filter_plugins/configuration_filters.py

@@ -1,20 +0,0 @@
-def get_oauth2_enabled(applications, application_id):
-    # Retrieve the application dictionary based on the ID
-    app = applications.get(application_id, {})
-    # Retrieve the value for oauth2_proxy.enabled, default is False
-    enabled = app.get('oauth2_proxy', {}).get('enabled', False)
-    return bool(enabled)
-
-def get_css_enabled(applications, application_id):
-    # Retrieve the application dictionary based on the given application_id.
-    app = applications.get(application_id, {})
-    # Retrieve the 'enabled' value from the css key, defaulting to True if not present.
-    enabled = app.get('css', {}).get('enabled', True)
-    return bool(enabled)
-
-class FilterModule(object):
-    def filters(self):
-        return {
-            'get_css_enabled': get_css_enabled,
-            'get_oauth2_enabled': get_oauth2_enabled
-        }

group_vars/all/07_applications.yml

@@ -213,15 +213,4 @@ defaults_applications:
       enabled:                true
       application:            "application"
       port:                   "80"
-      location:               "/admin/"                       # Protects the admin area
+      location:               "/admin/"                       # Protects the admin arear
-    
-
-  wordpress:
-# Deactivate Global theming for wordpress role
-# due to the reason that wordpress has to much different themes
-# and one styling for all is not possible.
-#
-# May a solution could be to generate a template or css file dedicated
-# for wordpress based on the theming values and import it. 
-    css:
-      enabled:       false

group_vars/all/13_theming.yml

@@ -15,4 +15,10 @@ global_theming:
       info:     "#F0F8FF"
     filters:
       saturation_change:  70
-      hue_shift:          0
+      hue_shift:          0
+
+# Global Theming is default enabled for all roles
+# If you want to disable the global css for a role, set 
+# global_theming_enabled: false
+# in var/main.yml
+global_theming_enabled: true

group_vars/all/14_about.yml

@@ -1,24 +0,0 @@
-# This is just a dummy person.
-# Adapt the values in your inventory file
-person:
-  type:           "legal"                                           # Accepted Values: natural, legal
-  name:           "CyMaIS Demo Instance"
-  description:    
-    subtitel:        "Infrastructure Demo solutions"                   # Should be the length of su
-    summary:         "We offer infrastructure solutions for the world"
-    detailed:        ""
-  address:
-    street:       "Binary Avenue 01"
-    city:         "Cybertown"
-    postal_code:  "00001"
-    country:      "Nexusland"
-  contact:
-    bluesky:      "@{{administrator_username}}.{{domains.bluesky_api}}"
-    email:        "contact@{{primary_domain}}"
-    mastodon:     "@{{administrator_username}}@{{domains.mastodon}}"
-    matrix:       "@{{administrator_username}}:{{domains.matrix_synapse}}"
-    peertube:     "@{{administrator_username}}@{{domains.peertube}}"
-    pixelfed:     "@{{administrator_username}}@{{domains.pixelfed}}"
-    phone:        "+0 000 000 404"
-    wordpress:    "@{{administrator_username}}@{{domains.wordpress}}[0]"
-  code:           "https://github.com/kevinveenbirkenbach/cymais"

playbook.servers.yml

@@ -19,11 +19,13 @@
 
 # Priority: 1
 # Almost all other roles depend on the Matomo tracking
-- name: "setup matomo"
+- hosts: all
-  hosts: matomo
+  tasks:
+    - name: "setup matomo hosts if matomo hosts set or global_matomo_tracking_enabled"
+      include_role:
+        name: docker-matomo
+      when: "'matomo' in group_names or (global_matomo_tracking_enabled | bool)"
   become: true
-  roles:
-   -  role: docker-matomo
 
 # Priority: 2
 # Much other roles rely on a working ldap setup
@@ -42,7 +44,7 @@
    -  role: docker-keycloak
 
 - name: setup nextcloud hosts
-  hosts: nextcloud
+  hosts: nextcloud_server
   become: true
   roles:
    -  role: docker-nextcloud

roles/docker-akaunting/vars/main.yml

@@ -1,4 +1,4 @@
-application_id:             "akaunting"
+application_id:     "akaunting"
-database_type:              "mariadb"
+database_type:      "mariadb"
-database_password:          "{{akaunting_database_password}}"
+database_password:  "{{akaunting_database_password}}"
-docker_repository_address:  "https://github.com/akaunting/docker.git"
+repository_address: "https://github.com/akaunting/docker.git"

roles/docker-attendize/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-application_id:             "attendize"
+application_id:     "attendize"
-database_type:              "mariadb"
+database_type:      "mariadb"
-database_password:          "{{attendize_database_password}}"
+database_password:  "{{attendize_database_password}}"
-docker_repository_address:  "https://github.com/Attendize/Attendize.git"
+repository_address: "https://github.com/Attendize/Attendize.git"

roles/docker-discourse/handlers/main.yml

@@ -17,5 +17,5 @@
 - name: rebuild discourse
   command:
     cmd: "./launcher rebuild {{applications.discourse.container}}"
-    chdir: "{{docker_repository_directory }}"
+    chdir: "{{discourse_repository_directory}}"
   listen: recreate discourse

roles/docker-discourse/tasks/main.yml

@@ -32,15 +32,15 @@
 - name: pull docker repository
   git:
     repo: "https://github.com/discourse/discourse_docker.git"
-    dest: "{{docker_repository_directory }}"
+    dest: "{{discourse_repository_directory}}"
     update: yes
   notify: recreate discourse
   become: true
   ignore_errors: true
 
-- name: set chmod 700 for {{docker_repository_directory }}containers
+- name: set chmod 700 for {{discourse_repository_directory}}containers
   ansible.builtin.file:
-    path: "{{docker_repository_directory }}/containers"
+    path: "{{discourse_repository_directory}}/containers"
     mode: '700'
     state: directory
 
@@ -53,7 +53,7 @@
 - name: "destroy container discourse_application"
   command:
     cmd: "./launcher destroy discourse_application"
-    chdir: "{{docker_repository_directory }}"
+    chdir: "{{discourse_repository_directory}}"
   ignore_errors: true
   notify: recreate discourse
   when: mode_reset | bool

roles/docker-discourse/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                         "discourse"
 database_password:                      "{{ applications.discourse.database_password }}"
 database_type:                          "postgres"
-docker_repository_directory :           "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
+discourse_repository_directory:         "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
-discourse_application_yml_destination:  "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"
+discourse_application_yml_destination:  "{{discourse_repository_directory}}containers/{{applications.discourse.container}}.yml"

roles/docker-keycloak/templates/import/realm.json.j2

@@ -836,7 +836,7 @@
       "redirectUris": [
         {%- set redirect_uris = [] -%}
         {%- for application, domain in defaults_domains.items() -%}
-          {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
+          {%- if applications[application_id] is defined and applications[application_id].oauth2_proxy.enabled | default(false) | bool -%}
             {%- if domain is string -%}
               {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
             {%- else -%}

roles/docker-matrix-compose/README.md

@@ -2,10 +2,39 @@
 
 ## Overview
 
-This document serves as the README for the `docker-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Docker. This role was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)
+This document serves as the README for the `docker-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Docker. 
 
 Matrix is an open-source project that provides a protocol for secure, decentralized, real-time communication. It offers features like end-to-end encrypted chat, VoIP, and file sharing, catering to both individual and enterprise users. With a focus on interoperability, Matrix can bridge with other communication systems, offering a unified platform for messaging and collaboration.
 
+## Dependencies
+
+- `nginx-docker-reverse-proxy` (see `meta/main.yml`)
+
+## Files and Their Functions
+
+1. **`vars/main.yml`**: Defines variables such as `docker_compose.directories.instance`.
+2. **`handlers/main.yml`**: Contains handlers like `recreate matrix` for restarting the Matrix service.
+3. **`tasks/main.yml`**: Contains main tasks like creating directories and configuration files.
+4. **`templates/log.config.j2`**: Template for the Matrix server's logging configuration.
+5. **`templates/homeserver.yaml.j2`**: Template for the main configuration file of the Matrix server.
+6. **`templates/docker-compose.yml.j2`**: Docker-Compose template for setting up the Matrix server and database.
+
+## Important Administration Commands
+
+- **Create Matrix Users**: 
+  ```
+  docker compose exec -it synapse register_new_matrix_user -u [Username] -p [Password] -a -c /data/homeserver.yaml http://localhost:8008
+  ```
+- **Execute Docker-Compose Commands**:
+  - Restart services: 
+    ```
+    docker-compose up -d --force-recreate
+    ```
+  - View logs:
+    ```
+    docker-compose logs
+    ```
+
 ## Cleanup 
 ```
 # Cleanup Database
@@ -41,7 +70,6 @@ For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/
 - https://cyberhost.uk/element-matrix-setup/
 - https://www.linode.com/docs/guides/how-to-install-the-element-chat-app/
 - https://hub.docker.com/r/vectorim/element-web
-- https://github.com/matrix-org/matrix-synapse-ldap3
 
 ## Links to ChatGPT Conversations
 

roles/docker-oauth2-proxy/templates/container.yml.j2

@@ -1,4 +1,4 @@
-{% if applications | get_oauth2_enabled(application_id) %}
+{% if applications[application_id].oauth2_proxy.enabled | default(false) | bool %}
   oauth2-proxy:
     image: quay.io/oauth2-proxy/oauth2-proxy:{{applications.oauth2_proxy.version}}
     restart: {{docker_restart_policy}}

roles/docker-openproject/README.md

@@ -1,8 +1,22 @@
-# OpenProject Role
+# README.md for Docker OpenProject Role
 
 ## Overview
 
-This role is designed to deploy the [OpenProject](https://www.openproject.org/) application using Docker. It includes tasks for setting up the environment, pulling the Docker repository, and configuring a reverse proxy with Nginx. It was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)
+This role is designed to deploy the OpenProject application using Docker. It includes tasks for setting up the environment, pulling the Docker repository, and configuring a reverse proxy with Nginx.
+
+## Requirements
+
+- Ansible
+- Docker
+- Docker Compose
+- Access to the GitHub repository "opf/openproject-deploy"
+
+## Role Variables
+
+The role uses several variables, defined in `vars/main.yml`:
+
+- `repository_directory`: The directory for the OpenProject repository.
+- `docker_compose.directories.instance`: Directory for Docker Compose instances.
 
 ## Handlers
 
@@ -18,6 +32,14 @@ Outlined in `tasks/main.yml`, the role includes tasks for:
 - Warning if the repository is not reachable.
 - Copying the `.env` file from a template.
 
+## Templates
+
+`env.j2` in `templates/` folder is a Jinja2 template for the `.env` file, setting up environment variables for the OpenProject container.
+
+## Dependencies
+
+This role depends on `nginx-docker-reverse-proxy`, as defined in `meta/main.yml`.
+
 ## Usage
 
 To use this role, include it in your Ansible playbook and set the necessary variables, especially those required in the `.env` file template.

roles/docker-openproject/handlers/main.yml

@@ -3,6 +3,14 @@
   command:
     cmd: docker build --no-cache -t {{custom_openproject_image}} .
     chdir: "{{openproject_plugins_service}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600
+
+- name: rebuild openproject repository
+  command:
+    cmd: docker compose build 
+    chdir: "{{openproject_repository_service}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600

roles/docker-openproject/tasks/main.yml

@@ -7,6 +7,12 @@
   include_role: 
     name: nginx-domain-setup
 
+#- name: "include tasks update-repository-with-files.yml"
+#  include_tasks: update-repository-with-files.yml
+#  vars:
+#    detached_files: 
+#      - "docker-compose.yml"
+
 - name: "Create {{openproject_plugins_service}}"
   file:
     path: "{{openproject_plugins_service}}"
@@ -29,9 +35,15 @@
     - docker compose project setup
     - rebuild custom openproject docker image
 
-- name: "include role docker-repository-setup for {{application_id}}"
+- name: pull docker repository
-  include_role: 
+  git:
-    name: docker-repository-setup
+    repo: "{{ repository_address }}"
+    dest: "{{ openproject_repository_service }}"
+    update: yes
+  notify:
+    - docker compose project setup
+    - rebuild openproject repository
+  become: true
 
 - name: "create {{dummy_volume}}"
   file:

roles/docker-openproject/vars/main.yml

@@ -1,10 +1,12 @@
-application_id:               "openproject"
+application_id:                               "openproject"
-docker_repository_address:    "https://github.com/opf/openproject-deploy"
+repository_address:                           "https://github.com/opf/openproject-deploy"
-database_password:            "{{openproject_database_password}}"
+database_password:                            "{{openproject_database_password}}"
-database_type:                "postgres"
+database_type:                                "postgres"
+
+openproject_plugins_service:                  "{{docker_compose.directories.services}}plugins/"
+openproject_repository_service:               "{{docker_compose.directories.services}}repository/"
+custom_openproject_image:                     "custom_openproject"
 
-openproject_plugins_service:  "{{docker_compose.directories.services}}plugins/"
-custom_openproject_image:     "custom_openproject"
 
 # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
-dummy_volume:                 "{{docker_compose.directories.volumes}}dummy_volume"
+dummy_volume:                                 "{{docker_compose.directories.volumes}}dummy_volume"

roles/docker-portfolio/tasks/main.yml

@@ -7,28 +7,17 @@
   include_role: 
     name: nginx-domain-setup
 
-- name: "include role docker-repository-setup for {{application_id}}"
+- name: "include tasks update-repository-with-files.yml"
-  include_role: 
+  include_tasks: update-repository-with-files.yml
-    name: docker-repository-setup
+  vars:
+    detached_files: 
+      - "docker-compose.yml"
 
-- name: Check if host-specific config.yaml exists
+- name: create {{docker_compose.directories.instance}}/app/config.yaml
-  stat:
-    path: "{{ config_inventory_path }}"
-  register: config_file
-
-- name: Copy host-specific config.yaml if it exists
   copy:
-    src: "{{ config_inventory_path }}"
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml"
-    dest: "{{docker_repository_path}}/app/config.yaml"
+    dest: "{{docker_compose.directories.instance}}/app/config.yaml"
   notify: docker compose project setup
-  when: config_file.stat.exists
-
-- name: Copy default config.yaml from the role template if host-specific file does not exist
-  template:
-    src: "config.yaml.j2"
-    dest: "{{docker_repository_path}}/app/config.yaml"
-  notify: docker compose project setup
-  when: not config_file.stat.exists
 
 - name: add docker-compose.yml
   template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml

roles/docker-portfolio/templates/config.yaml.j2

@@ -1,303 +0,0 @@
----
-accounts:
-  name: Online Presence
-  description: Discover {{ 'our' if person.type == 'legal' else 'my' }} online presence.
-  icon:
-      class: fa-solid fa-users
-  children:
-  - name: Publishing Channels
-    description: Platforms where I share content.
-    icon:
-      class: fas fa-newspaper
-    children:
-    - name: Microblogs
-      description: Stay updated with {{ 'our' if person.type == 'legal' else 'my' }} microblogs.
-      icon:
-        class: fa-solid fa-pen-nib
-      children:
-{% if person.contact.mastodon is defined %}
-      - name: Mastodon
-        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} updates on Mastodon.
-        icon:
-          class: fa-brands fa-mastodon
-        url: "https://{{ person.contact.mastodon.split('@')[2] }}/@{{ person.contact.mastodon.split('@')[1] }}"
-        identifier: "{{person.contact.mastodon}}"
-{% endif %}
-{% if person.contact.bluesky is defined %}
-      - name: Bluesky
-        description: Follow {{ 'our' if person.type == 'legal' else 'my' }} on Bluesky.
-        icon:
-          class: fa-brands fa-bluesky
-        alternatives:
-        - link: accounts.publishingchannels.microblogs.mastodon
-        identifier: "{{person.contact.bluesky}}"
-{% endif %}
-{% if person.contact.pixelfed is defined %}
-    - name: Pictures
-      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} photo gallery on Pixelfed.
-      icon:
-          class: fa-solid fa-camera
-      identifier: "{{person.contact.pixelfed}}"
-      url: "https://{{ person.contact.pixelfed.split('@')[2] }}/@{{ person.contact.pixelfed.split('@')[1] }}"
-{% endif %}
-{% if person.contact.peertube is defined %}
-    - name: Peertube
-      description: Discover {{ 'our' if person.type == 'legal' else 'my' }} videos on Peertube.
-      icon:
-        class: fa-solid fa-video
-      identifier: "{{person.contact.peertube}}"
-      url: "https://{{ person.contact.peertube.split('@')[2] }}/@{{ person.contact.peertube.split('@')[1] }}"
-{% endif %}
-{% if person.contact.wordpress is defined %}
-    - name: Blog
-      description: Read {{ 'our' if person.type == 'legal' else 'my' }} articles and stories.
-      icon:
-          class: fa-solid fa-blog
-      identifier: "{{person.contact.wordpress}}"
-      url: "https://{{ person.contact.wordpress.split('@')[2] }}/@{{ person.contact.wordpress.split('@')[1] }}"
-{% endif %}
-{% if person.contact.code is defined %}
-    - name: Code
-      description: Explore {{ 'our' if person.type == 'legal' else 'my' }} code.
-      icon:
-        class: fa-solid fa-code
-      url: "{{person.code}}"
-{% endif %}
-{% if person.contact.friendica is defined %}
-  - name: Social Networks
-    description: Visit {{ 'our' if person.type == 'legal' else 'my' }} friendica profile
-    icon:
-      class: fas fa-network-wired
-    identifier: "{{person.contact.friendica}}"
-    url: "https://{{ person.contact.friendica.split('@')[2] }}/@{{ person.contact.friendica.split('@')[1] }}"
-{% endif %}
-  - link: navigation.header.contact.messenger
-
-cards:
-- icon: 
-    source: https://cloud.veen.world/s/logo_agile_coach_512x512/download
-  title: Agile Coach
-  text: I lead agile transformations and improve team dynamics through Scrum, DevOps,
-    and Agile Coaching. My goal is to enhance collaboration and efficiency in organizations,
-    ensuring agile principles are effectively implemented for sustainable success.
-  url: https://www.agile-coach.world
-  link_text: www.agile-coach.world
-- icon: 
-    source: https://cloud.veen.world/s/logo_personal_coach_512x512/download
-  title: Personal Coach
-  text: Offering personalized coaching for growth and development, I utilize a blend
-    of hypnotherapy, mediation, and holistic techniques. My approach is tailored to
-    help you achieve personal and professional milestones, fostering holistic well-being.
-  url: https://www.personalcoach.berlin
-  link_text: www.personalcoach.berlin
-- icon: 
-    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
-  title: Yachtmaster
-  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
-    and voyage planning services. Whether you're learning to sail or need an experienced
-    skipper, my expertise ensures a safe and enjoyable experience on the water.
-  url: https://www.yachtmaster.world
-  link_text: www.yachtmaster.world
-- icon: 
-    source: https://cloud.veen.world/s/logo_yachtmaster_512x512/download
-  title: Yachtmaster
-  text: As a Yachtmaster, I provide comprehensive sailing education, yacht delivery,
-    and voyage planning services. Whether you're learning to sail or need an experienced
-    skipper, my expertise ensures a safe and enjoyable experience on the water.
-  url: https://www.yachtmaster.world
-  link_text: www.yachtmaster.world
-company:
-  titel: {{person.name}}
-  subtitel: {{person.description.subtitel}}
-  logo:
-    source: https://cloud.veen.world/s/logo_face_512x512/download
-  favicon:
-    source: https://cloud.veen.world/s/veen_world_favicon/download
-  address:
-{{ person.address | to_nice_yaml(indent=4) | indent(2) }}
-  imprint_url: https://s.veen.world/imprint
-navigation:
-  header:
-    children:
-    - link: accounts.publishingchannels.children
-    - link: accounts.socialnetworks
-    - name: Contact
-      description: Get in touch with {{ 'us' if person.type == 'legal' else 'me' }} 
-      icon:
-          class: fa-solid fa-envelope
-      children:
-{% if person.contact.email is defined %}
-      - name: Email
-        description: Send {{ 'us' if person.type == 'legal' else 'me' }} an email
-        icon:
-          class: fa-solid fa-envelope
-        url: mailto:{{person.contact.email}}
-        identifier: {{person.contact.email}}
-        alternatives:
-          - link: navigation.header.contact.messenger.matrix
-{% endif %}
-{% if person.contact.phone is defined %}
-      - name: Mobile
-        description: Call {{ 'us' if person.type == 'legal' else 'me' }}
-        icon:
-          class: fa-solid fa-phone
-        url: "tel:{{person.contact.phone}}"
-        identifier: "{{person.contact.phone}}"
-        target: _top
-{% endif %}
-{% if person.contact.matrix is defined %}
-      - name: Matrix
-        description: Chat with {{ 'us' if person.type == 'legal' else 'me' }} on Matrix
-        icon:
-          class: fa-solid fa-cubes
-        identifier: "{{person.contact.matrix}}"
-{% endif %}
-  footer:
-    children:
-    - link: accounts
-    - name: Solution Hub
-      description: Curated collection of self hosted tools
-      icon:
-          class: fa-solid fa-network-wired
-      url: 
-      children:
-      - name: Community
-        description: Tools to manage the community
-        icon:
-            class: fa-solid fa-users
-        children:
-{% if "discourse" in group_names %}
-        - name: Forum
-          description: Join the discussion
-          icon:
-            class: fa-brands fa-discourse
-          url: https://{{domains.discourse}}/
-{% endif %}
-{% if "moodle" in group_names %}
-        - name: Learning Platform
-          description: Learn with {{ 'our' if person.type == 'legal' else 'my' }} academy
-          icon:
-            class: fa-solid fa-graduation-cap
-          url: https://{{domains.moodle}}/
-{% endif %}
-{% if "listmonk" in group_names %}
-        - name: Newsletter
-          description: Subscribe to {{ 'our' if person.type == 'legal' else 'my' }} newsletter
-          icon:
-            class: fa-solid fa-envelope-open-text
-          url: https://{{domains.listmonk}}/subscription/form
-{% endif %}
-      - name: Project Management
-        description: Project Management Tools
-        icon:
-            class: fa-solid fa-chart-line
-        children:
-{% if "openproject" in group_names %}
-        - name: Open Project
-          description: Explore {{ 'our' if person.type == 'legal' else 'my' }} projects
-          icon:
-            class: fa-solid fa-tasks
-          url: https://{{domains.openproject}}/
-{% endif %}
-{% if "taiga" in group_names %}       
-        - name: Taiga
-          description: View {{ 'our' if person.type == 'legal' else 'my' }} Kanban board
-          icon:
-            class: bi bi-clipboard2-check-fill
-          url: https://{{domains.taiga}}/
-{% endif %}
-{% if "snipe_it" in group_names %}        
-        - name: Snipe IT
-          description: Manage {{ 'our' if person.type == 'legal' else 'my' }} inventory
-          icon:
-            class: fas fa-box-open
-          url: https://{{domains.snipe_it}}/
-{% endif %}          
-      - name: Communication
-        icon:
-          class: fa-solid fa-comments
-        children:
-{% if "matrix" in group_names %}   
-        - name: Elements
-          description: Chat with the world
-          icon:
-            class: fa-solid fa-comment
-          url: https://{{domains.matrix_element}}/
-{% endif %}
-{% if "bigbluebutton" in group_names %}             
-        - name: Big Blue Button
-          description: Join live events
-          icon:
-            class: fa-solid fa-video
-          url: https://{{domains.bigbluebutton}}/
-{% endif %}
-{% if "mailu" in group_names %}            
-        - name: Mailu
-          description: Send{{ 'our' if person.type == 'legal' else 'my' }}a mail
-          icon:
-            class: fa-solid fa-envelope
-          url: https://{{domains.mailu}}/
-{% endif %}
-      - name: Administration
-        icon:
-          class: fas fa-building
-        children:
-{% if "matomo" in group_names %}   
-        - name: Matomo
-          description: Analyze with Matomo
-          icon:
-            class: fa-solid fa-chart-simple
-          url: https://{{domains.matomo}}/
-{% endif %}
-{% if "phpmyadmin" in group_names %}   
-        - name: phpMyAdmin
-          description: Administrate MySQL and MariaDB databases
-          icon:
-            class: fas fa-database
-          url: https://{{domains.phpmyadmin}}/
-{% endif %}
-{% if "keycloak" in group_names %}   
-        - name: Keycloak
-          description: Manage User via Keycloak
-          icon:
-            class: fas fa-user-shield
-          url: https://{{domains.keycloak}}/admin
-{% endif %}
-{% if "ldap" in group_names %}   
-        - name: LDAP
-          description: Manage LDAP
-          icon:
-            class: fas fa-key
-          url: https://{{domains.ldap}}/
-{% endif %}
-      - name: Tools
-        icon:
-          class: fas fa-tools
-        children:
-{% if "baserow" in group_names %}   
-        - name: Baserow
-          description: Organize with Baserow
-          icon:
-            class: fa-solid fa-table
-          url: https://{{domains.baserow}}/    
-{% endif %}
-{% if "yourls" in group_names %}   
-        - name: Yourls
-          description: Create Shortlinks
-          icon:
-            class: bi bi-link
-          url: https://{{domains.yourls}}/admin/
-{% endif %}
-{% if "nextcloud" in group_names %}             
-        - name: Nextcloud
-          description: Access your cloud storage
-          icon:
-            class: fa-solid fa-cloud
-          url: https://{{domains.nextcloud}}/
-{% endif %}
-    - name: Imprint
-      description: Check out the imprint information
-      icon:
-          class: fa-solid fa-scale-balanced
-      url: https://s.veen.world/imprint
-  

roles/docker-portfolio/templates/docker-compose.yml.j2

@@ -1,14 +1,14 @@
 services:
   portfolio:
     build:
-      context: {{docker_repository_path}}
+      context: .
       dockerfile: Dockerfile
     image: application-portfolio
     container_name: portfolio
     ports:
       - 127.0.0.1:{{http_port}}:5000
     volumes:
-      - {{docker_repository_path}}app:/app
+      - ./app:/app
     restart: unless-stopped
 {% include 'templates/docker/container/networks.yml.j2' %}
     healthcheck:

roles/docker-portfolio/vars/main.yml

@@ -1,3 +1,3 @@
-application_id:             "portfolio"
+application_id:         "portfolio"
-docker_repository_address:  "https://github.com/kevinveenbirkenbach/portfolio"
+repository_address:     "https://github.com/kevinveenbirkenbach/portfolio"
-config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml"
+global_theming_enabled: true # Activate Global CSS for Portfolio

roles/docker-repository-setup/README.md

@@ -1,50 +0,0 @@
-# Docker Repository Setup 🚀
-
-This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose. 
-
-## Features 🔧
-
-- **Default Path Setup:**  
-  Automatically sets a default `docker_repository_path` if not already defined.
-
-- **Repository Management:**  
-  Clones or updates your Docker repository from a specified Git repository.
-
-- **Automated Build Trigger:**  
-  Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts.
-
-## Role Structure 📂
-
-- **Handlers:**  
-  - `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings.
-
-- **Tasks:**  
-  - Sets the default repository path if undefined.
-  - Pulls the latest code from the Docker repository.
-  - Notifies the Docker Compose project setup and triggers a repository rebuild.
-
-- **Meta:**  
-  - Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded.
-
-## Usage ⚙️
-
-Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`):
-
-- `docker_repository_address`: The Git repository URL of your Docker repository.
-- `docker_compose.directories.services`: The base directory where your Docker services are stored.  
-  The role will append `repository/` to this path to form `docker_repository_path`.
-
-If `docker_repository_path` is not defined, the role will automatically set it to:
-  
-```yaml
-"{{ docker_compose.directories.services }}repository/"
-```
-
-## Author
-
-Kevin Veen-Birkenbach  
-[https://www.veen.world](https://www.veen.world)
-
----
-
-Happy deploying! 🚀🐳

roles/docker-repository-setup/handlers/main.yml

@@ -1,7 +0,0 @@
-- name: rebuild docker repository
-  command:
-    cmd:   docker compose build 
-    chdir: "{{docker_repository_path}}"
-  environment:
-    COMPOSE_HTTP_TIMEOUT: 600
-    DOCKER_CLIENT_TIMEOUT: 600

roles/docker-repository-setup/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-- docker-compose  # To load handlers and make dependencies visible

roles/docker-repository-setup/tasks/main.yml

@@ -1,14 +0,0 @@
-- name: Set default docker_repository_path if not defined
-  set_fact:
-    docker_repository_path: "{{docker_compose.directories.services}}repository/"
-  when: docker_repository_path is not defined
-
-- name: pull docker repository
-  git:
-    repo: "{{ docker_repository_address }}"
-    dest: "{{ docker_repository_path }}"
-    update: yes
-  notify:
-    - docker compose project setup
-    - rebuild docker repository
-  become: true

roles/docker-taiga/tasks/main.yml

@@ -7,9 +7,13 @@
   include_role: 
     name: nginx-domain-setup
 
-- name: "include role docker-repository-setup for {{application_id}}"
+- name: pull docker repository
-  include_role: 
+  git:
-    name: docker-repository-setup
+    repo: "{{ repository_address }}"
+    dest: "{{ docker_compose.directories.services }}"
+    update: yes
+  notify: docker compose project setup
+  become: true
 
 - name: "create {{docker_compose_init}}"
   template:

roles/docker-taiga/templates/docker-compose.yml.j2

@@ -81,7 +81,7 @@ services:
     ports:
       - "127.0.0.1:{{http_port}}:80"
     volumes:
-      - {{docker_repository_path}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
+      - {{docker_compose.directories.services}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
       - static-data:/taiga/static
       - media-data:/taiga/media
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}

roles/docker-taiga/vars/main.yml

@@ -1,6 +1,6 @@
-application_id:              "taiga"
+application_id:       "taiga"
-database_type:               "postgres"
+database_type:        "postgres"
-database_password:           "{{taiga_database_password}}"
+database_password:    "{{taiga_database_password}}"
-docker_repository_address:   "https://github.com/taigaio/taiga-docker"
+repository_address:   "https://github.com/taigaio/taiga-docker"
-email_backend:               "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
+email_backend:        "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
-docker_compose_init:         "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
+docker_compose_init:  "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"

roles/docker-wordpress/vars/main.yml

@@ -2,4 +2,12 @@ application_id:  	          "wordpress"
 wordpress_max_upload_size:  "64M"
 database_type:              "mariadb"
 database_password:  	      "{{wordpress_database_password}}"
-custom_wordpress_image:     "custom_wordpress"
+custom_wordpress_image:     "custom_wordpress"
+
+# Deactivate Global theming for wordpress role
+# due to the reason that wordpress has to much different themes
+# and one styling for all is not possible.
+#
+# May a solution could be to generate a template or css file dedicated
+# for wordpress based on the theming values and import it. 
+global_theming_enabled:     false 

roles/nginx-docker-reverse-proxy/templates/domain.conf.j2

@@ -2,7 +2,7 @@ server
 {
   server_name {{domain}};
 
-  {% if applications | get_oauth2_enabled(application_id) %}
+  {% if applications[application_id].oauth2_proxy.enabled | default(false) | bool %}
     {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
   {% endif %}
 
@@ -15,7 +15,7 @@ server
 
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
-  {% if applications | get_oauth2_enabled(application_id) %}
+  {% if applications[application_id].oauth2_proxy.enabled | default(false) %}
     {% if applications[application_id].oauth2_proxy.location is defined %}
       {# Exposed and Unprotected Location #}
       {% include 'proxy_pass.conf.j2' %}

roles/nginx-domain-setup/tasks/main.yml

@@ -22,4 +22,4 @@
 - name: "include the docker-oauth2-proxy role {{domain}}"
   include_role:
     name: docker-oauth2-proxy
-  when: applications | get_oauth2_enabled(application_id)
+  when: applications[application_id].oauth2_proxy.enabled | default(false) | bool

roles/nginx-modifier-all/README.md

@@ -7,10 +7,10 @@ This role enhances your Nginx configuration by conditionally injecting global Ma
 ## Features
 
 - **Global Matomo Tracking**  
-  The role includes Matomo tracking configuration and injects the corresponding tracking script into your HTML.
+  When enabled (`global_matomo_tracking_enabled` is `true`), the role includes Matomo tracking configuration and injects the corresponding tracking script into your HTML.
 
 - **Global Theming**  
-  The role injects a global CSS link for consistent theming across your site.
+  When enabled (`global_theming_enabled` is `true`), the role injects a global CSS link for consistent theming across your site.
 
 - **Smart Injection**  
   Uses Nginx's `sub_filter` to insert the tracking and theming snippets right before the closing `</head>` tag of your HTML documents.

roles/nginx-modifier-all/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - nginx-modifier-css # Just required to load once

roles/nginx-modifier-all/tasks/main.yml

@@ -1,8 +1,3 @@
-- name: "Activate Global CSS for {{domain}}"
-  include_role:
-    name: nginx-modifier-css
-  when: applications | get_css_enabled(application_id) 
-
 - name: "Activate Global Matomo Tracking for {{domain}}"
   include_role:
     name: nginx-modifier-matomo

roles/nginx-modifier-all/templates/global.includes.conf.j2

@@ -1,17 +1,17 @@
-{# Allow multiple sub_filters #}
+# Allow multiple sub_filters
 sub_filter_once off;
 sub_filter_types text/html;
 
 {% if global_matomo_tracking_enabled | bool %}
-  {# Include Global Matomo Tracking #}
+  # Include Global Matomo Tracking
   {% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %}
 {% endif %}
 
-{% if applications | get_css_enabled(application_id) or global_matomo_tracking_enabled | bool%}
+{% if global_theming_enabled | bool or global_matomo_tracking_enabled | bool%}
-  sub_filter '</head>' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if applications | get_css_enabled(application_id) %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
+  sub_filter '</head>' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if global_theming_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
 {% endif %}
 
-{% if applications | get_css_enabled(application_id) %}
+{% if global_theming_enabled | bool %}
-  {# Include Global CSS Location #}
+  # Include Global CSS Location
   {% include 'roles/nginx-modifier-css/templates/location.conf.j2' %}
 {% endif %}

roles/nginx-modifier-css/tasks/main.yml

@@ -1,5 +1,3 @@
-# Load this role via nginx-modifier-all for consistency
-
 - name: Ensure {{nginx.directories.global}} directory exists
   file:
     path: "{{nginx.directories.global}}"
@@ -7,7 +5,7 @@
     owner: "{{nginx.user}}"
     group: "{{nginx.user}}"
     mode: '0755'
-  when: run_once_nginx_global_css is not defined
+  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
 
 - name: Deploy global.css from template
   template:
@@ -16,18 +14,18 @@
     owner: "{{nginx.user}}"
     group: "{{nginx.user}}"
     mode: '0644'
-  when: run_once_nginx_global_css is not defined
+  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
 
 - name: Get stat for global.css destination file
   stat:
     path: "{{ global_css_destination }}"
   register: global_css_stat
-  when: run_once_nginx_global_css is not defined
+  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
 
 - name: Set global_css_version to file modification time
   set_fact:
     global_css_version: "{{ global_css_stat.stat.mtime }}"
-  when: run_once_nginx_global_css is not defined
+  when: run_once_nginx_global_css is not defined and global_theming_enabled | bool
 
 - name: Mark global css tasks as run once
   set_fact:

roles/nginx-modifier-matomo/tasks/main.yml

@@ -1,5 +1,3 @@
-# Load this role via nginx-modifier-all for consistency
-
 - name: "Relevant variables for role: {{ role_path | basename }}"
   debug:
     msg:

roles/nginx/tasks/main.yml

@@ -4,6 +4,16 @@
   notify: restart nginx
   when: run_once_nginx is not defined
 
+# I assume the following can be deleted
+# @todo Delete
+
+- name: install nginx-mod-headers-more for matomo
+  pacman: 
+    name: nginx-mod-headers-more
+    state: present
+  notify: restart nginx
+  when: run_once_nginx is not defined and global_matomo_tracking_enabled | bool
+
 - name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
   file:
     path: "{{ nginx.directories.configuration }}"

roles/nginx/templates/nginx.conf.j2

@@ -1,3 +1,8 @@
+{% if global_matomo_tracking_enabled | bool %}
+# @todo Assume this can be removed. Remove. 
+load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
+{% endif %}
+
 worker_processes auto;
 
 events
@@ -10,12 +15,12 @@ http
   include mime.types;
   default_type text/html;
 
-  {# caching #}
+  # caching
   proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache:20m max_size=20g inactive=14d use_temp_path=off;
 
-  {# logging and debugging #}
+  # logging and debugging
 {% if enable_debug | bool %}
-  {# individual log format for better debugging #}
+  # individual log format for better debugging
   log_format debug '$host - $remote_addr [$time_local] '
                   '"$request" $status $body_bytes_sent '
                   '"Referer: $http_referer" '
@@ -34,7 +39,7 @@ http
   sendfile on;
   keepalive_timeout 65;
 
-  {# gzip #}
+  # gzip
   gzip on;
   gzip_proxied any;
   gzip_vary on;

roles/update-docker/templates/update-docker.py.j2

@@ -124,9 +124,9 @@ def update_discourse(directory):
     """
     Updates Discourse by running the rebuild command on the launcher script.
     """
-    docker_repository_directory   = os.path.join(directory, "services", "{{applications.discourse.repository}}")
+    repository_directory = os.path.join(directory, "services", "{{applications.discourse.repository}}")
-    print(f"Using path {docker_repository_directory } to pull discourse repository.")
+    print(f"Using path {repository_directory} to pull discourse repository.")
-    os.chdir(docker_repository_directory )
+    os.chdir(repository_directory)
     if git_pull():
         print("Start Discourse update procedure.")
         update_procedure("docker stop {{applications.discourse.container}}")

tasks/update-repository-with-files.yml

@@ -4,7 +4,7 @@
 - name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
   ansible.builtin.set_fact:
     merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
-  when: applications | get_oauth2_enabled(application_id)
+  when: applications[application_id].oauth2_proxy.enabled | default(false) | bool
 
 - name: "backup detached files"
   command: >
@@ -21,12 +21,10 @@
     chdir: "{{docker_compose.directories.instance}}"
   ignore_errors: true
 
-# This could be replaced by include_role: docker-repository-setup
-# Attendize and Akaunting still use this. When you refactor this code replace this.
 - name: pull docker repository
   git:
-    repo: "{{ docker_repository_address }}"
+    repo: "{{ repository_address }}"
-    dest: "{{ docker_repository_directory  | default(docker_compose.directories.instance) }}"
+    dest: "{{ repository_directory | default(docker_compose.directories.instance) }}"
     update: yes
   notify: docker compose project setup
   become: true