Optimized nextcloud database variable

README.md

@@ -73,7 +73,7 @@ Contact me for more details:
 ## Showcases
 The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
 
-[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-redirect-domain), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-static-repository), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-modifier-matomo), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-redirect-www), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud Client](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud Server](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Lock](./roles/system-maintenance-lock),[Open Project](./roles/docker-openproject)...
+[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-redirect-domain), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-serve-html), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-modifier-matomo), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-redirect-www), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud Client](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud Server](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Lock](./roles/system-maintenance-lock),[Open Project](./roles/docker-openproject)...
 
 ## License
 

SERVER_APPLICATIONS.md

@@ -19,7 +19,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c
 - **[Letsencrypt](./roles/letsencrypt/)**: Configures Let's Encrypt for SSL certificates.
 - **[Nginx](./roles/nginx/)**: Installs and configures Nginx web server.
 - **[Nginx-Docker-Reverse-Proxy](./roles/nginx-docker-reverse-proxy/)**: Sets up a reverse proxy for Docker containers.
-- **[nginx-static-repository](./roles/nginx-static-repository/)**: Configures a homepage for Nginx.
+- **[nginx-serve-html](./roles/nginx-serve-html/)**: Configures a homepage for Nginx.
 - **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
 - **[nginx-modifier-matomo](./roles/nginx-modifier-matomo/)**: Integrates Matomo tracking with Nginx.
 - **[nginx-redirect-domain](./roles/nginx-redirect-domain/)**: Manages URL redirects in Nginx.

group_vars/all/03_domains.yml

@@ -10,10 +10,12 @@ defaults_domains:
   bluesky_web:             "bskyweb.{{primary_domain}}"
   discourse:               "forum.{{primary_domain}}"
   elk:                     "elk.{{primary_domain}}"
+  file_server:             "files.{{primary_domain}}"
   friendica:               "friendica.{{primary_domain}}"
   funkwhale:               "music.{{primary_domain}}"
   gitea:                   "git.{{primary_domain}}"
   gitlab:                  "gitlab.{{primary_domain}}"
+  html_server:             "html.{{primary_domain}}"
   keycloak:                "auth.{{primary_domain}}"
   ldap:                    "ldap.{{primary_domain}}"
   listmonk:                "newsletter.{{primary_domain}}"

group_vars/all/05_nginx.yml

@@ -3,19 +3,18 @@
 ## Nginx-Specific Path Configurations
 nginx:
   directories:
-    configuration:                "/etc/nginx/conf.d/"              # Configuration directory
-    http:
-      global:                     "/etc/nginx/conf.d/http/global/"  # Contains global configurations which will be loaded into the http block
-      servers:                    "/etc/nginx/conf.d/http/servers/" # Contains one configuration per domain
-      maps:                       "/etc/nginx/conf.d/http/maps/"    # Contains mappings
-    streams:                      "/etc/nginx/conf.d/streams/"      # Contains streams configuration e.g. for ldaps
-    well_known:                   "/usr/share/nginx/well-known/"    # Path where well-known files are stored
-    homepage:                     "/usr/share/nginx/homepage/"      # Path where the static homepage files are stored. @todo Move this variable to the role
-    global:                       "/var/www/global/"                # Directory containing files which will be globaly accessable
-  user:                           "http"                            # Default nginx user in ArchLinux
+    configuration:    "/etc/nginx/conf.d/"              # Configuration directory
+    http:                                               
+      global:         "/etc/nginx/conf.d/http/global/"  # Contains global configurations which will be loaded into the http block
+      servers:        "/etc/nginx/conf.d/http/servers/" # Contains one configuration per domain
+      maps:           "/etc/nginx/conf.d/http/maps/"    # Contains mappings
+    streams:          "/etc/nginx/conf.d/streams/"      # Contains streams configuration e.g. for ldaps
+    data:
+      well_known:     "/usr/share/nginx/well-known/"    # Path where well-known files are stored
+      html:           "/var/www/public_html/"           # Path where the static homepage files are stored
+      files:          "/var/www/public_files/"          # Path where the web accessable files are stored
+      global:         "/var/www/global/"                # Directory containing files which will be globaly accessable
+  user:               "http"                            # Default nginx user in ArchLinux
 
-## Nginx static repository
-nginx_static_repository_address:  NULL                              # This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role
-                                                                    # @todo Move this to the dedicated role configuration
 ## Matomo Tracking
-global_matomo_tracking_enabled:   false                             # Activates matomo tracking on all html pages. Change this in inventory.
+global_matomo_tracking_enabled:   false                 # Activates matomo tracking on all html pages. Change this in inventory.

group_vars/all/06_paths.yml

@@ -1,6 +1,6 @@
 
 # Path Variables for Key Directories and Scripts
-path_administrator_home:                      "/home/administrator/"
-path_administrator_scripts:                   "/opt/scripts/"
-path_docker_compose_instances:                "/opt/docker/"
-path_system_lock_script:                      "/opt/scripts/system-maintenance-lock.py"
+path_administrator_home:        "/home/administrator/"
+path_administrator_scripts:     "/opt/scripts/"
+path_docker_compose_instances:  "/opt/docker/"
+path_system_lock_script:        "/opt/scripts/system-maintenance-lock.py"

group_vars/all/07_applications.yml

@@ -115,13 +115,29 @@ defaults_applications:
   matomo:
     version:                          "latest"
     oauth2_proxy:
-      enabled:                        false                                     # Deactivated atm. @todo implement 
+      enabled:                        false                         # Deactivated atm. @todo implement 
+#   database_password:                Null                          # Needs to be set in inventory file
+#   auth_token:                       Null                          # Needs to be set in inventory file
 
   ## Mastodon
   mastodon:
     version:                          "latest"
     single_user_mode:                 false                         # Set true for initial setup
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
+#
+# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
+#
+#    credentials:
+#      database_password:                              
+#      secret_key_base:                                
+#      otp_secret:                                     
+#      vapid:
+#        private_key:                                  
+#        public_key:                                   
+#      active_record_encryption:
+#        deterministic_key:                            
+#        key_derivation_salt:                          
+#        primary_key:                                  
 
   ## Matrix
   matrix:
@@ -139,7 +155,7 @@ defaults_applications:
   mailu:
     version:                          "2024.06"
     domain:                           "{{primary_domain}}"
-    setup:                            false                                 # Set true in inventory file to execute the setup and initializing procedures
+    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
 
   ## Moodle
   moodle:
@@ -155,7 +171,8 @@ defaults_applications:
   ## Nextcloud
   nextcloud:
     version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
-    ldap_enabled:         True          # Enables LDAP by default 
+    ldap_enabled:         True          # Enables LDAP by default
+#   database_password:    Null          # Needs to be set in inventory file
 
   ## OAuth2 Proxy
   oauth2_proxy:

group_vars/all/13_design.yml

@@ -1,4 +1,4 @@
-global_theming:
+defaults_design:
   enabled: true
   css:
     colors:

group_vars/all/14_about.yml

@@ -1,24 +0,0 @@
-# This is just a dummy person.
-# Adapt the values in your inventory file
-person:
-  type:           "legal"                                           # Accepted Values: natural, legal
-  name:           "CyMaIS Demo Instance"
-  description:    
-    subtitel:        "Infrastructure Demo solutions"                   # Should be the length of su
-    summary:         "We offer infrastructure solutions for the world"
-    detailed:        ""
-  address:
-    street:       "Binary Avenue 01"
-    city:         "Cybertown"
-    postal_code:  "00001"
-    country:      "Nexusland"
-  contact:
-    bluesky:      "@{{administrator_username}}.{{domains.bluesky_api}}"
-    email:        "contact@{{primary_domain}}"
-    mastodon:     "@{{administrator_username}}@{{domains.mastodon}}"
-    matrix:       "@{{administrator_username}}:{{domains.matrix_synapse}}"
-    peertube:     "@{{administrator_username}}@{{domains.peertube}}"
-    pixelfed:     "@{{administrator_username}}@{{domains.pixelfed}}"
-    phone:        "+0 000 000 404"
-    wordpress:    "@{{administrator_username}}@{{domains.wordpress}}[0]"
-  code:           "https://github.com/kevinveenbirkenbach/cymais"

group_vars/all/14_service_provider.yml

@@ -0,0 +1,30 @@
+# Adapt the values in your inventory file
+defaults_service_provider:
+  type:           "legal"                                                       # Accepted Values: natural, legal
+  company:
+    titel:        "CyMaIS Example GbR"
+    slogan:       "We keep your 0 and 1 in line"
+    address:
+      street:       "Binary Avenue 01"
+      city:         "Cybertown"
+      postal_code:  "00001"
+      country:      "Nexusland"
+    logo:           https://cloud.veen.world/s/logo_cymais_512x512/download
+  platform:    
+    titel:        "CyMaIS Plattform Demo"
+    subtitel:     "Demo of the Cyber Master Infrastructur Solution Plattform"
+    logo:           https://cloud.veen.world/s/logo_cymais_512x512/download
+    favicon:        https://cloud.veen.world/s/veen_world_favicon/download
+  contact:
+    bluesky:      "@{{administrator_username}}.{{domains.bluesky_api}}"
+    email:        "contact@{{primary_domain}}"
+    mastodon:     "@{{administrator_username}}@{{domains.mastodon}}"
+    matrix:       "@{{administrator_username}}:{{domains.matrix_synapse}}"
+    peertube:     "@{{administrator_username}}@{{domains.peertube}}"
+    pixelfed:     "@{{administrator_username}}@{{domains.pixelfed}}"
+    phone:        "+0 000 000 404"
+    wordpress:    "@{{administrator_username}}@{{domains.wordpress[0]}}"
+  legal:
+    editorial_responsible:  "Johannes Gutenberg"
+    source_code:            "https://github.com/kevinveenbirkenbach/cymais"
+    imprint:                "https://{{domains.html_server}}/imprint.html"

playbook.constructor.yml

@@ -28,6 +28,7 @@
   - name: Merge application definitions
     set_fact:
       applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
+
   - name: Merge networks definitions
     set_fact:
       networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"
@@ -36,6 +37,14 @@
     set_fact:
       oidc: "{{ defaults_oidc | combine(oidc | default({}, true), recursive=True) }}"
 
+  - name: Merge design configuration
+    set_fact:
+      design: "{{ defaults_design | combine(design | default({}, true), recursive=True) }}"
+
+  - name: Merge service_provider configuration
+    set_fact:
+      service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"
+
   - name: print oidc dict
     debug:
       var: oidc

playbook.servers.yml

@@ -13,28 +13,28 @@
     - health-btrfs
     - system-btrfs-auto-balancer
 
+- name: "setup corporate identity"
+  hosts: corporate_identity
+  become: true
+  roles:
+   -  role: corporate-identity
+
 #########################################################################
 ### Docker Roles                                                      ###
 #########################################################################
 
-# Priority: 1
-# Almost all other roles depend on the Matomo tracking
 - name: "setup matomo"
   hosts: matomo
   become: true
   roles:
    -  role: docker-matomo
 
-# Priority: 2
-# Much other roles rely on a working ldap setup
 - name: setup ldap
   hosts: ldap
   become: true
   roles:
    -  role: docker-ldap
 
-# Priority: 3
-# Much other roles use OICD via Keycloak
 - name: setup keycloak
   hosts: keycloak
   become: true
@@ -231,11 +231,11 @@
    -  role: docker-snipe_it
 
 # Native Webserver Roles
-- name: setup nginx-static-repositorys
-  hosts: nginx-static-repositorys
+- name: setup nginx-serve-htmls
+  hosts: nginx-serve-htmls
   become: true
   roles:
-   -  role: nginx-static-repository
+   -  role: nginx-serve-html
       vars:
         domain: "{{primary_domain}}"
 

roles/corporate-identity/README.md

@@ -0,0 +1,2 @@
+# Corporate Identity
+Loads the roles to setup a corporate identity

roles/corporate-identity/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+- nginx-serve-html-legal
+- docker-portfolio

roles/docker-mastodon/README.md

@@ -7,10 +7,17 @@ This README and some parts of the code were created with the assistance of ChatG
 
 ## ⚙️ Configuration & Setup
 
-### 🔧 Create Configuration
+### 🔧 Create Credentials
 Run the following command to generate a new configuration setup:
 ```bash
-    docker-compose run --rm web bundle exec rake mastodon:setup
+    docker pull ghcr.io/mastodon/mastodon:latest
+    # Secret Generation
+    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
+    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
+    # Vapid Key Generation
+    docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key
+    # ACTIVE_RECORD_ENCRYPTION Generation
+    docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init
 ```
 
 ### 🔄 Setup with an Existing Configuration

roles/docker-mastodon/templates/env.j2

@@ -1,12 +1,37 @@
+# Configuration file for mastodon
 # @see https://docs.joinmastodon.org/admin/config
+# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
+
 
 LOCAL_DOMAIN={{domain}}
 ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
 SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
-SECRET_KEY_BASE={{mastodon_secret_key_base}}
-OTP_SECRET={{mastodon_otp_secret}}
-VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}
-VAPID_PUBLIC_KEY={{mastodon_vapid_public_key}}
+
+# Credentials
+
+# Secrets
+# -------
+# Make sure to use `bundle exec rails secret` to generate secrets
+# -------
+SECRET_KEY_BASE=    {{applications.mastodon.credentials.secret_key_base}}
+OTP_SECRET=         {{applications.mastodon.credentials.otp_secret}}
+
+# Web Push
+# --------
+# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
+# --------
+VAPID_PRIVATE_KEY=  {{applications.mastodon.credentials.vapid.private_key}}
+VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid.public_key}}
+
+# Encryption secrets
+# ------------------
+# Must be available (and set to same values) for all server processes
+# These are private/secret values, do not share outside hosting environment
+# Use `bin/rails db:encryption:init` to generate fresh secrets
+# Do NOT change these secrets once in use, as this would cause data loss and other issues
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{applications.mastodon.credentials.active_record_encryption.deterministic_key}}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{applications.mastodon.credentials.active_record_encryption.key_derivation_salt}}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{applications.mastodon.credentials.active_record_encryption.primary_key}}
 
 DB_HOST={{database_host}}
 DB_PORT={{database_port}}
@@ -27,10 +52,6 @@ SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
 SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
 
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{mastodon_active_record_encryption_primary_key}}
-
 {% if oidc.enabled | bool %}
 ################################### 
 # OpenID Connect settings

roles/docker-mastodon/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{mastodon_database_password}}"
+database_password:  "{{applications.mastodon.credentials.database_password}}"
 database_type:      "postgres"

roles/docker-matomo/README.md

@@ -2,12 +2,6 @@
 
 This Ansible role deploys a [Matomo](https://matomo.org/) analytics platform instance using Docker.
 
-## Requirements
-
-- Docker and Docker-Compose installed on the host machine.
-- Nginx installed for reverse proxy configuration.
-- Certbot installed for SSL certificate generation.
-
 ## AI Generated
 This script was created with the help of ChatGPT. The full conversation is [here](https://chat.openai.com/share/49e0c7e4-a2af-4a04-adad-7a735bdd85c4) available.
 

roles/docker-matomo/vars/main.yml

@@ -1,7 +1,7 @@
 ---
 application_id:  	  "matomo"
 database_type:      "mariadb"
-database_password:  "{{matomo_database_password}}"
+database_password:  "{{applications.matomo.database_password}}"
 domain:             "{{domains.matomo}}"            # Don't know if this is still necessary
 
 # Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary

roles/docker-matrix-compose/vars/main.yml

@@ -3,7 +3,7 @@ application_id:  	        "matrix"
 database_password:  	    "{{matrix_database_password}}"
 database_type:            "postgres"
 registration_file_folder: "/data/"
-well_known_directory:     "{{nginx.directories.well_known}}/matrix/"
+well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
 
 bridges:
   - database_password: "{{ mautrix_whatsapp_bridge_database_password }}"

roles/docker-nextcloud/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 application_id:                       "nextcloud"
-database_password:  	                "{{nextcloud_database_password}}"
+database_password:  	                "{{applications.nextcloud.database_password}}"
 database_type:                        "mariadb"
 nextcloud_application_container_name: "nextcloud-application"
 nextcloud_nginx_container_name:       "nextcloud-web"

roles/docker-portfolio/README.md

@@ -2,10 +2,18 @@
 
 This Ansible role facilitates setting up a Flask-based [portfolio application](https://github.com/kevinveenbirkenbach/portfolio) in a Docker container. It allows you to showcase your projects, services, or online presence using a customizable YAML configuration file.
 
+## Attention
+
+The default template creates the links based on ``group_names``. If you run this script seperate, may not all necessary menu items are generated. 
+
 ## Features ✨
 
 - **Automated Setup**: Quickly deploy a portfolio using Docker.
 - **Customizable Content**: Modify the portfolio using a YAML file.
 - **Responsive Design**: Built with Bootstrap for optimal viewing on any device.
 - **Dynamic Navigation**: Multi-level menus using nested YAML configurations.
-- **Cache Management**: Efficient asset caching for improved performance.
+- **Cache Management**: Efficient asset caching for improved performance.
+
+## Author
+
+This role was developed by [Kevin Veen-Birkenbach](https://www.veen.world).

roles/docker-portfolio/filter_plugins/list_in_filter.py

@@ -0,0 +1,25 @@
+class FilterModule(object):
+    '''Custom filters for Ansible'''
+    def filters(self):
+        return {
+            'any_in': self.any_in,
+        }
+
+    def any_in(self, list1, list2):
+        """
+        Checks if at least one element from list1 is found in list2.
+        
+        :param list1: List of elements to check.
+        :param list2: Target list in which to search for elements.
+        :return: True if at least one element is found, otherwise False.
+        """
+        # If either parameter is not a list, return False.
+        if not isinstance(list1, list) or not isinstance(list2, list):
+            return False
+
+        # Iterate over list1 and check if an element exists in list2.
+        for element in list1:
+            if element in list2:
+                return True
+
+        return False

roles/docker-portfolio/templates/config.yaml.j2

@@ -1,7 +1,8 @@
+{# The Linebreak here are intentional due to tab bugs #}
 ---
 accounts:
   name: Online Presence
-  description: Discover {{ 'our' if person.type == 'legal' else 'my' }} online presence.
+  description: Discover {{ 'our' if service_provider.type == 'legal' else 'my' }} online presence.
   icon:
       class: fa-solid fa-users
   children:
@@ -11,293 +12,654 @@ accounts:
       class: fas fa-newspaper
     children:
     - name: Microblogs
-      description: Stay updated with {{ 'our' if person.type == 'legal' else 'my' }} microblogs.
+      description: Stay updated with {{ 'our' if service_provider.type == 'legal' else 'my' }} microblogs.
       icon:
         class: fa-solid fa-pen-nib
       children:
-{% if person.contact.mastodon is defined %}
+{% if service_provider.contact.mastodon is defined %}
+
       - name: Mastodon
-        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} updates on Mastodon.
+        description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} updates on Mastodon.
         icon:
           class: fa-brands fa-mastodon
-        url: "https://{{ person.contact.mastodon.split('@')[2] }}/@{{ person.contact.mastodon.split('@')[1] }}"
-        identifier: "{{person.contact.mastodon}}"
+        url: "https://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
+        identifier: "{{service_provider.contact.mastodon}}"
+
 {% endif %}
-{% if person.contact.bluesky is defined %}
+{% if service_provider.contact.bluesky is defined %}
+
       - name: Bluesky
-        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} on Bluesky.
+        description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} on Bluesky.
         icon:
           class: fa-brands fa-bluesky
         alternatives:
         - link: accounts.publishingchannels.microblogs.mastodon
-        identifier: "{{person.contact.bluesky}}"
+        identifier: "{{service_provider.contact.bluesky}}"
+
 {% endif %}
-{% if person.contact.pixelfed is defined %}
+{% if service_provider.contact.pixelfed is defined %}
+
     - name: Pictures
-      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} photo gallery on Pixelfed.
+      description: Explore {{ 'our' if service_provider.type == 'legal' else 'my' }} photo gallery on Pixelfed.
       icon:
           class: fa-solid fa-camera
-      identifier: "{{person.contact.pixelfed}}"
-      url: "https://{{ person.contact.pixelfed.split('@')[2] }}/@{{ person.contact.pixelfed.split('@')[1] }}"
+      identifier: "{{service_provider.contact.pixelfed}}"
+      url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
+
 {% endif %}
-{% if person.contact.peertube is defined %}
+{% if service_provider.contact.peertube is defined %}
+
     - name: Peertube
-      description: Discover {{ 'our' if person.type == 'legal' else 'my' }} videos on Peertube.
+      description: Discover {{ 'our' if service_provider.type == 'legal' else 'my' }} videos on Peertube.
       icon:
         class: fa-solid fa-video
-      identifier: "{{person.contact.peertube}}"
-      url: "https://{{ person.contact.peertube.split('@')[2] }}/@{{ person.contact.peertube.split('@')[1] }}"
+      identifier: "{{service_provider.contact.peertube}}"
+      url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
+
 {% endif %}
-{% if person.contact.wordpress is defined %}
+{% if service_provider.contact.wordpress is defined %}
+
     - name: Blog
-      description: Read {{ 'our' if person.type == 'legal' else 'my' }} articles and stories.
+      description: Read {{ 'our' if service_provider.type == 'legal' else 'my' }} articles and stories.
       icon:
-          class: fa-solid fa-blog
-      identifier: "{{person.contact.wordpress}}"
-      url: "https://{{ person.contact.wordpress.split('@')[2] }}/@{{ person.contact.wordpress.split('@')[1] }}"
+        class: fa-solid fa-blog
+      identifier: "{{service_provider.contact.wordpress}}"
+      url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
+
 {% endif %}
-{% if person.contact.code is defined %}
-    - name: Code
-      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} code.
+{% if service_provider.legal.source_code is defined %}
+    
+    - name: Our Code
+      description: Explore {{ 'our' if service_provider.type == 'legal' else 'my' }} code.
       icon:
         class: fa-solid fa-code
-      url: "{{person.code}}"
+      url: "{{service_provider.legal.source_code}}"
+
 {% endif %}
-{% if person.contact.friendica is defined %}
-  - name: Social Networks
-    description: Visit {{ 'our' if person.type == 'legal' else 'my' }} friendica profile
+{% if service_provider.contact.friendica is defined %}
+
+  - name: Social Network
+    description: Visit {{ 'our' if service_provider.type == 'legal' else 'my' }} friendica profile
     icon:
       class: fas fa-network-wired
-    identifier: "{{person.contact.friendica}}"
-    url: "https://{{ person.contact.friendica.split('@')[2] }}/@{{ person.contact.friendica.split('@')[1] }}"
+    identifier: "{{service_provider.contact.friendica}}"
+    url: "https://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
+
 {% endif %}
-  - link: navigation.header.contact.messenger
+
+  - link: navigation.header.contact
 
 cards:
+
+{% if "matomo" in group_names %}
+
 - icon: 
-    source: https://cloud.veen.world/s/logo_agile_coach_512x512/download
-  title: Agile Coach
-  text: I lead agile transformations and improve team dynamics through Scrum, DevOps,
-    and Agile Coaching. My goal is to enhance collaboration and efficiency in organizations,
-    ensuring agile principles are effectively implemented for sustainable success.
-  url: https://www.agile-coach.world
-  link_text: www.agile-coach.world
+    class: "fa-solid fa-chart-line"
+  title: "Matomo Analytics"
+  text: "Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity!"
+  url: https://{{domains.matomo}}
+  link_text: "Discover Matomo Now!"
+
+{% endif %}
+{% if "ldap" in group_names %}
+
 - icon: 
-    source: https://cloud.veen.world/s/logo_personal_coach_512x512/download
-  title: Personal Coach
-  text: Offering personalized coaching for growth and development, I utilize a blend
-    of hypnotherapy, mediation, and holistic techniques. My approach is tailored to
-    help you achieve personal and professional milestones, fostering holistic well-being.
-  url: https://www.personalcoach.berlin
-  link_text: www.personalcoach.berlin
+    class: "fa-solid fa-users"
+  title: "LDAP Directory"
+  text: "Unleash the potential of centralized identity management with our vibrant LDAP solution. Enjoy seamless authentication, efficient user management, and enhanced security that empowers your organization to stay connected, agile, and ahead of the curve in digital transformation."
+  url: https://{{domains.ldap}}
+  link_text: "Empower Your Network!"
+
+{% endif %}
+{% if "keycloak" in group_names %}
+
 - icon: 
-    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
-  title: Yachtmaster
-  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
-    and voyage planning services. Whether you're learning to sail or need an experienced
-    skipper, my expertise ensures a safe and enjoyable experience on the water.
-  url: https://www.yachtmaster.world
-  link_text: www.yachtmaster.world
+    class: "fa-solid fa-lock"
+  title: "Keycloak Identity"
+  text: "Step into a secure future with Keycloak! Our dynamic identity and access management solution offers streamlined SSO capabilities, robust security measures, and an intuitive user experience that propels your applications to unprecedented heights of performance and reliability."
+  url: https://{{domains.keycloak}}
+  link_text: "Secure Your Future Now!"
+
+{% endif %}
+{% if "nextcloud" in group_names %}
+
 - icon: 
-    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
-  title: Yachtmaster
-  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
-    and voyage planning services. Whether you're learning to sail or need an experienced
-    skipper, my expertise ensures a safe and enjoyable experience on the water.
-  url: https://www.yachtmaster.world
-  link_text: www.yachtmaster.world
-company:
-  titel: {{person.name}}
-  subtitel: {{person.description.subtitel}}
+    class: "fa-solid fa-cloud"
+  title: "Nextcloud"
+  text: "Elevate your collaboration with Nextcloud, a vibrant self-hosted cloud solution designed for dynamic file sharing, seamless communication, and effortless teamwork. Embrace unparalleled control, flexibility, and a boosted digital workspace that adapts to your every need."
+  url: https://{{domains.nextcloud}}
+  link_text: "Experience Nextcloud Today!"
+
+{% endif %}
+{% if "gitea" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-code"
+  title: "Gitea"
+  text: "Boost your development journey with Gitea, a lightweight and energetic self-hosted Git service that offers efficient code collaboration, intuitive version control, and an agile environment for your projects. Ignite your coding spirit, innovate faster, and code with confidence!"
+  url: https://{{domains.gitea}}
+  link_text: "Ignite Your Code Now!"
+
+{% endif %}
+{% if "wordpress" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-blog"
+  title: "WordPress"
+  text: "Unleash your creative potential with WordPress, a dynamic platform that empowers you to build, manage, and scale stunning websites and blogs effortlessly. Experience an ever-evolving ecosystem that inspires innovation and drives digital success with every click."
+  url: https://{{domains.wordpress}}
+  link_text: "Launch Your Site Today!"
+
+{% endif %}
+{% if "mediawiki" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-book"
+  title: "MediaWiki"
+  text: "Empower your knowledge base with MediaWiki, a versatile and collaborative platform designed to build comprehensive, user-driven documentation. Embrace an energetic community and innovative tools that turn information into a vibrant, living resource."
+  url: https://{{domains.mediawiki}}
+  link_text: "Explore MediaWiki Now!"
+
+{% endif %}
+{% if "mybb" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-comments"
+  title: "MyBB Forum"
+  text: "Transform your community engagement with MyBB, a feature-rich forum solution that combines modern design with robust functionality. Enjoy dynamic discussions, intuitive moderation, and an energetic user interface that brings people together like never before."
+  url: https://{{domains.mybb}}
+  link_text: "Join the Conversation!"
+
+{% endif %}
+{% if "yourls" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-link"
+  title: "YOURLS URL Shortener"
+  text: "Streamline your online presence with YOURLS, a nimble URL shortening solution that makes sharing links faster, easier, and more engaging. Enjoy the benefits of enhanced tracking and a user-friendly interface that energizes your digital strategy."
+  url: https://{{domains.yourls}}
+  link_text: "Shorten Links Instantly!"
+
+{% endif %}
+{% if "mailu" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-envelope"
+  title: "Mailu Mail Server"
+  text: "Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates seamlessly into your workflow. Experience enhanced reliability, robust security, and an energetic approach to managing your digital correspondence."
+  url: https://{{domains.mailu}}
+  link_text: "Elevate Your Email Now!"
+
+{% endif %}
+{% if "mastodon" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-bullhorn"
+  title: "Mastodon Social"
+  text: "Dive into a decentralized social experience with Mastodon, a vibrant platform that redefines online communication with its community-driven approach. Enjoy a refreshing burst of innovation, freedom, and energetic interaction every time you connect."
+  url: https://{{domains.mastodon}}
+  link_text: "Join the Social Revolution!"
+
+{% endif %}
+{% if "pixelfed" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-camera"
+  title: "Pixelfed"
+  text: "Showcase your visual story with Pixelfed, an inspiring self-hosted image sharing platform that champions creativity and privacy. Revel in a dynamic, artistic environment where every photo is a window to endless possibilities and vibrant expression."
+  url: https://{{domains.pixelfed}}
+  link_text: "Share Your Vision Now!"
+
+{% endif %}
+{% if "peertube" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-video"
+  title: "PeerTube"
+  text: "Embrace a new era of video hosting with PeerTube, a decentralized platform that empowers creators with freedom, innovation, and a community-focused approach. Experience seamless streaming and dynamic sharing that fuels your creative ambitions."
+  url: https://{{domains.peertube}}
+  link_text: "Stream with Freedom!"
+
+{% endif %}
+{% if "bigbluebutton" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-chalkboard-teacher"
+  title: "BigBlueButton"
+  text: "Transform online learning and collaboration with BigBlueButton, an interactive web conferencing solution designed to energize virtual classrooms and meetings. Enjoy dynamic tools and an engaging environment that makes every session a powerful learning experience."
+  url: https://{{domains.bigbluebutton}}
+  link_text: "Start Your Virtual Session!"
+
+{% endif %}
+{% if "funkwhale" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-music"
+  title: "Funkwhale"
+  text: "Dive into a world of rhythm and sound with Funkwhale, an innovative self-hosted music sharing platform that celebrates creativity and community. Experience an energetic soundscape and seamless music streaming that amplifies your passion for tunes."
+  url: https://{{domains.funkwhale}}
+  link_text: "Jam Out Now!"
+
+{% endif %}
+{% if "joomla" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-sitemap"
+  title: "Joomla CMS"
+  text: "Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design. Experience a vibrant platform that inspires creativity and drives your digital presence to new, energetic heights."
+  url: https://{{domains.joomla}}
+  link_text: "Build with Joomla Today!"
+
+{% endif %}
+{% if "attendize" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-calendar-check"
+  title: "Attendize"
+  text: "Revolutionize your event management with Attendize, an energetic and intuitive platform designed to streamline ticketing and event planning. Enjoy a feature-rich, user-friendly solution that transforms every event into an unforgettable experience."
+  url: https://{{domains.attendize}}
+  link_text: "Plan Your Event Now!"
+
+{% endif %}
+{% if "baserow" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-table"
+  title: "Baserow"
+  text: "Empower your data management with Baserow, an innovative platform that makes building and managing databases both fun and efficient. Enjoy a dynamic interface, seamless collaboration, and energetic tools that supercharge your workflow."
+  url: https://{{domains.baserow}}
+  link_text: "Manage Data with Ease!"
+
+{% endif %}
+{% if "listmonk" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-list"
+  title: "Listmonk"
+  text: "Elevate your email marketing with Listmonk, a high-energy, self-hosted solution that offers powerful newsletter management and analytics. Enjoy an intuitive design, robust features, and a spirited approach that takes your campaigns to the next level."
+  url: https://{{domains.listmonk}}
+  link_text: "Boost Your Campaigns Now!"
+
+{% endif %}
+{% if "discourse" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-comment-dots"
+  title: "Discourse Forum"
+  text: "Ignite community conversations with Discourse, an innovative forum platform that redefines online discussions with its modern, engaging interface. Experience an energetic, user-friendly environment that brings people together and fuels vibrant exchanges."
+  url: https://{{domains.discourse}}
+  link_text: "Join the Discussion!"
+
+{% endif %}
+{% if "matrix" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-satellite-dish"
+  title: "Matrix"
+  text: "Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. Enjoy an innovative ecosystem that energizes your digital interactions and connects you globally."
+  url: https://{{domains.matrix}}
+  link_text: "Connect on Matrix Now!"
+
+{% endif %}
+{% if "openproject" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-project-diagram"
+  title: "OpenProject"
+  text: "Transform your project management with OpenProject, a vibrant and collaborative tool that brings clarity and energy to your planning, tracking, and team communication. Experience streamlined workflows and an innovative platform that propels your projects forward."
+  url: https://{{domains.openproject}}
+  link_text: "Manage Projects Dynamically!"
+
+{% endif %}
+{% if "gitlab" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-code-branch"
+  title: "GitLab"
+  text: "Accelerate your software development with GitLab, an energetic, all-in-one platform for source code management and continuous integration. Experience a robust, collaborative environment that empowers teams to innovate and deliver exceptional results."
+  url: https://{{domains.gitlab}}
+  link_text: "Revolutionize Your DevOps!"
+
+{% endif %}
+{% if "akaunting" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-file-invoice-dollar"
+  title: "Akaunting"
+  text: "Empower your financial management with Akaunting, a dynamic and feature-rich accounting platform designed to simplify your bookkeeping and boost your business growth. Enjoy intuitive tools, real-time insights, and an energetic approach to your finances."
+  url: https://{{domains.akaunting}}
+  link_text: "Transform Your Finances Today!"
+
+{% endif %}
+{% if "moodle" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-graduation-cap"
+  title: "Moodle"
+  text: "Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning. Embrace innovative tools, engaging content, and a dynamic community of educators and learners."
+  url: https://{{domains.moodle}}
+  link_text: "Start Learning Now!"
+
+{% endif %}
+{% if "taiga" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-tasks"
+  title: "Taiga"
+  text: "Supercharge your project management with Taiga, a dynamic and agile tool designed for teams that thrive on creativity and collaboration. Experience a vibrant interface, robust task tracking, and an energetic platform that drives your projects to success."
+  url: https://{{domains.taiga}}
+  link_text: "Boost Your Projects Now!"
+
+{% endif %}
+{% if "friendica" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-user-friends"
+  title: "Friendica"
+  text: "Connect and share like never before with Friendica, an innovative social networking platform that celebrates community, freedom, and dynamic interactions. Enjoy a spirited and open environment where every connection is a step toward a more engaging digital world."
+  url: https://{{domains.friendica}}
+  link_text: "Join the Social Movement!"
+
+{% endif %}
+{% if "portfolio" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-briefcase"
+  title: "Portfolio"
+  text: "Showcase your professional journey with Portfolio, a dynamic platform that combines creativity and functionality to highlight your achievements. Experience an energetic design, intuitive features, and a compelling way to present your work to the world."
+  url: https://{{domains.portfolio}}
+  link_text: "Elevate Your Profile Now!"
+
+{% endif %}
+{% if "bluesky" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-sun"
+  title: "Bluesky"
+  text: "Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way."
+  url: https://{{domains.bluesky}}
+  link_text: "Soar with Bluesky Today!"
+
+{% endif %}
+{% if "phpmyadmin" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-database"
+  title: "PHPMyAdmin"
+  text: "Manage your databases with confidence using PHPMyAdmin, a robust and dynamic tool designed to simplify administration and enhance productivity. Enjoy an intuitive interface, powerful features, and an energetic approach that makes database management a breeze."
+  url: https://{{domains.phpmyadmin}}
+  link_text: "Optimize Your Database Now!"
+
+{% endif %}
+{% if "snipe_it" in group_names %}
+
+- icon: 
+    class: "fa-solid fa-box"
+  title: "SNIPE-IT"
+  text: "Streamline your asset management with SNIPE-IT, a cutting-edge solution that brings efficiency, clarity, and energy to tracking your hardware and software inventory. Experience a user-friendly design and dynamic features that make asset management simple and engaging."
+  url: https://{{domains.snipe_it}}
+  link_text: "Manage Assets Effortlessly!"
+
+{% endif %}
+
+platform:
+  titel:    {{service_provider.platform.titel}}
+  subtitel: {{service_provider.platform.subtitel}}
   logo:
-    source: https://cloud.veen.world/s/logo_face_512x512/download
+    source: {{service_provider.platform.logo}}
   favicon:
-    source: https://cloud.veen.world/s/veen_world_favicon/download
+    source: {{service_provider.platform.favicon}}
+company:
+  titel: {{service_provider.company.titel}}
+  subtitel: {{service_provider.company.subtitel}}
+  logo:
+    source: {{service_provider.company.logo}}
   address:
-{{ person.address | to_nice_yaml(indent=4) | indent(2) }}
-  imprint_url: https://s.veen.world/imprint
+{{ service_provider.company.address | to_nice_yaml(indent=4) | indent(4, true) }}
+  imprint_url: {{service_provider.legal.imprint}}
 navigation:
   header:
     children:
     - link: accounts.publishingchannels.children
-    - link: accounts.socialnetworks
     - name: Contact
-      description: Get in touch with {{ 'us' if person.type == 'legal' else 'me' }} 
+      description: Get in touch with {{ 'us' if service_provider.type == 'legal' else 'me' }} 
       icon:
           class: fa-solid fa-envelope
       children:
-{% if person.contact.email is defined %}
+
+{% if service_provider.contact.email is defined %}
+
       - name: Email
-        description: Send {{ 'us' if person.type == 'legal' else 'me' }} an email
+        description: Send {{ 'us' if service_provider.type == 'legal' else 'me' }} an email
         icon:
           class: fa-solid fa-envelope
-        url: mailto:{{person.contact.email}}
-        identifier: {{person.contact.email}}
-        alternatives:
-          - link: navigation.header.contact.messenger.matrix
+        url: mailto:{{service_provider.contact.email}}
+        identifier: {{service_provider.contact.email}}
+
 {% endif %}
-{% if person.contact.phone is defined %}
+{% if service_provider.contact.phone is defined %}
+
       - name: Mobile
-        description: Call {{ 'us' if person.type == 'legal' else 'me' }}
+        description: Call {{ 'us' if service_provider.type == 'legal' else 'me' }}
         icon:
           class: fa-solid fa-phone
-        url: "tel:{{person.contact.phone}}"
-        identifier: "{{person.contact.phone}}"
+        url: "tel:{{service_provider.contact.phone}}"
+        identifier: "{{service_provider.contact.phone}}"
         target: _top
+
 {% endif %}
-{% if person.contact.matrix is defined %}
+{% if service_provider.contact.matrix is defined %}
+
       - name: Matrix
-        description: Chat with {{ 'us' if person.type == 'legal' else 'me' }} on Matrix
+        description: Chat with {{ 'us' if service_provider.type == 'legal' else 'me' }} on Matrix
         icon:
           class: fa-solid fa-cubes
-        identifier: "{{person.contact.matrix}}"
+        identifier: "{{service_provider.contact.matrix}}"
+
 {% endif %}
+
   footer:
     children:
     - link: accounts
+
+{% if ["discourse","moodle","listmonk","openproject","taiga","snipe_it","matrix","bigbluebutton","mailu", "matomo","phpadmin","keycloak", "ldap", "baserow","yourls","nextcloud"] | any_in(group_names) %}
+
     - name: Solution Hub
       description: Curated collection of self hosted tools
       icon:
           class: fa-solid fa-network-wired
-      url: 
       children:
+
+  {% if ["discourse","moodle","listmonk"] | any_in(group_names) %}
+
       - name: Community
         description: Tools to manage the community
         icon:
             class: fa-solid fa-users
         children:
-{% if "discourse" in group_names %}
+
+    {% if "discourse" in group_names %}
+
         - name: Forum
           description: Join the discussion
           icon:
             class: fa-brands fa-discourse
           url: https://{{domains.discourse}}/
-{% endif %}
-{% if "moodle" in group_names %}
+
+    {% endif %}
+    {% if "moodle" in group_names %}
+        
         - name: Learning Platform
-          description: Learn with {{ 'our' if person.type == 'legal' else 'my' }} academy
+          description: Learn with {{ 'our' if service_provider.type == 'legal' else 'my' }} academy
           icon:
             class: fa-solid fa-graduation-cap
           url: https://{{domains.moodle}}/
-{% endif %}
-{% if "listmonk" in group_names %}
+
+    {% endif %}
+    {% if "listmonk" in group_names %}
+
         - name: Newsletter
-          description: Subscribe to {{ 'our' if person.type == 'legal' else 'my' }} newsletter
+          description: Subscribe to {{ 'our' if service_provider.type == 'legal' else 'my' }} newsletter
           icon:
             class: fa-solid fa-envelope-open-text
           url: https://{{domains.listmonk}}/subscription/form
-{% endif %}
+
+    {% endif %}
+  {% endif %}
+  {% if ["openproject","taiga","snipe_it"] | any_in(group_names) %}
+
       - name: Project Management
         description: Project Management Tools
         icon:
             class: fa-solid fa-chart-line
         children:
-{% if "openproject" in group_names %}
+
+    {% if "openproject" in group_names %}
+
         - name: Open Project
-          description: Explore {{ 'our' if person.type == 'legal' else 'my' }} projects
+          description: Explore {{ 'our' if service_provider.type == 'legal' else 'my' }} projects
           icon:
             class: fa-solid fa-tasks
           url: https://{{domains.openproject}}/
-{% endif %}
-{% if "taiga" in group_names %}       
+
+    {% endif %}
+    {% if "taiga" in group_names %}       
+
         - name: Taiga
-          description: View {{ 'our' if person.type == 'legal' else 'my' }} Kanban board
+          description: View {{ 'our' if service_provider.type == 'legal' else 'my' }} Kanban board
           icon:
             class: bi bi-clipboard2-check-fill
           url: https://{{domains.taiga}}/
-{% endif %}
-{% if "snipe_it" in group_names %}        
+
+    {% endif %}
+    {% if "snipe_it" in group_names %}        
+
         - name: Snipe IT
-          description: Manage {{ 'our' if person.type == 'legal' else 'my' }} inventory
+          description: Manage {{ 'our' if service_provider.type == 'legal' else 'my' }} inventory
           icon:
             class: fas fa-box-open
           url: https://{{domains.snipe_it}}/
-{% endif %}          
+
+    {% endif %}
+  {% endif %}
+  {% if ["matrix","bigbluebutton","mailu"] | any_in(group_names) %}  
+
       - name: Communication
         icon:
           class: fa-solid fa-comments
         children:
-{% if "matrix" in group_names %}   
+
+    {% if "matrix" in group_names %}   
+
         - name: Elements
           description: Chat with the world
           icon:
             class: fa-solid fa-comment
           url: https://{{domains.matrix_element}}/
-{% endif %}
-{% if "bigbluebutton" in group_names %}             
+
+    {% endif %}
+    {% if "bigbluebutton" in group_names %}             
+
         - name: Big Blue Button
           description: Join live events
           icon:
             class: fa-solid fa-video
           url: https://{{domains.bigbluebutton}}/
-{% endif %}
-{% if "mailu" in group_names %}            
+
+    {% endif %}
+    {% if "mailu" in group_names %}            
+
         - name: Mailu
-          description: Send{{ 'our' if person.type == 'legal' else 'my' }}a mail
+          description: Send{{ 'our' if service_provider.type == 'legal' else 'my' }}a mail
           icon:
             class: fa-solid fa-envelope
           url: https://{{domains.mailu}}/
-{% endif %}
+
+    {% endif %}
+  {% endif %}
+  {% if ["matomo","phpadmin","keycloak", "ldap"] | any_in(group_names) %}  
+
       - name: Administration
         icon:
           class: fas fa-building
         children:
-{% if "matomo" in group_names %}   
+
+    {% if "matomo" in group_names %}   
+
         - name: Matomo
           description: Analyze with Matomo
           icon:
             class: fa-solid fa-chart-simple
           url: https://{{domains.matomo}}/
-{% endif %}
-{% if "phpmyadmin" in group_names %}   
+
+    {% endif %}
+    {% if "phpmyadmin" in group_names %}   
+
         - name: phpMyAdmin
           description: Administrate MySQL and MariaDB databases
           icon:
             class: fas fa-database
           url: https://{{domains.phpmyadmin}}/
-{% endif %}
-{% if "keycloak" in group_names %}   
+
+    {% endif %}
+    {% if "keycloak" in group_names %}   
+
         - name: Keycloak
           description: Manage User via Keycloak
           icon:
             class: fas fa-user-shield
           url: https://{{domains.keycloak}}/admin
-{% endif %}
-{% if "ldap" in group_names %}   
+
+    {% endif %}
+    {% if "ldap" in group_names %}   
+
         - name: LDAP
           description: Manage LDAP
           icon:
             class: fas fa-key
           url: https://{{domains.ldap}}/
-{% endif %}
+
+    {% endif %}
+  {% endif %}
+  {% if ["baserow","yourls","nextcloud"] | any_in(group_names) %}
+
       - name: Tools
         icon:
           class: fas fa-tools
         children:
-{% if "baserow" in group_names %}   
+
+    {% if "baserow" in group_names %}
+
         - name: Baserow
           description: Organize with Baserow
           icon:
             class: fa-solid fa-table
           url: https://{{domains.baserow}}/    
-{% endif %}
-{% if "yourls" in group_names %}   
+
+    {% endif %}
+    {% if "yourls" in group_names %}   
+
         - name: Yourls
           description: Create Shortlinks
           icon:
             class: bi bi-link
           url: https://{{domains.yourls}}/admin/
-{% endif %}
-{% if "nextcloud" in group_names %}             
+
+    {% endif %}
+    {% if "nextcloud" in group_names %}
+
         - name: Nextcloud
           description: Access your cloud storage
           icon:
             class: fa-solid fa-cloud
           url: https://{{domains.nextcloud}}/
+
+    {% endif %}
+  {% endif %}
 {% endif %}
+
     - name: Imprint
       description: Check out the imprint information
       icon:
           class: fa-solid fa-scale-balanced
-      url: https://s.veen.world/imprint
-  
+      url: "{{service_provider.legal.imprint}}"

roles/nginx-modifier-css/README.md

@@ -5,7 +5,7 @@ This **Ansible role** provides a **global theming solution** for Nginx-based web
 
 ## 🚀 Features
 ✅ **Automatic CSS Deployment** – Injects `global.css` into all Nginx-served applications.  
-✅ **Dynamic Theming** – Uses `global_theming.css.colors` from Ansible variables for **full customization**.  
+✅ **Dynamic Theming** – Uses `design.css.colors` from Ansible variables for **full customization**.  
 ✅ **Bootstrap Override Support** – Ensures Bootstrap-based apps use the **unified global styles**.  
 ✅ **Versioning System** – Prevents caching issues with automatic **timestamp-based versioning**.  
 ✅ **Dark Mode Support** – Automatically adapts to user preferences.  

roles/nginx-modifier-css/tasks/main.yml

@@ -1,14 +1,5 @@
 # Load this role via nginx-modifier-all for consistency
 
-- name: Ensure {{nginx.directories.global}} directory exists
-  file:
-    path: "{{nginx.directories.global}}"
-    state: directory
-    owner: "{{nginx.user}}"
-    group: "{{nginx.user}}"
-    mode: '0755'
-  when: run_once_nginx_global_css is not defined
-
 - name: Deploy global.css from template
   template:
     src: global.css.j2

roles/nginx-modifier-css/templates/global.css.j2

@@ -11,15 +11,15 @@ HINT:
 :root {
     /** Derived Colors from the Base Color **/
     {% for i in range(1, 100) %}
-        --color-{{ "%02d"|format(i) }}: {{ global_theming.css.colors.base | adjust_color(target_lightness=(i / 100),saturation_change=global_theming.css.filters.saturation_change,hue_shift=global_theming.css.filters.hue_shift) }};
-        --color-rgb-{{ "%02d"|format(i) }}: {{ global_theming.css.colors.base | adjust_color_rgb(target_lightness=(i / 100),saturation_change=global_theming.css.filters.saturation_change,hue_shift=global_theming.css.filters.hue_shift) }};
+        --color-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color(target_lightness=(i / 100),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
+        --color-rgb-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color_rgb(target_lightness=(i / 100),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
     {% endfor %}
 
     /** Special Action Colors **/
-    --success-color:    {{ global_theming.css.colors.success }};
-    --warning-color:    {{ global_theming.css.colors.warning }};
-    --error-color:      {{ global_theming.css.colors.error }};
-    --info-color:       {{ global_theming.css.colors.info }};
+    --success-color:    {{ design.css.colors.success }};
+    --warning-color:    {{ design.css.colors.warning }};
+    --error-color:      {{ design.css.colors.error }};
+    --info-color:       {{ design.css.colors.info }};
 
 }
 
@@ -27,15 +27,15 @@ HINT:
     :root {
         /** Dark Mode Derived Colors from the Base Color **/
         {% for i in range(1, 100) %}
-            --color-{{ "%02d"|format(i) }}: {{ global_theming.css.colors.base | adjust_color(target_lightness=(1 - (i / 100)),saturation_change=global_theming.css.filters.saturation_change,hue_shift=global_theming.css.filters.hue_shift) }};
-            --color-rgb-{{ "%02d"|format(i) }}: {{ global_theming.css.colors.base | adjust_color_rgb(target_lightness=(1 - (i / 100)),saturation_change=global_theming.css.filters.saturation_change,hue_shift=global_theming.css.filters.hue_shift) }};
+            --color-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color(target_lightness=(1 - (i / 100)),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
+            --color-rgb-{{ "%02d"|format(i) }}: {{ design.css.colors.base | adjust_color_rgb(target_lightness=(1 - (i / 100)),saturation_change=design.css.filters.saturation_change,hue_shift=design.css.filters.hue_shift) }};
         {% endfor %}
 
         /** Special Action Colors **/
-        --success-color:    {{ global_theming.css.colors.success | adjust_color(target_lightness=(1 - 0.2)) }};
-        --warning-color:    {{ global_theming.css.colors.warning | adjust_color(target_lightness=(1 - 0.3)) }};
-        --error-color:      {{ global_theming.css.colors.error   | adjust_color(target_lightness=(1 - 0.3)) }};
-        --info-color:       {{ global_theming.css.colors.info    | adjust_color(target_lightness=(1 - 0.2)) }};
+        --success-color:    {{ design.css.colors.success | adjust_color(target_lightness=(1 - 0.2)) }};
+        --warning-color:    {{ design.css.colors.warning | adjust_color(target_lightness=(1 - 0.3)) }};
+        --error-color:      {{ design.css.colors.error   | adjust_color(target_lightness=(1 - 0.3)) }};
+        --info-color:       {{ design.css.colors.info    | adjust_color(target_lightness=(1 - 0.2)) }};
     }
 }
 

roles/nginx-modifier-css/templates/location.conf.j2

@@ -1,3 +1,3 @@
 location = /global.css {
-    root {{nginx.directories.global}};
+    root {{nginx.directories.data.global}};
 }

roles/nginx-modifier-css/vars/main.yml

@@ -1 +1 @@
-global_css_destination: "{{nginx.directories.global}}global.css"
+global_css_destination: "{{nginx.directories.data.global}}global.css"

roles/nginx-modifier-matomo/tasks/main.yml

@@ -30,7 +30,7 @@
   uri:
     url: "https://{{ domains.matomo }}/index.php"
     method: POST
-    body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ matomo_auth_token }}&format=json"
+    body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ applications.matomo.auth_token }}&format=json"
     body_format: form-urlencoded
     status_code: 200
     return_content: yes

roles/nginx-modifier-matomo/vars/main.yml

@@ -1,2 +1,2 @@
 base_domain:      "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
-verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}"
+verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{applications.matomo.auth_token}}"

roles/nginx-serve-files/README.md

@@ -0,0 +1,6 @@
+# Nginx Homepage Role
+
+This Ansible role configures an Nginx server to serve files. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
+
+## Author Information
+This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).

roles/nginx-serve-files/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: "include role nginx-modifier-all for {{domain}}"
+  include_role: 
+    name: nginx-modifier-all
+
+- name: "include role nginx-https-recieve-certificate for {{domain}}"
+  include_role: 
+    name: nginx-https-recieve-certificate
+
+- name: "generate {{domains[application_id]}}.conf"
+  template: 
+    src:  "nginx.conf.j2" 
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
+  notify: restart nginx

roles/nginx-serve-files/templates/nginx.conf.j2

@@ -0,0 +1,24 @@
+server
+{
+  server_name {{domains[application_id]}};
+  
+  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+
+  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+  charset utf-8;
+  
+  location /
+  {
+    alias {{nginx.directories.data.files}};  {# Path to your file directory #}
+    autoindex on;                       {# Enable directory listing #}
+    autoindex_exact_size off;           {# Display sizes in a human-readable format #}
+    autoindex_localtime on;             {# Show local time #}
+  }
+
+  location /.well-known/ {
+    alias {{nginx.directories.data.well_known}};
+    allow all;
+    default_type "text/plain";
+    autoindex on;
+  }
+}

roles/nginx-serve-files/vars/main.yml

@@ -0,0 +1,2 @@
+application_id: "file_server"
+domain:         "{{domains[application_id]}}"

roles/nginx-serve-html-legal/README.md

@@ -1,6 +1,6 @@
 # Nginx Homepage Role
 
-This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt, and cloning the homepage content from a Git repository.
+This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
 
 ## Author Information
 This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).

roles/nginx-serve-html-legal/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- nginx-serve-html

roles/nginx-serve-html-legal/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: copy imprint.html
+  template: 
+    src:  "imprint.html.j2" 
+    dest: "{{nginx.directories.data.html}}imprint.html"

roles/nginx-serve-html-legal/templates/imprint.html.j2

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Imprint</title>
+</head>
+<body>
+  <h1>Imprint</h1>
+
+  <h2>Information in accordance with § 5 TMG</h2>
+  <p>
+    <strong>{{ service_provider.company.titel }}</strong><br>
+    {{ service_provider.company.subtitel }}<br>
+    <br>
+    <strong>Address:</strong><br>
+    {{ service_provider.company.address.street }}<br>
+    {{ service_provider.company.address.postal_code }} {{ service_provider.company.address.city }}<br>
+    {{ service_provider.company.address.country }}
+  </p>
+
+  <h2>Contact</h2>
+  <p>
+    Telephone: {{ service_provider.contact.phone }}<br>
+    Email: <a href="mailto:{{ service_provider.contact.email }}">{{ service_provider.contact.email }}</a>
+  </p>
+
+  <h2>Editorial Responsibility</h2>
+  <p>
+    {{ service_provider.legal.editorial_responsible }}
+  </p>
+
+  <h2>Source Code</h2>
+  <p>
+    Code repository available at: <a href="{{ service_provider.legal.source_code }}">{{ service_provider.legal.source_code }}</a>
+  </p>
+
+  <h2>Consumer Dispute Resolution / Universal Arbitration Board</h2>
+  <p>
+    Federal Universal Arbitration Board<br>
+    Center for Arbitration e.V.<br>
+    Straßburger Straße 8<br>
+    77694 Kehl am Rhein
+  </p>
+</body>
+</html>

roles/nginx-serve-html/README.md

@@ -0,0 +1,6 @@
+# Nginx Homepage Role
+
+This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
+
+## Author Information
+This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).

roles/nginx-serve-html/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+- nginx-https
+- git

roles/nginx-serve-html/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: "include role nginx-modifier-all for {{domain}}"
+  include_role: 
+    name: nginx-modifier-all
+
+- name: "include role nginx-https-recieve-certificate for {{domain}}"
+  include_role: 
+    name: nginx-https-recieve-certificate
+
+- name: "generate {{domains[application_id]}}.conf"
+  template: 
+    src:  "nginx.conf.j2" 
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
+  notify: restart nginx

roles/nginx-serve-html/templates/nginx.conf.j2

@@ -1,7 +1,6 @@
-#default
 server
 {
-  server_name {{domain}};
+  server_name {{domains[application_id]}};
   
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
@@ -10,12 +9,12 @@ server
   
   location /
   {
-    root {{nginx.directories.homepage}};
+    root {{nginx.directories.data.html}};
     index index.html index.htm;
   }
 
   location /.well-known/ {
-    alias {{nginx.directories.well_known}};
+    alias {{nginx.directories.data.well_known}};
     allow all;
     default_type "text/plain";
     autoindex on;

roles/nginx-serve-html/vars/main.yml

@@ -0,0 +1,2 @@
+application_id: "html_server"
+domain:         "{{domains[application_id]}}"

roles/nginx-static-repository/tasks/main.yml

@@ -1,16 +0,0 @@
----
-- name: "pull homepage from {{nginx_static_repository_address}}"
-  git:
-    repo: "{{nginx_static_repository_address}}"
-    dest: "{{nginx.directories.homepage}}"
-    update: yes
-  ignore_errors: true
-
-- name: configure {{primary_domain}}.conf
-  template: 
-    src:  "static.nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{primary_domain}}.conf"
-  vars:
-    domain: "{{primary_domain}}"
-  notify: restart nginx
-  when: run_once_nginx is not defined

roles/nginx/tasks/main.yml

@@ -14,9 +14,28 @@
   file:
     path: "{{ item }}"
     state: directory
+    owner: "{{nginx.user}}"
+    group: "{{nginx.user}}"
     mode: '0755'
     recurse: yes
-  loop: "{{ nginx.directories.http.values() | list + [nginx.directories.streams] }}"
+  loop: >
+    {{
+      [ nginx.directories.configuration ] +
+      (nginx.directories.http.values() | list) +
+      [ nginx.directories.streams ] 
+    }}
+  when: run_once_nginx is not defined
+
+- name: Ensure nginx data storage directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: "{{nginx.user}}"
+    group: "{{nginx.user}}"
+    mode:  '0755'
+  loop: >
+    {{ nginx.directories.data.values() | list }}
   when: run_once_nginx is not defined
 
 - name: create nginx config file