-espocrm/README.md

@@ -8,7 +8,7 @@ Enhance your sales and service processes with EspoCRM, an open-source CRM featur
 
 This Ansible role deploys EspoCRM using Docker. It handles:
 
-- MariaDB database provisioning via the `cmp-rdbms` role  
+- MariaDB database provisioning via the `sys-svc-rdbms` role  
 - Nginx domain setup with WebSocket and reverse-proxy configuration  
 - Environment variable management through Jinja2 templates  
 - Docker Compose orchestration for **web**, **daemon**, and **websocket** services  

roles/web-app-espocrm/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
   vars:
     docker_compose_flush_handlers:  true
 

roles/web-app-friendica/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: Integrate LDAP
   include_tasks: 01_ldap.yml

roles/web-app-funkwhale/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 

roles/web-app-fusiondirectory/README.md

@@ -9,7 +9,7 @@ This Ansible role deploys and configures [FusionDirectory](https://www.fusiondir
 - Loads and templating of FusionDirectory-specific variables  
 - Generates a `.env` file for the container environment  
 - Deploys the FusionDirectory container via Docker Compose  
-- Configures NGINX (via the `srv-domain-provision` role) to expose the service  
+- Configures NGINX (via the `sys-stk-front` role) to expose the service  
 - Integrates with your central LDAP server for authentication  
 
 ## Features

roles/web-app-fusiondirectory/tasks/main.yml

@@ -1,3 +1,3 @@
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful

roles/web-app-gitea/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: Wait for Gitea HTTP endpoint
   wait_for:

roles/web-app-gitlab/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful

roles/web-app-jenkins/tasks/main.yml

@@ -1,4 +1,4 @@
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 

roles/web-app-joomla/README.md

@@ -1,4 +1,4 @@
-# Joomla CMS
+# Joomla
 
 ## Description
 

roles/web-app-joomla/config/main.yml

@@ -1,20 +1,31 @@
+autocreate_users:     true # Autocreate LDAP users on Login
 features:
   matomo:             true
   css:                true
   desktop:            true
   central_database:   true
   logout:             true
+  ldap:               false # There is no working free open source LDAP solution 2025-08-28
+  oidc:               false # There is no working free open source OIDC solution 2025-08-28
 server:
   domains:
     canonical:
       - "cms.{{ PRIMARY_DOMAIN }}"
+  csp:
+    flags:
+      style-src:
+        unsafe-inline: true
+      script-src-elem:
+        unsafe-inline: true
 docker:
   services:
     database:
-      enabled: true
+      enabled:  true
     joomla: 
       image:    joomla
       version:  latest
       name:     joomla
+      backup:
+        no_stop_required: true
   volumes:
-    data:             "joomla_data"
+    data:       "joomla_data"

roles/web-app-joomla/tasks/01_install.yml

@@ -0,0 +1,53 @@
+# Wait until the Joomla core is copied into the volume
+- name: "Wait for Joomla files to exist"
+  command:
+    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, /var/www/html/index.php ]
+  register: joomla_files
+  changed_when: false
+  retries: 60
+  delay: 2
+  until: joomla_files.rc == 0
+
+# (Optional) specifically wait for the CLI installer script
+- name: "Check for CLI installer"
+  command:
+    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, /var/www/html/installation/joomla.php ]
+  register: has_installer
+  changed_when: false
+  failed_when: false
+
+# Only if not already installed (no configuration.php)
+- name: "Check if Joomla is already installed"
+  command:
+    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, "{{ JOOMLA_CONFIG_FILE }}" ]
+  register: joomla_installed
+  changed_when: false
+  failed_when: false
+
+# Install (uses absolute path + argv)
+- name: "Joomla CLI install (first run only)"
+  command:
+    argv:
+      - docker
+      - exec
+      - "{{ JOOMLA_CONTAINER }}"
+      - php
+      - /var/www/html/installation/joomla.php
+      - install
+      - "--db-type={{ JOOMLA_DB_CONNECTOR }}"
+      - "--db-host={{ database_host }}"
+      - "--db-user={{ database_username }}"
+      - "--db-pass={{ database_password }}"
+      - "--db-name={{ database_name }}"
+      - "--admin-user={{ JOOMLA_USER }}"
+      - "--admin-username={{ JOOMLA_USER_NAME }}"
+      - "--admin-password={{ JOOMLA_USER_PASSWORD }}"
+      - "--admin-email={{ JOOMLA_USER_EMAIL }}"
+      - "--no-interaction"
+      - "--site-name={{ JOOMLA_SITE_NAME }}"
+  register: j_install
+  changed_when: j_install.rc == 0
+  failed_when: j_install.rc != 0
+  when:
+    - joomla_installed.rc != 0
+    - has_installer.rc == 0

roles/web-app-joomla/tasks/02_debug.yml

@@ -0,0 +1,45 @@
+- name: "Toggle Joomla debug flags safely (configuration.php)"
+  command:
+    argv:
+      - docker
+      - exec
+      - -e
+      - "J_MODE_DEBUG={{ MODE_DEBUG | default(false) | bool | ternary('1','0') }}"
+      - -e
+      - "J_ERR_LEVEL={{ MODE_DEBUG | default(false) | bool | ternary('maximum','default') }}"
+      - "{{ JOOMLA_CONTAINER }}"
+      - php
+      - -r
+      - |
+        $f = '{{ JOOMLA_CONFIG_FILE }}';
+        if (!file_exists($f)) { fwrite(STDERR, "configuration.php missing\n"); exit(1); }
+        $c = file_get_contents($f);
+        $changed = 0;
+
+        $debug = getenv('J_MODE_DEBUG') === '1';
+        $err   = getenv('J_ERR_LEVEL') ?: 'default';
+
+        // Clean up previously broken lines
+        $c = preg_replace('/^\s*public\s+1\s*=.*?;$/m', '', $c, -1, $nBad1); $changed += $nBad1;
+        $c = preg_replace('/^\s*public\s*=\s*maximum;$/m', '', $c, -1, $nBad2); $changed += $nBad2;
+
+        // Ensure: public $debug = true|false;
+        $lineDebug = "public \$debug = " . ($debug ? 'true' : 'false') . ";";
+        if (preg_match('/public\s*\$debug\s*=\s*[^;]*;/', $c)) {
+          $c = preg_replace('/public\s*\$debug\s*=\s*[^;]*;/', $lineDebug, $c, 1, $n); $changed += $n;
+        } else {
+          $c = preg_replace("/\n\}\s*$/", "\n\t".$lineDebug."\n}\n", $c, 1, $n); $changed += $n;
+        }
+
+        // Ensure: public $error_reporting = 'maximum'|'default';
+        $lineErr = "public \$error_reporting = '" . str_replace("'", "\\'", $err) . "';";
+        if (preg_match('/public\s*\$error_reporting\s*=\s*[^;]*;/', $c)) {
+          $c = preg_replace('/public\s*\$error_reporting\s*=\s*[^;]*;/', $lineErr, $c, 1, $n); $changed += $n;
+        } else {
+          $c = preg_replace("/\n\}\s*$/", "\n\t".$lineErr."\n}\n", $c, 1, $n); $changed += $n;
+        }
+
+        if ($changed) { file_put_contents($f, $c); echo "changed"; } else { echo "ok"; }
+  register: j_cfg_debug
+  changed_when: (j_cfg_debug.stdout | trim) == "changed"
+  failed_when: j_cfg_debug.rc != 0

roles/web-app-joomla/tasks/03_patch.yml

@@ -0,0 +1,52 @@
+- name: "Ensure configuration.php DB settings match inventory"
+  command:
+    argv:
+      - docker
+      - exec
+      - -e
+      - J_DBTYPE={{ JOOMLA_DB_CONNECTOR }}
+      - -e
+      - J_DBHOST={{ database_host }}:{{ database_port }}
+      - -e
+      - J_DBUSER={{ database_username }}
+      - -e
+      - J_DBPASS={{ database_password }}
+      - -e
+      - J_DBNAME={{ database_name }}
+      - "{{ JOOMLA_CONTAINER }}"
+      - php
+      - -r
+      - |
+        $f = '{{ JOOMLA_CONFIG_FILE }}';
+        if (!file_exists($f)) { exit(0); }
+        $c = file_get_contents($f);
+        $changed = 0;
+
+        $map = [
+          'dbtype'   => getenv('J_DBTYPE'),
+          'host'     => getenv('J_DBHOST'),
+          'user'     => getenv('J_DBUSER'),
+          'password' => getenv('J_DBPASS'),
+          'db'       => getenv('J_DBNAME'),
+        ];
+
+        foreach ($map as $k => $v) {
+          // Escape single quotes for safe embedding into the PHP source string
+          $vEsc = str_replace("'", "\\'", $v);
+
+          // Match current value in config: public $key = '...';
+          if (preg_match("/public \\$".$k."\\s*=\\s*'([^']*)';/", $c, $m) && $m[1] !== $v) {
+            $c = preg_replace(
+              "/public \\$".$k."\\s*=\\s*'[^']*';/",
+              "public $".$k." = '".$vEsc."';",
+              $c
+            );
+            $changed = 1;
+          }
+        }
+
+        if ($changed) { file_put_contents($f, $c); echo "changed"; } else { echo "ok"; }
+  register: cfg_patch
+  changed_when: cfg_patch.stdout == "changed"
+  failed_when: cfg_patch.rc != 0
+  when: joomla_installed.rc == 0

roles/web-app-joomla/tasks/04_assert.yml

@@ -0,0 +1,4 @@
+- name: "PHP lint configuration.php"
+  command:
+    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", php, "-l", "{{ JOOMLA_CONFIG_FILE }}" ]
+  changed_when: false

roles/web-app-joomla/tasks/main.yml

@@ -1,7 +1,26 @@
 ---
-- name: "load docker, db and proxy for {{ application_id }}"
-  include_role: 
-    name: cmp-db-docker-proxy
-  loop: "{{ domains }}"
+- name: "Include role sys-stk-front for {{ application_id }}"
+  include_role:
+    name: sys-stk-front
+  loop: "{{ JOOMLA_DOMAINS }}"
   loop_control:
-    loop_var: domain
+    loop_var: domain
+  vars:
+    http_port: "{{ ports.localhost.http[application_id] }}"
+
+- name: "load docker and db for {{ application_id }}"
+  include_role: 
+    name: sys-stk-back-stateful
+  vars:
+    docker_compose_flush_handlers: true
+
+- name: Include install routines
+  include_tasks: "{{ item }}"
+  loop:
+    - 01_install.yml
+    - 02_debug.yml
+    - 03_patch.yml
+
+- name: Include assert routines
+  include_tasks: "04_assert.yml"
+  when: MODE_ASSERT | bool

roles/web-app-joomla/templates/Dockerfile.j2

@@ -0,0 +1 @@
+FROM {{ JOOMLA_IMAGE }}:{{ JOOMLA_VERSION }}

roles/web-app-joomla/templates/docker-compose.yml.j2

@@ -1,7 +1,11 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   application:
-    image: "{{ JOOMLA_IMAGE }}:{{ JOOMLA_VERSION }}"
-    container_name:  "{{ JOOMLA_CONTAINER }}"
+    build:
+      context: {{ docker_compose.directories.instance }}
+      dockerfile: Dockerfile
+    image: "{{ JOOMLA_CUSTOM_IMAGE }}"
+    container_name: {{ JOOMLA_CONTAINER }}
+    pull_policy: never
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     volumes:
       - data:/var/www/html

roles/web-app-joomla/templates/env.j2

@@ -1,4 +1,14 @@
-JOOMLA_DB_HOST="{{ database_host }}:{{ database_port }}"
-JOOMLA_DB_USER="{{ database_username }}"
-JOOMLA_DB_PASSWORD="{{ database_password }}"
-JOOMLA_DB_NAME="{{ database_name }}"
+JOOMLA_SITE_NAME={{ JOOMLA_SITE_NAME }}
+JOOMLA_ADMIN_USER={{ JOOMLA_USER }}
+JOOMLA_ADMIN_USERNAME={{ JOOMLA_USER_NAME }}
+JOOMLA_ADMIN_PASSWORD={{ JOOMLA_USER_PASSWORD }}
+JOOMLA_ADMIN_EMAIL={{ JOOMLA_USER_EMAIL }}
+
+{% if database_type == 'mariadb' %}
+# Database
+JOOMLA_DB_HOST={{ database_host }}:{{ database_port }}
+JOOMLA_DB_USER={{ database_username }}
+JOOMLA_DB_PASSWORD={{ database_password }}
+JOOMLA_DB_NAME={{ database_name }}
+JOOMLA_DB_TYPE={{ JOOMLA_DB_CONNECTOR }}
+{% endif %}

roles/web-app-joomla/vars/main.yml

@@ -1,10 +1,21 @@
 # General
-application_id:     "web-app-joomla"
-database_type:      "postgres"
-container_port:     80
+application_id:                   "web-app-joomla"
+database_type:                    "mariadb"
+container_port:                   80
 
 # Joomla
-JOOMLA_VERSION:    "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
-JOOMLA_IMAGE:      "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
-JOOMLA_CONTAINER:  "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
-JOOMLA_VOLUME:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+JOOMLA_VERSION:                   "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
+JOOMLA_IMAGE:                     "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
+JOOMLA_CONTAINER:                 "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
+JOOMLA_VOLUME:                    "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+JOOMLA_CUSTOM_IMAGE:              "{{ JOOMLA_IMAGE }}_custom"
+JOOMLA_DOMAINS:                   "{{ applications | get_app_conf(application_id, 'server.domains.canonical') }}"
+JOOMLA_SITE_NAME:                 "{{ SOFTWARE_NAME }} Joomla - CMS"
+JOOMLA_DB_CONNECTOR:              "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
+JOOMLA_CONFIG_FILE:               "/var/www/html/configuration.php"
+
+# User
+JOOMLA_USER_NAME:                 "{{ users.administrator.username }}"
+JOOMLA_USER:                      "{{ JOOMLA_USER_NAME | capitalize }}"     
+JOOMLA_USER_PASSWORD:             "{{ users.administrator.password }}"
+JOOMLA_USER_EMAIL:                "{{ users.administrator.email }}"

roles/web-app-keycloak/tasks/01_meta.yml

@@ -5,4 +5,4 @@
     file: "{{ item }}"
   loop:
     - "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
-    - "{{ playbook_dir }}/roles/cmp-rdbms/vars/database.yml"
+    - "{{ playbook_dir }}/roles/sys-svc-rdbms/vars/database.yml"

roles/web-app-keycloak/tasks/04_dependencies.yml

@@ -7,6 +7,6 @@
   
   - name: "load docker, db and proxy for {{ application_id }}"
     include_role:
-      name: cmp-db-docker-proxy
+      name: sys-stk-full-stateful
     vars:
       docker_compose_flush_handlers: true

roles/web-app-lam/tasks/main.yml

@@ -1,3 +1,3 @@
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless

roles/web-app-listmonk/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
   vars:
     proxy_extra_configuration: >-
       {% if not applications | get_app_conf(application_id, 'public_api_activated', True) %}

roles/web-app-mailu/tasks/01_core.yml

@@ -27,7 +27,7 @@
   block:
   - name: "load docker, db and proxy for {{ application_id }}"
     include_role: 
-      name: cmp-db-docker-proxy
+      name: sys-stk-full-stateful
     vars:
       docker_compose_flush_handlers: true
 

roles/web-app-mastodon/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "Include setup for domain '{{ domain }}'"
   include_role: 
-    name: srv-domain-provision
+    name: sys-stk-front
   loop: "{{ domains['web-app-mastodon'] }}"
   loop_control:
     loop_var: domain
@@ -14,7 +14,7 @@
 
 - name: "load docker and db for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker
+    name: sys-stk-back-stateful
   vars:
     docker_compose_flush_handlers: true
 

roles/web-app-matomo/tasks/01_core.yml

@@ -1,6 +1,6 @@
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: "Patch Matomo config.ini.php"
   include_tasks: 02_configuration.yml

roles/web-app-matrix/tasks/01_docker.yml

@@ -1,6 +1,6 @@
 - name: "load docker and db for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker
+    name: sys-stk-back-stateful
   vars:
     docker_compose_flush_handlers: false
 

roles/web-app-matrix/tasks/03_webserver.yml

@@ -9,9 +9,9 @@
     src:  "well-known.j2" 
     dest: "{{ MATRIX_WELL_KNOWN_FILE }}"
         
-- name: "include role srv-domain-provision for {{ MATRIX_ELEMENT_DOMAIN }}"
+- name: "include role sys-stk-front for {{ MATRIX_ELEMENT_DOMAIN }}"
   include_role: 
-    name: srv-domain-provision
+    name: sys-stk-front
   vars:        
     domain:     "{{ MATRIX_ELEMENT_DOMAIN }}"
     http_port:  "{{ MATRIX_ELEMENT_PORT }}"

roles/web-app-mediawiki/config/main.yml

@@ -1,16 +1,21 @@
+sitename:       "Wiki on {{ PRIMARY_DOMAIN | upper }}"
+meta_namespace: "Meta"
 server:
   domains:
     canonical:
       - "wiki.{{ PRIMARY_DOMAIN }}"
 docker:
   services:
+    database:
+      enabled:  true
     mediawiki: 
       image:    mediawiki
       version:  latest
       backup:
         no_stop_required: true
       name:     mediawiki
-    volumes:
-      data:     mediawiki_data
+  volumes:
+    data:     mediawiki_data
 features:
   logout: true
+  central_database: true

roles/web-app-mediawiki/tasks/main.yml

@@ -1,8 +1,33 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
+  vars:
+    docker_compose_flush_handlers: false
 
-- name: add docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{ docker_compose.directories.instance }}docker-compose.yml
-  notify: docker compose up
+- name: "Deploy MediaWiki LocalSettings.php"
+  template:
+    src: "LocalSettings.php.j2"
+    dest: "{{ MEDIAWIKI_SETTINGS_HOST_PATH }}"
+    mode: '0644'
+
+- name: "Flush docker compose handlers"
+  meta: flush_handlers
+
+- name: "Create MediaWiki admin user"
+  command: >
+    docker exec
+    -u {{ MEDIAWIKI_USER }}
+    {{ MEDIAWIKI_CONTAINER }}
+    php /var/www/html/maintenance/createAndPromote.php
+    --bureaucrat --sysop
+    {{ MEDIAWIKI_ADMINISTRATOR_NAME }}
+    {{ MEDIAWIKI_ADMINISTRATOR_PASSWORD }}
+    {{ MEDIAWIKI_ADMINISTRATOR_EMAIL }}
+  register: create_admin
+  changed_when: >
+    'created' in (create_admin.stdout | default('')) or
+    'Created' in (create_admin.stdout | default(''))
+  failed_when: >
+    create_admin.rc != 0 and
+    ('already exists' not in (create_admin.stdout | default('') ~ create_admin.stderr | default('')))

roles/web-app-mediawiki/templates/LocalSettings.php.j2

@@ -0,0 +1,29 @@
+<?php
+# This file was automatically generated by the MediaWiki installer.
+# Managed by Ansible in your setup.
+
+# Basic settings
+$wgSitename = "{{ MEDIAWIKI_SITENAME }}";
+$wgMetaNamespace = "{{ MEDIAWIKI_META_NAMESPACE }}";
+$wgScriptPath = "";
+$wgServer = "{{ MEDIAWIKI_URL }}";
+
+# Database settings
+$wgDBtype = "mysql";
+$wgDBserver = "{{ database_host }}:{{ database_port }}";
+$wgDBname = "{{ database_name }}";
+$wgDBuser = "{{ database_username }}";
+$wgDBpassword = "{{ database_password }}";
+
+# Email settings
+$wgEnableEmail = true;
+$wgEnableUserEmail = true;
+$wgEmergencyContact = "{{ users.administrator.email }}";
+$wgPasswordSender = "{{ users['no-reply'].email }}";
+
+# Default skin
+$wgDefaultSkin = "vector";
+
+# Extensions (examples)
+wfLoadExtension( 'ParserFunctions' );
+wfLoadExtension( 'Cite' );

roles/web-app-mediawiki/templates/docker-compose.yml.j2

@@ -1,16 +1,19 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-      container_name: "{{ mediawiki_name }}"
-      image: "{{ mediawiki_image }}:{{ mediawiki_version }}"
-      volumes:
-        - "data:/var/www/html/"
-      ports:
-        - "127.0.0.1:{{ ports.localhost.http[application_id] }}:80"
+    container_name: "{{ MEDIAWIKI_CONTAINER }}"
+    image: "{{ MEDIAWIKI_IMAGE }}:{{ MEDIAWIKI_VERSION }}"
+    volumes:
+      - "data:/var/www/html/"
+      - "{{ MEDIAWIKI_SETTINGS_HOST_PATH }}:{{ MEDIAWIKI_SETTINGS_DOCK_PATH }}:ro"
+    ports:
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
-    name: {{ mediawiki_volume }}
-{% include 'roles/docker-compose/templates/networks.yml.j2' %}
+    name: {{ MEDIAWIKI_VOLUME }}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mediawiki/vars/main.yml

@@ -1,6 +1,23 @@
-application_id:     "web-app-mediawiki"
-database_type:      "mariadb"
-mediawiki_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version', True) }}"
-mediawiki_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image', True) }}"
-mediawiki_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name', True) }}"
-mediawiki_volume:    "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+# General
+application_id:                   "web-app-mediawiki"
+database_type:                    "mariadb"
+container_port:                   80
+
+# Mediawiki
+MEDIAWIKI_SITENAME:               "{{ applications | get_app_conf(application_id, 'sitename') }}"
+MEDIAWIKI_META_NAMESPACE:         "{{ applications | get_app_conf(application_id, 'meta_namespace') }}"
+MEDIAWIKI_URL:                    "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+
+## Docker
+MEDIAWIKI_VERSION:                "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version') }}"
+MEDIAWIKI_IMAGE:                  "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image') }}"
+MEDIAWIKI_CONTAINER:              "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name') }}"
+MEDIAWIKI_VOLUME:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+MEDIAWIKI_SETTINGS_HOST_PATH:     "{{ [docker_compose.directories.volumes, 'LocalSettings.php'] | path_join }}"
+MEDIAWIKI_SETTINGS_DOCK_PATH:     "/var/www/html/LocalSettings.php"
+MEDIAWIKI_USER:                   "www-data"
+
+# User
+MEDIAWIKI_ADMINISTRATOR_NAME:     "{{ users.administrator.username }}"
+MEDIAWIKI_ADMINISTRATOR_PASSWORD: "{{ users.administrator.password }}"
+MEDIAWIKI_ADMINISTRATOR_EMAIL:    "{{ users.administrator.email }}"

roles/web-app-mig/tasks/01_core.yml

@@ -18,7 +18,7 @@
 
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless
 
 - name: Build data (single async task)
   include_tasks: 02_build_data.yml

roles/web-app-mobilizon/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: add config.exs
   template:

roles/web-app-moodle/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: Check if config.php exists
   command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}

roles/web-app-mybb/Installation.md

@@ -1,55 +0,0 @@
-# Installation
-
-## Multi Domain Installation
-If you want to access your mybb over multiple domains, keep the following in mind:
-- Set Cookie Domain to nothing
-- Access mybb for installation via mybb.<PRIMARY_DOMAIN> 
-- Set the Board Url to mybb.<PRIMARY_DOMAIN>
-
-## Manual Installation of MyBB Plugins
-
-This guide describes the process of manually installing MyBB plugins in your Docker-MyBB environment. This can be useful if you want to quickly test plugins or do not wish to execute the Ansible role.
-
-### Steps for Manual Installation
-
-
-1. **Prepare Plugin Files:**
-   - Download the desired MyBB plugin zip files.
-
-2. **Copy plugin to host:**
-    - ```bash scp <plugin> administrator@<server>:/opt/docker/mybb/plugins```
-
-3. **Unzip Plugin Files on the Host:**
-   - Unzip the plugin zip files in the host's plugin directory:
-     ```bash
-     unzip /opt/docker/mybb/plugins/<plugin-file>.zip -d /opt/docker/mybb/plugins/
-     ```
-   - Replace `<plugin-file>.zip` with the name of the plugin zip file.
-   - Repeat this step for each plugin.
-
-4. **Access the Docker Container:**
-   - Open a terminal or SSH session on the server where the Docker container is running.
-
-5. **Copy Unzipped Plugin Files to the Container:**
-   - Copy the unzipped plugin files from the host directory to the Docker container:
-     ```bash
-     docker compose cp /opt/docker/mybb/plugins/<unzipped-plugin-folder> application:/var/www/html/inc/plugins/
-     ```
-   - Replace `<unzipped-plugin-folder>` with the name of the unzipped plugin folder.
-
-6. **Restart the Container:**
-   - Execute the following command to restart the MyBB container:
-     ```bash
-     docker-compose -p mybb up -d --force-recreate
-     ```
-   - This ensures all changes take effect.
-
-7. **Activate Plugins in the MyBB Admin Panel:**
-   - Open the MyBB admin panel in your web browser.
-   - Navigate to the plugin settings and activate the newly installed plugins.
-
-### Important Notes
-
-- Ensure you use the correct paths and filenames.
-- Do not forget to regularly back up your MyBB database and files before making changes.
-- If encountering issues, refer to the MyBB documentation or specific instructions from the plugin author.

roles/web-app-mybb/schema/main.yml

@@ -0,0 +1,8 @@
+credentials:  
+  secret_pin:
+    description: >
+      Optional secret PIN required for accessing the MyBB Admin Control Panel.
+      If set, administrators must enter this PIN in addition to their username
+      and password when logging into the ACP.
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"

roles/web-app-mybb/tasks/main.yml

@@ -1,36 +1,25 @@
-- block:
-  - name: Include dependency 'srv-proxy-core'
-    include_role:
-      name: srv-proxy-core
-    when: run_once_srv_proxy_core is not defined
-  - include_tasks: utils/run_once.yml
-  when: run_once_web_app_mybb is not defined
+- name: "load docker, db and proxy for {{ application_id }}"
+  include_role: 
+    name: sys-stk-full-stateful
+  vars:
+    docker_compose_flush_handlers: false
+    proxy_extra_configuration: "sub_filter '{{MYBB_DOMAIN}}' '{{ MYBB_DOMAIN }}';"
 
-- name: "include tasks setup-domain.yml with {{ domains | get_domain(application_id) }}"
-  include_tasks: setup-domain.yml
-  loop: "{{ mybb_domains + [source_domain] }}"
-  loop_control:
-    loop_var: domain
-
-- name: "load docker and db for {{ application_id }}"
-  include_role:
-    name: cmp-db-docker
-
-- name: "create {{docker_compose_instance_confd_directory}} and parent directories"
+- name: "create {{ MYBB_NGINX_CONF_DIR_HOST }} and parent directories"
   file:
-    path: "{{docker_compose_instance_confd_directory}}"
+    path: "{{ MYBB_NGINX_CONF_DIR_HOST }}"
     state: directory
     mode: "0755"
     recurse: yes
 
-- name: "create {{docker_compose_instance_confd_defaultconf_file}}"
+- name: "Deploy {{ MYBB_NGINX_DEFAULT_CONF_HOST }}"
   template:
     src: "default.conf.j2"
-    dest: "{{docker_compose_instance_confd_defaultconf_file}}"
+    dest: "{{ MYBB_NGINX_DEFAULT_CONF_HOST }}"
   notify: docker compose up
 
-- name: add docker-compose.yml
+- name: "Deploy {{ MYBB_CONFIG_HOST_PATH }}"
   template:
-    src: "docker-compose.yml.j2"
-    dest: "{{ docker_compose.directories.instance }}docker-compose.yml"
-  notify: docker compose up
+    src: "config.php.j2"
+    dest: "{{ MYBB_CONFIG_HOST_PATH }}"
+    mode: '0644'

roles/web-app-mybb/tasks/setup-domain.yml

@@ -1,13 +0,0 @@
-- name: "include role receive certbot certificate"
-  include_role: 
-    name: srv-tls-core
-  vars:
-    domain: "{{ domains | get_domain(application_id) }}"
-
-- name: configure {{ domains | get_domain(application_id) }}.conf
-  template: 
-    src:  "roles/srv-proxy-core/templates/vhost/basic.conf.j2" 
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf"
-  notify: restart openresty
-  vars: 
-    proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{ domains | get_domain(application_id) }}';"

roles/web-app-mybb/templates/config.php.j2

@@ -0,0 +1,13 @@
+<?php
+$config = array();
+$config['database']['type'] = 'mysqli';
+$config['database']['database'] = '{{ database_name }}';
+$config['database']['table_prefix'] = 'mybb_';
+$config['database']['hostname'] = '{{ database_host }}';
+$config['database']['port'] = '{{ database_port }}';
+$config['database']['username'] = '{{ database_username }}';
+$config['database']['password'] = '{{ database_password }}';
+$config['database']['encoding'] = 'utf8mb4';
+$config['super_admins'] = '{{ MYBB_ADMIN_USER_ID }}';
+$config['secret_pin'] = '{{ MYBB_SECRET_PIN  }}';
+$config['admin_dir'] = 'admin';

roles/web-app-mybb/templates/docker-compose.yml.j2

@@ -1,11 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   application:
-    logging:
-      driver: journald
-      options:
-        tag: "mybb_application"
-    image: {{ mybb_image }}:{{ mybb_version }}
-    container_name: {{ mybb_name }}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: {{ MYBB_IMAGE }}:{{ MYBB_VERSION }}
+    container_name: {{ MYBB_CONTAINER }}
     restart: {{ DOCKER_RESTART_POLICY }}
     volumes:
       - data:/var/www/html
@@ -13,21 +10,20 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 
   server:
-    logging:
-      driver: journald
-      options:
-        tag: "mybb_server"
+{% include 'roles/docker-container/templates/base.yml.j2' %}
     image: nginx:mainline
     restart: {{ DOCKER_RESTART_POLICY }}
     ports:
-      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:80"
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
     volumes:
-    - "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
+    - "{{ MYBB_NGINX_CONF_DIR_HOST }}:{{ MYBB_NGINX_CONF_DIR_DOCK }}:ro"
+    - "{{ MYBB_CONFIG_HOST_PATH }}:{{ MYBB_CONFIG_DOCK_PATH }}:ro"
     - "data:/var/www/html:ro"
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
-    name: {{ mybb_volume }}
+    name: {{ MYBB_VOLUME }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mybb/vars/main.yml

@@ -1,11 +1,25 @@
 ---
-application_id:                                 "web-app-mybb"
-docker_compose_instance_confd_directory:        "{{ docker_compose.directories.instance }}conf.d/"
-docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
-target_mount_conf_d_directory:                  "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}"
-source_domain:                                  "mybb.{{ PRIMARY_DOMAIN }}"
-database_type:                                  "mariadb"
-mybb_version:                                   "{{ applications | get_app_conf(application_id, 'docker.services.mybb.version', True) }}"
-mybb_image:                                     "{{ applications | get_app_conf(application_id, 'docker.services.mybb.image', True) }}"
-mybb_name:                                      "{{ applications | get_app_conf(application_id, 'docker.services.mybb.name', True) }}"
-mybb_volume:                                    "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+# General
+application_id:                 "web-app-mybb"
+database_type:                  "mariadb"
+container_port:                 80
+
+# MyBB
+
+## Credentials 
+MYBB_SECRET_PIN:                "{{ applications | get_app_conf(application_id, 'credentials.secret_pin') }}"
+
+## Server
+MYBB_NGINX_CONF_DIR_HOST:       "{{ docker_compose.directories.instance }}conf.d/"
+MYBB_NGINX_CONF_DIR_DOCK:       "{{ NGINX.DIRECTORIES.CONFIGURATION }}"
+MYBB_NGINX_DEFAULT_CONF_HOST:   "{{ MYBB_NGINX_CONF_DIR_HOST }}default.conf"
+
+## Application
+MYBB_ADMIN_USER_ID:             1
+MYBB_DOMAIN:                    "{{ domains | get_domain(application_id) }}"
+MYBB_VERSION:                   "{{ applications | get_app_conf(application_id, 'docker.services.mybb.version') }}"
+MYBB_IMAGE:                     "{{ applications | get_app_conf(application_id, 'docker.services.mybb.image') }}"
+MYBB_CONTAINER:                 "{{ applications | get_app_conf(application_id, 'docker.services.mybb.name') }}"
+MYBB_VOLUME:                    "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+MYBB_CONFIG_HOST_PATH:          "{{ [docker_compose.directories.instance, 'config.php'] | path_join }}"
+MYBB_CONFIG_DOCK_PATH:          "/var/www/html/inc/config.php"

roles/web-app-navigator/tasks/main.yml

@@ -16,7 +16,7 @@
 
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless
 
 # Hack because it wasn't possible to fix an handler bug in pkgmgr install
 - name: „Trigger“ docker compose up

roles/web-app-nextcloud/tasks/main.yml

@@ -21,7 +21,7 @@
 
 - name: "load docker and db for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker
+    name: sys-stk-back-stateful
   vars:
     docker_compose_flush_handlers: false
 

roles/web-app-openproject/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, db and proxy for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker-proxy
+    name: sys-stk-full-stateful
 
 - name: "Create {{ openproject_plugins_folder }}"
   file:

roles/web-app-peertube/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: "load docker and db for {{ application_id }}"
   include_role: 
-    name: cmp-db-docker
+    name: sys-stk-back-stateful
 
 - name: "Install and activate auth-openid-connect plugin if OIDC is enabled"
   include_tasks: enable-oidc.yml

roles/web-app-pgadmin/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless
 
 - name: "configure pgadmin servers"
   include_tasks: configuration.yml

roles/web-app-phpldapadmin/tasks/main.yml

@@ -1,3 +1,3 @@
 - name: "load docker, proxy for '{{ application_id }}'"
   include_role:
-    name: cmp-docker-proxy
+    name: sys-stk-full-stateless