Optimized rdr roles

Makefile

@@ -1,11 +1,11 @@
 ROLES_DIR           := ./roles
 APPLICATIONS_OUT    := ./group_vars/all/04_applications.yml
-APPLICATIONS_SCRIPT := ./cli/generate/defaults/applications.py
+APPLICATIONS_SCRIPT := ./cli/build/defaults/applications.py
 USERS_OUT           := ./group_vars/all/03_users.yml
-USERS_SCRIPT        := ./cli/generate/defaults/users.py
+USERS_SCRIPT        := ./cli/build/defaults/users.py
-INCLUDES_SCRIPT     := ./cli/generate/role_include.py
+INCLUDES_SCRIPT     := ./cli/build/role_include.py
 
-INCLUDE_GROUPS := $(shell python3 main.py meta invokable_paths -s "-" --no-signal | tr '\n' ' ')
+INCLUDE_GROUPS := $(shell python3 main.py meta categories invokable -s "-" --no-signal | tr '\n' ' ')
 
 # Directory where these include-files will be written
 INCLUDES_OUT_DIR    := ./tasks/groups
@@ -27,7 +27,7 @@ clean:
 
 tree:
 	@echo Generating Tree
-	python3 main.py generate tree -L 1
+	python3 main.py build tree -D 2 --no-signal
 
 build:
 	@echo "🔧 Generating users defaults → $(USERS_OUT)…"

cli/build/tree.py

@@ -4,7 +4,7 @@ import argparse
 import json
 from typing import Dict, Any
 
-from cli.generate.graph import build_mappings, output_graph
+from cli.build.graph import build_mappings, output_graph
 
 
 def find_roles(roles_dir: str):

cli/meta/applications/role_name.py

@@ -6,8 +6,6 @@ This script determines the appropriate Ansible role folder based on the provided
 by inspecting each role's vars/main.yml within the roles directory. By default, it assumes the
 roles directory is located at the project root, relative to this script's location.
 
-Example:
-  ./get_role_folder_cli.py --application-id my-app-id
 """
 import os
 import sys
@@ -55,7 +53,7 @@ def main():
         '-r', '--roles-path',
         default=os.path.join(
             os.path.dirname(os.path.realpath(__file__)),
-            os.pardir, os.pardir,
+            os.pardir, os.pardir, os.pardir,
             'roles'
         ),
         help='Path to the roles directory (default: roles/ at project root)'

cli/validate/inventory.py

@@ -10,7 +10,7 @@ script_dir = Path(__file__).resolve().parent
 repo_root = script_dir.parent.parent
 sys.path.insert(0, str(repo_root))
 
-from cli.meta.applications import find_application_ids
+from cli.meta.applications.all import find_application_ids
 
 def load_yaml_file(path):
     try:

docs/analysis/Features.md

@@ -15,7 +15,7 @@ Every business is unique, and so is CyMaIS! With a modular architecture, it adap
 With automated updates, system health checks, and security audits, CyMaIS ensures your infrastructure is always up-to-date and running smoothly. Roles such as `sys-hlth-docker-container`, `sys-hlth-btrfs`, and `sys-hlth-webserver` help monitor system integrity.
 
 ## Uncompromised Security 🔒
-Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-sys-bkp-data-to-usb`).
+Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-db-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-sys-bkp-data-to-usb`).
 
 ## User-Friendly with Expert Support 👩‍💻
 No need to be a Linux or Docker expert! CyMaIS simplifies deployment with intuitive role-based automation. Documentation and community support make IT administration accessible to all experience levels.

group_vars/all/05_maintenace.yml

@@ -28,7 +28,7 @@ system_maintenance_cleanup_services:
 system_maintenance_manipulation_services:
   - "sys-rpr-docker-soft"
   - "update-docker"
-  - "sys-opt-ssd-hdd"
+  - "svc-opt-ssd-hdd"
   - "sys-rpr-docker-hard"
   
 ## Total System Maintenance Services

group_vars/all/09_ports.yml

@@ -16,7 +16,7 @@ ports:
       gitea: 4188
       snipe-it: 4189
     ldap:
-      openldap: 389
+      svc-db-openldap: 389
     http:
       nextcloud: 8001
       gitea: 8002
@@ -73,7 +73,7 @@ ports:
       gitea: 2201
       gitlab: 2202
     ldaps:
-      ldap: 636
+      svc-db-openldap: 636
     stun:
       bigbluebutton: 3478    # Not sure if it's right placed here or if it should be moved to localhost section
     turn:

group_vars/all/10_networks.yml

@@ -30,7 +30,7 @@ defaults_networks:
       subnet: 192.168.101.144/28
     keycloak:
       subnet: 192.168.101.160/28
-    openldap:
+    svc-db-openldap:
       subnet: 192.168.101.176/28
     listmonk:
       subnet: 192.168.101.192/28
@@ -96,9 +96,9 @@ defaults_networks:
     # /24 Networks / 254 Usable Clients
     bigbluebutton:
       subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb
-    postgres:
+    svc-db-postgres:
       subnet: 192.168.200.0/24
-    mariadb:
+    svc-db-mariadb:
       subnet: 192.168.201.0/24
-    central_ldap:
+    svc-db-openldap:
       subnet: 192.168.202.0/24

group_vars/all/13_ldap.yml

@@ -6,7 +6,7 @@
 # Helper Variables:
 # Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory
 _ldap_dn_base:            "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
-_ldap_server_port:        "{% if applications.openldap.network.docker | bool %}{{ ports.localhost.ldap.openldap }}{% else %}{{ ports.localhost.ldaps.ldap }}{% endif %}"
+_ldap_server_port:        "{% if applications['svc-db-openldap'].network.docker | bool %}{{ ports.localhost.ldap[application_id] }}{% else %}{{ ports.localhost.ldaps[application_id] }}{% endif %}"
 _ldap_user_id:            "uid"
 _ldap_filters_users_all:  "(|(objectclass=inetOrgPerson))"
 
@@ -25,7 +25,7 @@ ldap:
       # The DN used to authenticate for regular directory operations under
       # the data tree (adding users, modifying attributes, creating OUs, etc.).
       # Typically: “cn=admin,dc=example,dc=com”
-      data: "cn={{ applications.openldap.users.administrator.username }},{{ _ldap_dn_base }}"
+      data: "cn={{ applications['svc-db-openldap'].users.administrator.username }},{{ _ldap_dn_base }}"
 
       # -------------------------------------------------------------------------
       # Config-Tree Administrator Bind DN
@@ -33,7 +33,7 @@ ldap:
       # need to load or modify schema, overlays, modules, or other server-
       # level settings.  
       # Typically: “cn=admin,cn=config”
-      configuration: "cn={{ applications.openldap.users.administrator.username }},cn=config"
+      configuration: "cn={{ applications['svc-db-openldap'].users.administrator.username }},cn=config"
 
     ou:
       # -------------------------------------------------------------------------
@@ -55,14 +55,14 @@ ldap:
     #   for ordinary user/group operations, and vice versa.
 
   # Password to access dn.bind
-  bind_credential:      "{{ applications.openldap.credentials.administrator_database_password }}"
+  bind_credential:      "{{ applications['svc-db-openldap'].credentials.administrator_database_password }}"
   server:
-    domain:             "{{applications.openldap.hostname if applications.openldap.network.docker | bool else domains.openldap}}" # Mapping for public or locale access
+    domain:             "{{applications['svc-db-openldap'].hostname if applications['svc-db-openldap'].network.docker | bool else domains['svc-db-openldap']}}" # Mapping for public or locale access
     port:               "{{_ldap_server_port}}"
-    uri:                "{% if applications.openldap.network.docker | bool %}ldap://{{ applications.openldap.hostname }}{% else %}ldaps://{{ domains.openldap }}{% endif %}:{{ _ldap_server_port }}"
+    uri:                "{% if applications['svc-db-openldap'].network.docker | bool %}ldap://{{ applications['svc-db-openldap'].hostname }}{% else %}ldaps://{{ domains['svc-db-openldap'] }}{% endif %}:{{ _ldap_server_port }}"
     security:           "" #TLS, SSL - Leave empty for none
   network:
-    local:              "{{applications.openldap.network.docker}}" # Uses the application configuration to define if local network should be available or not
+    local:              "{{applications['svc-db-openldap'].network.docker}}" # Uses the application configuration to define if local network should be available or not
   user:
     objects:
       structural:

group_vars/all/15_about.yml

@@ -9,12 +9,12 @@ defaults_service_provider:
       city:         "Cybertown"
       postal_code:  "00001"
       country:      "Nexusland"
-    logo:           "{{ applications['asset'].url ~ '/img/logo.png' }}"
+    logo:           "{{ applications['web-svc-asset'].url ~ '/img/logo.png' }}"
   platform:    
     titel:          "CyMaIS"
     subtitel:       "One login. Infinite applications."
-    logo:           "{{ applications['asset'].url ~ '/img/logo.png' }}"
+    logo:           "{{ applications['web-svc-asset'].url ~ '/img/logo.png' }}"
-    favicon:        "{{ applications['asset'].url ~ '/img/favicon.ico' }}"
+    favicon:        "{{ applications['web-svc-asset'].url ~ '/img/favicon.ico' }}"
   contact:
     bluesky: >-
       {{ ('@' ~ users.contact.username ~ '.' ~ domains.bluesky.api)
@@ -30,4 +30,4 @@ defaults_service_provider:
   legal:
     editorial_responsible:  "Johannes Gutenberg"
     source_code:            "https://github.com/kevinveenbirkenbach/cymais"
-    imprint:                "{{web_protocol}}://{{ domains | get_domain('html') }}/imprint.html"
+    imprint:                "{{web_protocol}}://{{ domains | get_domain('web-svc-html') }}/imprint.html"

main.py

@@ -185,11 +185,11 @@ if __name__ == "__main__":
             Fore.CYAN
         ))
         print(color_text(
-            "    e.g. `cymais generate defaults users` →",
+            "    e.g. `cymais build defaults users` →",
             Fore.CYAN
         ))
         print(color_text(
-            "    corresponds to `cli/generate/defaults/users.py`.",
+            "    corresponds to `cli/build/defaults/users.py`.",
             Fore.CYAN
         ))
         print()

roles/README.md

@@ -1,121 +0,0 @@
-# Roles
-
-This directory contains all of the Ansible roles used throughout the CyMaIS project. Roles are organized by function and prefixed accordingly.
-
-For a complete list of role categories and detailed definitions, see:
-
-- [Application Glossary](application_glosar.rst)  
-- [Application Categories](application_categories.rst)
-
----
-
-## Core & System
-
-- **core-***  
-  Fundamental system configuration (SSH, journald, sudo, etc.)
-
-- **dev-***  
-  Generic helpers and language/tool installers (e.g. `dev-git`, `dev-locales`, `sys-timer`)
-
-- **desk-***  
-  Desktop environment and application roles (e.g. `desk-gnome`, `desk-browser`, `desk-libreoffice`)
-
----
-
-## Webserver & HTTP
-
-- **srv-web-7-4-core**  
-  Installs and configures the base Nginx server.
-
-- **srv-web-6-6-tls-***  
-  Manages TLS certificates and renewal (formerly “https”; e.g. `srv-web-6-6-tls-deploy`, `srv-web-6-6-tls-renew`).
-
-- **srv-web-proxy-***  
-  Proxy and vhost orchestration roles (domain setup, OAuth2 proxy, etc.)
-
-- **srv-web-7-7-inj-***  
-  HTML response modifiers: CSS, JS, Matomo tracking, iframe notifier.
-
-- **srv-web-7-6-composer**  
-  Aggregates multiple sub-filters into one include for your vhost.
-
-- **web-svc-***  
-  Static‐content servers (assets, HTML, legal pages, file hosting).
-
-- **web-app-***  
-  Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon, Redis).
-
----
-
-## Network
-
-- **net-***  
-  Network infrastructure (DNS records, Let’s Encrypt HTTP entrypoints, WireGuard, etc.)
-
-- **svc-***  
-  Docker-deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP).
-
----
-
-## Monitoring & Alerting
-
-- **sys-hlth-***  
-  “Bot”-style health checks (Btrfs, disk‐space, Docker, journalctl, CSP crawler, webserver) with alerts.
-
-- **monitor-core-***  
-  Low-level system monitors (journalctl, Docker containers, disk space, etc.)
-
-- **sys-alm-***  
-  Notification handlers for failures (core, email, Telegram).
-
----
-
-## Maintenance & Healing
-
-- **maint-***  
-  Periodic maintenance tasks (Btrfs balancing, swapfile management, etc.)
-
-- **maint-docker-***  
-  Automated recovery and restarts for Docker Compose workloads.
-
-- **sys-cln-***  
-  Housekeeping tasks (old backups, expired certs, log rotation).
-
----
-
-## Backup & Restore
-
-- **sys-bkp-***  
-  Local and remote backup strategies for files, Docker volumes, databases.
-
----
-
-## Updates & Package Management
-
-- **update-***  
-  Keeps OS and language packages up to date (`update-apt`, `update-docker`, `update-pip`, etc.)
-
-- **pkgmgr-***  
-  Language or platform package managers (npm, pip, AUR helper, etc.)
-
----
-
-## Users & Access
-
-- **user-***  
-  Creates user accounts and SSH keys.
-
-- **user-administrator**, **user-root**  
-  Specialized configurations for privileged users.
-
----
-
-> **Tip:** To find a role quickly, search for its prefix:  
-> `core-`, `dev-`, `desk-`, `srv-web-`, `web-svc-`, `web-app-`,  
-> `net-`, `svc-`, `sys-hlth-`, `monitor-core-`, `sys-alm-`,  
-> `maint-`, `maint-docker-`, `sys-cln-`, `sys-bkp-`, `update-`,  
-> `pkgmgr-`, `user-`.
-
----
-
-_For more details on which applications each role supports, see the [Application Categories](application_categories.rst) and the full [Application Glossary](application_glosar.rst)._  

roles/categories.yml

@@ -4,6 +4,7 @@ roles:
     invokable: false
   sys:
     title: "System"
+    description: "System near components. Will be automaticly called if necessary from other roles."
     invokable: false
     alm:
       title: "Alerting"
@@ -94,6 +95,10 @@ roles:
       description: "Deployable web applications (GitLab, Nextcloud, Mastodon, etc.)"
       icon: "fas fa-docker"
       invokable: true
+    opt:
+      title: "Webserver Optimation"
+      description: "Tools which help to optimize webservers"
+      invokable: true
   net:
     title: "Network"
     description: "Network setup (DNS, Let's Encrypt HTTP, WireGuard, etc.)"
@@ -101,9 +106,19 @@ roles:
     invokable: true
   svc:
     title: "Services"
-    description: "Docker infrastructure services (DBMS, LDAP, Redis, etc.)"
+    description: "Infrastructure services like databases"
+    invokable: false
+    db:  
+      title: "Databases"
+      description: "Database applications (DBMS, LDAP, Redis, etc.)"
       icon: "fas fa-database"
       invokable: true
+    opt:
+      title: "Service Optimation"
+      description: "Optimation Services to improve your system"
+      icon: "fas fa-database"
+      invokable: true
+
   user:
     title: "Users & Access"
     description: "User accounts & access control"

roles/cmp-db-docker-proxy/tasks/main.yml

@@ -1,8 +1,8 @@
-- name: "load docker and db for {{application_id}}"
+- name: "For '{{ application_id }}': load docker and db"
   include_role: 
     name: cmp-db-docker
 
-- name: "include role srv-proxy-6-6-domain for {{application_id}}"
+- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain"
   include_role:
     name: srv-proxy-6-6-domain
   vars:

roles/cmp-db-docker/tasks/main.yml

@@ -1,17 +1,17 @@
-- name: "set database_application_id (Needed due to lazzy loading issue)"
+- name: "For '{{ application_id }}': Set database_application_id (Needed due to lazzy loading issue)"
   set_fact:
     database_application_id: "{{ application_id }}"
 
-- name: "Load database variables"
+- name: "For '{{ application_id }}': Load database variables"
   include_vars: "{{ item }}"
   loop:
     - "{{ cmp_db_docker_vars_file_docker }}"   # Important to load docker variables first so that database can use them
     - "{{ cmp_db_docker_vars_file_db }}" # Important to load them before docker role so that backup can use them
 
-- name: "Load docker-compose for {{ application_id }}"
+- name: "For '{{ application_id }}': Load docker-compose"
   include_role: 
     name: docker-compose
 
-- name: "Load central rdbms for {{ application_id }}"
+- name: "For '{{ application_id }}': Load central RDBMS"
   include_role: 
     name: cmp-rdbms

roles/cmp-docker-proxy/tasks/main.yml

@@ -1,8 +1,8 @@
-- name: "include docker-compose role"
+- name: "For '{{ application_id }}': include docker-compose role"
   include_role: 
     name: docker-compose
 
-- name: "include role srv-proxy-6-6-domain for {{application_id}}"
+- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain"
   include_role:
     name: srv-proxy-6-6-domain
   vars:

roles/cmp-rdbms/tasks/main.yml

@@ -1,20 +1,18 @@
 # The following env file will just be used from the dedicated mariadb container
-# and not the {{applications['mariadb'].hostname }}-database
+# and not the {{applications['svc-db-mariadb'].hostname }}
-- name: "Create {{database_env}}"
+- name: "For '{{ application_id }}': Create {{database_env}}"
   template: 
     src: "env/{{database_type}}.env.j2"
     dest: "{{database_env}}"
   notify: docker compose up
   when: not applications | is_feature_enabled('central_database',application_id)
 
-- name: "Create central database"
+- name: "For '{{ application_id }}': Create central database"
+  # I don't know why this includes leads to that the application_id in vars/main.yml of the database role isn't used
+  # This is the behaviour which I want, but I'm still wondering why ;)
   include_role:
-    name: "svc-{{database_type}}"
+    name: "svc-db-{{database_type}}"
   when: applications | is_feature_enabled('central_database',application_id)
 
-#- name: "Create central database"
+- name: "For '{{ application_id }}': Add Entry for Backup Procedure"
-#  include_tasks: "{{ playbook_dir }}/roles/svc-{{database_type}}/tasks/main.yml"
-#  when: applications | is_feature_enabled('central_database',application_id)
-
-- name: "Add database to backup"
   include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"

roles/cmp-rdbms/templates/services/postgres.yml.j2

@@ -1,7 +1,7 @@
 # This template needs to be included in docker-compose.yml, which depend on a postgres database
 {% if not applications | is_feature_enabled('central_database',application_id) %}  
   {{ database_host }}:
-    image: postgres:{{applications['postgres'].version}}-alpine
+    image: postgres:{{applications['svc-db-postgres'].version}}-alpine
     container_name: {{application_id}}-database
     env_file:
       - {{database_env}}

roles/cmp-rdbms/vars/database.yml

@@ -1,9 +1,9 @@
-database_instance:  "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}"
+database_instance:  "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}"
-database_host:      "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}"
+database_host:      "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}"
 database_name:      "{{ applications[ database_application_id ].database.name | default( database_application_id ) }}"      # The overwritte configuration is needed by bigbluebutton
 database_username:  "{{ applications[ database_application_id ].database.username | default( database_application_id )}}"   # The overwritte configuration is needed by bigbluebutton
 database_password:  "{{ applications[ database_application_id ].credentials.database_password }}"
-database_port:      "{{ 3306 if database_type == 'mariadb' else applications['postgres'].port }}"
+database_port:      "{{ applications[ 'svc-db-' ~ database_type ].port }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
 database_url_jdbc:  "jdbc:{{ database_type if database_type == 'mariadb' else 'postgresql' }}://{{ database_host }}:{{ database_port }}/{{ database_name }}"
 database_url_full:  "{{database_type}}://{{database_username}}:{{database_password}}@{{database_host}}:{{database_port}}/{{ database_name }}"

roles/desk-bluray-player/vars/main.yml

@@ -1 +1 @@
-application_id: bluray-player
+application_id: desk-bluray-player

roles/desk-chromium/vars/main.yml

@@ -1,5 +1,5 @@
 ---
 
-application_id:   "chromium"
+application_id:   "desk-chromium"
 
 chromium_package: "{{ 'chromium-browser' if ansible_os_family == 'Debian' else 'chromium' }}"

roles/desk-firefox/vars/main.yml

@@ -1,7 +1,7 @@
 ---
 # Default variables for the pc-firefox role
 
-application_id: "firefox"
+application_id: "desk-firefox"
 
 # Package name for Firefox on Arch Linux
 firefox_package: firefox

roles/desk-gnome-caffeine/vars/main.yml

@@ -1,2 +1,2 @@
 auto_start_directory: /home/{{users.client.username}}/.config/autostart/
-application_id: gnome-caffeine
+application_id: desk-gnome-caffeine

roles/desk-gnome-extensions/vars/main.yml

@@ -1 +1 @@
-application_id: gnome-extensions
+application_id: desk-gnome-extensions

roles/desk-gnome-terminal/vars/main.yml

@@ -1 +1 @@
-application_id: gnome-terminal
+application_id: desk-gnome-terminal

roles/desk-gnome/vars/main.yml

@@ -1 +1 @@
-application_id: gnome
+application_id: desk-gnome

roles/desk-gnucash/vars/main.yml

@@ -1 +1 @@
-application_id: gnucash
+application_id: desk-gnucash

roles/desk-jrnl/vars/main.yml

@@ -1 +1 @@
-application_id: jrnl
+application_id: desk-jrnl

roles/desk-keepassxc/vars/main.yml

@@ -1 +1 @@
-application_id: keepassxc
+application_id: desk-keepassxc

roles/desk-libreoffice/tasks/main.yml

@@ -2,11 +2,11 @@
   community.general.pacman:
     name:
       - ttf-liberation
-      - "libreoffice-{{ applications.libreoffice.flavor }}"
+      - "libreoffice-{{ applications['desk-libreoffice'].flavor }}"
     state: present
 
 - name: install libreoffice language packages
   community.general.pacman:
-    name: "libreoffice-{{ applications.libreoffice.flavor }}-{{ item }}"
+    name: "libreoffice-{{ applications['desk-libreoffice'].flavor }}-{{ item }}"
     state: present
   loop: "{{libreoffice_languages}}"

roles/desk-libreoffice/vars/main.yml

@@ -1 +1 @@
-application_id: "libreoffice"
+application_id: "desk-libreoffice"

roles/desk-nextcloud-client/vars/main.yml

@@ -1,3 +1,3 @@
 user_home_directory: /home/{{users.client.username}}/
 cloud_directory: '{{user_home_directory}}Clouds/{{cloud_fqdn}}/{{users.client.username}}/'
-application_id: nextcloud-client
+application_id: desk-nextcloud-client

roles/desk-obs/vars/main.yml

@@ -1 +1 @@
-application_id: obs
+application_id: desk-obs

roles/desk-qbittorrent/vars/main.yml

@@ -1 +1 @@
-application_id: qbittorrent
+application_id: desk-qbittorrent

roles/desk-retroarch/vars/main.yml

@@ -2,4 +2,4 @@ retroarch_packages:
 - retroarch
 - retroarch-assets-xmb
 - retroarch-assets-ozone
-application_id: retroarch
+application_id: desk-retroarch

roles/desk-spotify/vars/main.yml

@@ -1 +1 @@
-application_id: spotify
+application_id: desk-spotify

roles/desk-ssh/vars/main.yml

@@ -1 +1 @@
-application_id: ssh
+application_id: desk-ssh

roles/desk-torbrowser/vars/main.yml

@@ -1 +1 @@
-application_id: torbrowser
+application_id: desk-torbrowser

roles/desk-virtual-box/vars/main.yml

@@ -1 +1 @@
-application_id: virtual-box
+application_id: desk-virtual-box

roles/desk-zoom/vars/main.yml

@@ -1 +1 @@
-application_id: zoom
+application_id: desk-zoom

roles/dev-java/vars/main.yml

@@ -1 +1 @@
-application_id: java
+application_id: dev-java

roles/dev-make/vars/main.yml

@@ -1 +1 @@
-application_id: make
+application_id: dev-make

roles/docker-compose/templates/base.yml.j2

@@ -6,7 +6,7 @@ services:
 {% endif %}
 {# Load Redis #}
 {% if applications[application_id].docker.services.redis.enabled | default(false) | bool %}
-{% include 'roles/web-app-redis/templates/service.yml.j2' %}
+{% include 'roles/svc-db-redis/templates/service.yml.j2' %}
 {% endif %}
 {# Load OAuth2 Proxy #}
 {% if applications | is_feature_enabled('oauth2',application_id) %}

roles/docker-compose/templates/networks.yml.j2

@@ -1,11 +1,11 @@
 {# This template needs to be included in docker-compose.yml #}
 networks:
 {% if applications | is_feature_enabled('central_database',application_id) and database_type is defined %}
-  central_{{ database_type }}:
+  {{ applications[ 'svc-db-' ~ database_type ].network }}:
     external: true
 {% endif %}
-{% if applications[application_id].get('features', {}).get('ldap', false) and applications.openldap.network.docker | bool %}
+{% if applications[application_id].get('features', {}).get('ldap', false) and applications['svc-db-openldap'].network.docker | bool %}
-  central_ldap:
+  svc-db-openldap:
     external: true
 {% endif %}
   default:

roles/docker-container/templates/networks.yml.j2

@@ -1,10 +1,10 @@
 {# This template needs to be included in docker-compose.yml containers #}
     networks:
 {% if applications | is_feature_enabled('central_database',application_id) | bool and database_type is defined %}
-      central_{{ database_type }}:
+      {{ applications[ 'svc-db-' ~ database_type ].network }}:
 {% endif %}
-{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications.openldap.network.docker|bool %}
+{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications['svc-db-openldap'].network.docker|bool %}
-      central_ldap:
+      svc-db-openldap:
 {% endif %}
       default:
 {{ "\n" }}

roles/docker-core/tasks/main.yml

@@ -16,7 +16,7 @@
     group: administrator
   when: run_once_docker is not defined
 
-- name: Set docker_enabled to true, to activate sys-opt-ssd-hdd 
+- name: Set docker_enabled to true, to activate svc-opt-ssd-hdd 
   set_fact:
     docker_enabled: true
   when: run_once_docker is not defined

roles/gen-hunspell/vars/main.yml

@@ -1 +1 @@
-application_id: hunspell
+application_id: gen-hunspell

roles/net-wireguard-core/vars/main.yml

@@ -1 +1 @@
-application_id: wireguard-core
+application_id: net-wireguard-core

roles/net-wireguard-firewalled/vars/main.yml

@@ -1 +1 @@
-application_id: wireguard-firewalled
+application_id: net-wireguard-firewalled

roles/net-wireguard-plain/vars/main.yml

@@ -1 +1 @@
-application_id: wireguard-plain
+application_id: net-wireguard-plain

roles/svc-db-mariadb/config/main.yml

@@ -0,0 +1,4 @@
+version:  "latest"
+hostname: "svc-db-mariadb"
+network:  "svc-db-mariadb"
+port:     5432

roles/svc-db-mariadb/defaults/README.md

@@ -1,6 +1,6 @@
 # defaults/
 
-This directory contains default variable definition files for the `svc-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
+This directory contains default variable definition files for the `svc-db-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
 
 ---
 
@@ -34,7 +34,7 @@ Defines default values for how the MariaDB database should be created.
 
 To customize any of these values without editing role defaults:
 
-1. Create or update a playbook-level vars file (e.g. `group_vars/all/svc-mariadb.yml`).
+1. Create or update a playbook-level vars file (e.g. `group_vars/all/svc-db-mariadb.yml`).
 2. Set the desired values, for example:
 
    ```yaml

roles/svc-db-mariadb/tasks/main.yml

@@ -1,29 +1,29 @@
 - name: Create Docker network for MariaDB
   docker_network:
-    name: central_mariadb
+    name: "{{ applications['svc-db-mariadb'].network }}"
     state: present
     ipam_config:
-      - subnet: "{{ networks.local.mariadb.subnet }}"
+      - subnet: "{{ networks.local['svc-db-mariadb'].subnet }}"
   when: run_once_docker_mariadb is not defined
 
 - name: install MariaDB
   docker_container:
-    name: "{{applications['mariadb'].hostname }}"
+    name: "{{ applications['svc-db-mariadb'].hostname }}"
-    image: "mariadb:{{applications['mariadb'].version}}" #could lead to problems with nextcloud
+    image: "mariadb:{{applications['svc-db-mariadb'].version}}"
     detach: yes
     env:
-      MARIADB_ROOT_PASSWORD:  "{{applications['mariadb'].credentials.root_password}}"
+      MARIADB_ROOT_PASSWORD:  "{{applications['svc-db-mariadb'].credentials.root_password}}"
       MARIADB_AUTO_UPGRADE:   "1"
     networks:
-      - name: central_mariadb
+      - name: "{{ applications['svc-db-mariadb'].network }}"
     volumes:
-      - central_mariadb_database:/var/lib/mysql
+      - mariadb_database:/var/lib/mysql
     published_ports:
       - "127.0.0.1:{{database_port}}:3306" # can be that this will be removed if all applications use sockets
     command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
     restart_policy: "{{docker_restart_policy}}"
     healthcheck:
-      test: "/usr/bin/mariadb --user=root --password={{applications['mariadb'].credentials.root_password}} --execute \"SHOW DATABASES;\""
+      test: "/usr/bin/mariadb --user=root --password={{applications['svc-db-mariadb'].credentials.root_password}} --execute \"SHOW DATABASES;\""
       interval: 3s
       timeout: 1s
       retries: 5
@@ -38,7 +38,7 @@
 
 - name: Wait until the MariaDB container is healthy
   community.docker.docker_container_info:
-    name: "{{ applications['mariadb'].hostname }}"
+    name: "{{ applications['svc-db-mariadb'].hostname }}"
   register: db_info
   until:
   - db_info.containers is defined
@@ -56,7 +56,7 @@
     name:           "{{ database_name }}"
     state:          present
     login_user:     root
-    login_password: "{{ applications['mariadb'].credentials.root_password }}"
+    login_password: "{{ applications['svc-db-mariadb'].credentials.root_password }}"
     login_host:     127.0.0.1
     login_port:     "{{ database_port }}"
     encoding:       "{{ database_encoding }}"
@@ -70,7 +70,7 @@
     priv: '{{database_name}}.*:ALL'
     state: present
     login_user: root
-    login_password: "{{applications['mariadb'].credentials.root_password}}"
+    login_password: "{{applications['svc-db-mariadb'].credentials.root_password}}"
     login_host: 127.0.0.1
     login_port: "{{database_port}}"
 
@@ -78,7 +78,7 @@
 # @todo Remove if this works fine in the future. 
 #- name: Grant database privileges
 #  ansible.builtin.shell:
-#    cmd: "docker exec {{applications['mariadb'].hostname }} mariadb -u root -p{{ applications['mariadb'].credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON `{{database_name}}`.* TO '{{database_username}}'@'%';\""
+#    cmd: "docker exec {{applications['svc-db-mariadb'].hostname }} mariadb -u root -p{{ applications['svc-db-mariadb'].credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON `{{database_name}}`.* TO '{{database_username}}'@'%';\""
 #  args:
 #    executable: /bin/bash
 

roles/svc-db-mariadb/vars/README.md

@@ -1,6 +1,6 @@
 # vars/
 
-This directory contains variable definition files for the `svc-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
+This directory contains variable definition files for the `svc-db-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
 
 ---
 

roles/svc-db-mariadb/vars/main.yml

@@ -0,0 +1 @@
+application_id: svc-db-mariadb

roles/svc-db-openldap/config/main.yml

@@ -1,10 +1,11 @@
-images:
+hostname:         "svc-db-openldap"                   # Hostname of the LDAP Server in the ldap network
-  openldap:       "bitnami/openldap:latest"
 network:
+  name:           "svc-db-openldap"                    
   local:          True                                # Activates local network. Necessary for LDIF import routines
   docker:         True                                # Activates docker network to allow other docker containers to connect
   public:         False                               # Set to true in inventory file if you want to expose the LDAP port to the internet
-hostname:         "ldap"                              # Hostname of the LDAP Server in the central_ldap network
+images:
+  openldap:       "bitnami/openldap:latest"
 webinterface:     "lam"                               # The webinterface which should be used. Possible: lam and phpldapadmin
 features:
   ldap:           true

roles/svc-db-openldap/tasks/main.yml

@@ -19,17 +19,17 @@
 
 - name: create docker network for LDAP, so that other applications can access it
   docker_network:
-    name: central_ldap
+    name: "{{ applications[application_id].network.name }}"
     state: present
     ipam_config:
-      - subnet: "{{ networks.local.central_ldap.subnet }}"
+      - subnet: "{{ networks.local['svc-db-openldap'].subnet }}"
 
 - meta: flush_handlers
 
 - name: "Wait for LDAP to be available"
   wait_for:
     host: "127.0.0.1"
-    port: "{{ ports.localhost.ldap.openldap }}"
+    port: "{{ ports.localhost.ldap['svc-db-openldap'] }}"
     delay: 5
     timeout: 120
     state: started

roles/svc-db-openldap/tasks/reset_admin_passwords.yml

@@ -1,6 +1,5 @@
 ---
 # Reset both Database and Configuration Admin passwords in LDAP via LDAPI
-# roles/svc-openldap/tasks/reset_admin_passwords.yml
 
 - name: "Query available LDAP databases"
   shell: |

roles/svc-db-openldap/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %}
     ports:
-      - 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}}
+      - 127.0.0.1:{{ports.localhost.ldap['svc-db-openldap']}}:{{ldap_docker_port}}
 {% endif %}
     volumes:
       - 'data:/bitnami/openldap'