Finalized matomo integration into new architecture

Solved streaming bugs
Finished moodle adaptation to new structure
2025-09-08 03:07:14 +02:00 · 2025-07-17 12:09:20 +02:00 · 2025-07-17 09:47:08 +02:00 · 2025-07-17 09:18:24 +02:00 · 2025-07-17 08:24:07 +02:00 · 2025-07-17 08:22:59 +02:00
40 changed files with 235 additions and 166 deletions
--- a/filter_plugins/get_cymais_path.py
+++ b/filter_plugins/get_cymais_path.py
@@ -1,50 +0,0 @@
-# filter_plugins/get_cymais_path.py
-
-"""
-This plugin provides filters to extract the CyMaIS directory and file identifiers
-from a given role name. It assumes the role name is structured as 'dir_file'.
-If the structure is invalid (e.g., missing or too many underscores), it raises an error.
-These filters are used to support internal processing within CyMaIS.
-"""
-
-from ansible.errors import AnsibleFilterError
-
-
-class CymaisPathExtractor:
-    """Extracts directory and file parts from role names in the format 'dir_file'."""
-
-    def __init__(self, value):
-        self.value = value
-        self._parts = self._split_value()
-
-    def _split_value(self):
-        parts = self.value.split("_")
-        if len(parts) != 2:
-            raise AnsibleFilterError(
-                f"Invalid format: '{self.value}' must contain exactly one underscore (_)"
-            )
-        return parts
-
-    def get_dir(self):
-        return self._parts[0]
-
-    def get_file(self):
-        return self._parts[1]
-
-
-def get_cymais_dir(value):
-    return CymaisPathExtractor(value).get_dir()
-
-
-def get_cymais_file(value):
-    return CymaisPathExtractor(value).get_file()
-
-
-class FilterModule(object):
-    """Ansible filter plugin for CyMaIS path parsing."""
-
-    def filters(self):
-        return {
-            "get_cymais_dir": get_cymais_dir,
-            "get_cymais_file": get_cymais_file,
-        }
--- a/filter_plugins/get_public_id.py
+++ b/filter_plugins/get_public_id.py
@@ -0,0 +1,17 @@
+class FilterModule(object):
+    def filters(self):
+        return {
+            'get_public_id': self.get_public_id
+        }
+
+    def get_public_id(self, value):
+        """
+        Extract the substring after the last hyphen in the input string.
+        Example:
+          'service-user-abc123' => 'abc123'
+        """
+        if not isinstance(value, str):
+            raise ValueError("Expected a string")
+        if '-' not in value:
+            raise ValueError("No hyphen found in input string")
+        return value.rsplit('-', 1)[-1]
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@@ -7,9 +7,9 @@ ports:
    # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API
    websocket:
      web-app-mastodon: 4001
-      espocrm: 4002
+      web-app-espocrm: 4002
    oauth2_proxy:
-      phpmyadmin: 4181
+      web-app-phpmyadmin: 4181
      lam: 4182
      web-app-openproject: 4183
      yourls: 4184
@@ -46,21 +46,21 @@ ports:
      web-app-openproject: 8023
      gitlab: 8024
      web-app-akaunting: 8025
-      moodle: 8026
+      web-app-moodle: 8026
      taiga: 8027
      friendica: 8028
      web-app-port-ui: 8029
      bluesky_api: 8030
      bluesky_web: 8031
-      keycloak: 8032
+      web-app-keycloak: 8032
      lam: 8033
-      phpmyadmin: 8034
+      web-app-phpmyadmin: 8034
      snipe-it: 8035
      sphinx: 8036
      phpldapadmin: 8037
      fusiondirectory: 8038
      presentation: 8039
-      espocrm: 8040
+      web-app-espocrm: 8040
      syncope: 8041
      collabora: 8042
      mobilizon: 8043
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@@ -28,7 +28,7 @@ defaults_networks:
      subnet: 192.168.101.128/28
    web-app-joomla:
      subnet: 192.168.101.144/28
-    keycloak:
+    web-app-keycloak:
      subnet: 192.168.101.160/28
    web-app-wordpress:
      subnet: 192.168.101.176/28
@@ -46,7 +46,7 @@ defaults_networks:
      # Use one of the last container ips for dns resolving so that it isn't used
      dns: 192.168.102.29
      subnet: 192.168.102.16/28
-    moodle:
+    web-app-moodle:
      subnet: 192.168.102.32/28
    web-app-mybb:
      subnet: 192.168.102.48/28
@@ -56,7 +56,7 @@ defaults_networks:
      subnet: 192.168.102.80/28
    web-app-peertube:
      subnet: 192.168.102.96/28
-    phpmyadmin:
+    web-app-phpmyadmin:
      subnet: 192.168.102.112/28
    web-app-pixelfed:
      subnet: 192.168.102.128/28
@@ -80,7 +80,7 @@ defaults_networks:
      subnet: 192.168.103.32/28
    presentation:
      subnet: 192.168.103.48/28
-    espocrm:
+    web-app-espocrm:
      subnet: 192.168.103.64/28
    syncope:
      subnet: 192.168.103.80/28
--- a/group_vars/all/12_oidc.yml
+++ b/group_vars/all/12_oidc.yml
@@ -12,7 +12,7 @@ _oidc_client_realm:         "{{ oidc.client.realm if oidc.client is defined and
 _oidc_url:                  "{{ 
                                (oidc.url 
                                  if (oidc is defined and oidc.url is defined) 
-                                  else web_protocol ~ '://' ~ (domains | get_domain('keycloak'))
+                                  else web_protocol ~ '://' ~ (domains | get_domain('web-app-keycloak'))
                                ) 
                            }}"
 _oidc_client_issuer_url:    "{{ _oidc_url }}/realms/{{_oidc_client_realm}}"
--- a/roles/cmp-rdbms/vars/database.yml
+++ b/roles/cmp-rdbms/vars/database.yml
@@ -1,13 +1,12 @@
 # Helper variables
 _database_id:           "svc-db-{{ database_type }}"
 _database_central_name: "{{ applications | get_app_conf( _database_id, 'docker.services.' ~ database_type ~ '.name') }}"
-_database_central_user: "{{ database_type }}"

 # Definition
-database_name:      "{{ applications | get_app_conf( database_application_id, 'database.name', false, _database_central_name ) }}"                                 # The overwritte configuration is needed by bigbluebutton
+database_name:      "{{ applications | get_app_conf( database_application_id, 'database.name', false, database_application_id | get_public_id ) }}"               # The overwritte configuration is needed by bigbluebutton
 database_instance:  "{{ _database_central_name if applications | get_app_conf(database_application_id, 'features.central_database', False) else database_name }}" # This could lead to bugs at dedicated database @todo cleanup
 database_host:      "{{ _database_central_name if applications | get_app_conf(database_application_id, 'features.central_database', False) else 'database' }}"    # This could lead to bugs at dedicated database @todo cleanup
-database_username:  "{{ applications | get_app_conf(database_application_id, 'database.username', false, _database_central_user )}}"                              # The overwritte configuration is needed by bigbluebutton
+database_username:  "{{ applications | get_app_conf(database_application_id, 'database.username', false, database_application_id | get_public_id)}}"              # The overwritte configuration is needed by bigbluebutton
 database_password:  "{{ applications | get_app_conf(database_application_id, 'credentials.database_password', true) }}"
 database_port:      "{{ ports.localhost.database[ _database_id ] }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
--- a/roles/svc-db-openldap/config/main.yml
+++ b/roles/svc-db-openldap/config/main.yml
@@ -6,7 +6,7 @@ docker:
  services:
    openldap:     
      image:      "bitnami/openldap"
-      name:       "optenldap"
+      name:       "openldap"
      version:    "latest"
  network:        "openldap"
  volumes:
--- a/roles/web-app-espocrm/config/main.yml
+++ b/roles/web-app-espocrm/config/main.yml
@@ -1,5 +1,3 @@
-images:              
-  espocrm:            "espocrm/espocrm:latest"
 features:
  matomo:             true
  css:                false
@@ -31,3 +29,9 @@ docker:
  services:
    database:
      enabled: true              
+    espocrm:
+      image:    "espocrm/espocrm"
+      version:  "latest"
+      name:     "espocrm"
+    volumes:
+      data: espocrm_data
--- a/roles/web-app-espocrm/templates/docker-compose.yml.j2
+++ b/roles/web-app-espocrm/templates/docker-compose.yml.j2
@@ -1,6 +1,7 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  web:
-    image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
+    container_name: {{ espocrm_name }}
+    image: "{{ espocrm_image }}:{{ espocrm_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
    ports:
@@ -11,7 +12,7 @@
      - data:/var/www/html

  daemon:
-    image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
+    image: "{{ espocrm_image }}:{{ espocrm_version }}"
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
@@ -21,7 +22,7 @@
      - data:/var/www/html

  websocket:
-    image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
+    image: "{{ espocrm_image }}:{{ espocrm_version }}"
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
@@ -40,5 +41,6 @@

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
+    name: {{ espocrm_volume }}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-espocrm/vars/main.yml
+++ b/roles/web-app-espocrm/vars/main.yml
@@ -1,7 +1,11 @@
-application_id:                 "espocrm"
+application_id:                 "web-app-espocrm"
 database_type:                  "mariadb"
 ws_path:                        "/ws"
 ws_port:                        "{{ ports.localhost.websocket[application_id] }}"
 client_max_body_size:           "100m"
 vhost_flavour:                  "ws_generic"
 docker_compose_flush_handlers:  true
+espocrm_version:                "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.version', True) }}"
+espocrm_image:                  "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.image', True) }}"
+espocrm_name:                   "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.name', True) }}"
+espocrm_volume:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
--- a/roles/web-app-keycloak/config/main.yml
+++ b/roles/web-app-keycloak/config/main.yml
@@ -27,6 +27,7 @@ docker:
    keycloak:
      image:    "quay.io/keycloak/keycloak"
      version:  "latest"
+      name:     "keycloak"
    database:
      enabled: true

--- a/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml
+++ b/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml
@@ -78,5 +78,5 @@

 - name: Apply SSH Public Key to user-profile via kcadm
  shell: |
-    docker exec -i {{ container_name }} \
+    docker exec -i {{ keycloak_container }} \
      /opt/keycloak/bin/kcadm.sh update realms/{{ keycloak_realm }} -f {{ keycloak_docker_import_directory }}user-profile.json
--- a/roles/web-app-keycloak/templates/import/realm.json.j2
+++ b/roles/web-app-keycloak/templates/import/realm.json.j2
@@ -517,7 +517,7 @@
        "/realms/{{ keycloak_realm }}/account/*"
      ],
      "webOrigins": [
-        "{{ domains | get_url('keycloak', web_protocol) }}"
+        "{{ domains | get_url('web-app-keycloak', web_protocol) }}"
      ],
      "notBefore": 0,
      "bearerOnly": false,
@@ -1697,7 +1697,7 @@
    "replyTo": "",
    "host": "{{system_email.host}}",
    "from": "{{ users['no-reply'].email }}",
-    "fromDisplayName": "Keycloak Authentification System - {{domains | get_domain('keycloak')}}",
+    "fromDisplayName": "Keycloak Authentification System - {{domains | get_domain('web-app-keycloak')}}",
    "envelopeFrom": "",
    "ssl": "true",
    "user": "{{ users['no-reply'].email }}"
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -1,6 +1,6 @@
-application_id:                   "keycloak"                                                                                      # Internal CyMaIS application id 
+application_id:                   "web-app-keycloak"                                                                                      # Internal CyMaIS application id 
 database_type:                    "postgres"                                                                                      # Database which will be used
-keycloak_container:               "{{ application_id }}_application"                                                              # Name of the keycloack docker container
+keycloak_container:               "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name', True) }}"      # Name of the keycloack docker container
 keycloak_host_import_directory:   "{{ docker_compose.directories.volumes }}import/"                                               # Directory in which keycloack import files are placed on the host
 keycloak_docker_import_directory: "/opt/keycloak/data/import/"                                                                    # Directory in which keycloack import files are placed in the running docker container
 keycloak_realm:                   "{{ primary_domain}}"                                                                           # This is the name of the default realm which is used by the applications
--- a/roles/web-app-mastodon/config/main.yml
+++ b/roles/web-app-mastodon/config/main.yml
@@ -28,5 +28,6 @@ docker:
    streaming: 
      image:            "ghcr.io/mastodon/mastodon-streaming"
      version:          latest
+      name:             "mastodon-streaming"
  volumes:
    data:               "mastodon_data"
--- a/roles/web-app-mastodon/tasks/main.yml
+++ b/roles/web-app-mastodon/tasks/main.yml
@@ -6,7 +6,7 @@
 - name: "Include setup for domain '{{ domain }}'"
  include_role: 
    name: srv-proxy-6-6-domain
-  loop: "{{ domains.mastodon }}"
+  loop: "{{ domains['web-app-mastodon'] }}"
  loop_control:
    loop_var: domain
  vars:
--- a/roles/web-app-mastodon/templates/docker-compose.yml.j2
+++ b/roles/web-app-mastodon/templates/docker-compose.yml.j2
@@ -24,7 +24,7 @@
    command: node ./streaming
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
    ports:
-      - "127.0.0.1:{{ports.localhost.websocket[application_id]}}:{{ container_port }}"
+      - "127.0.0.1:{{ ports.localhost.websocket[application_id] }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

@@ -37,7 +37,10 @@
    volumes:
      - data:/mastodon/public/system
    healthcheck:
-      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
+      test: ["CMD-SHELL", "pgrep -f sidekiq || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
--- a/roles/web-app-mastodon/templates/env.j2
+++ b/roles/web-app-mastodon/templates/env.j2
@@ -4,7 +4,7 @@


 LOCAL_DOMAIN={{domains | get_domain(application_id)}}
-ALTERNATE_DOMAINS="{{ domains.mastodon[1:] | join(',') }}"
+ALTERNATE_DOMAINS="{{ domains['web-app-mastodon'][1:] | join(',') }}"
 SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode', True) }}

 # Credentials
--- a/roles/web-app-mastodon/vars/main.yml
+++ b/roles/web-app-mastodon/vars/main.yml
@@ -4,8 +4,8 @@ mastodon_version:             "{{ applications | get_app_conf(application_id, 'd
 mastodon_image:               "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
 mastodon_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}"
 mastodon_volume:              "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
-mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
-mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_streaming"
+mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.streaming.version', True) }}"
+mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.streaming.image', True) }}"
+mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.streaming.name', True) }}"
 mastodon_sidekiq_name:        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq"
 mastodon_setup:               "{{ applications | get_app_conf(application_id, 'setup', True) }}"
--- a/roles/web-app-matomo/tasks/constructor.yml
+++ b/roles/web-app-matomo/tasks/constructor.yml
@@ -2,6 +2,9 @@
  include_role: 
    name: cmp-db-docker-proxy

+- name: "Update database credentials"
+  include_tasks: database.yml
+
 - name: flush docker service
  meta: flush_handlers

--- a/roles/web-app-matomo/tasks/database.yml
+++ b/roles/web-app-matomo/tasks/database.yml
@@ -0,0 +1,25 @@
+- name: Backup config.ini.php before patching
+  command: >
+    docker cp {{ matomo_name }}:{{ matomo_config }} {{ matomo_backup_file }}
+
+- name: Patch Matomo config.ini.php with updated DB credentials
+  block:
+    - name: Update DB host
+      command: >
+        docker exec --user root {{ matomo_name }}
+        sed -i "s/^host *=.*/host = {{ database_host }}/" {{ matomo_config }}
+
+    - name: Update DB name
+      command: >
+        docker exec --user root {{ matomo_name }}
+        sed -i "s/^dbname *=.*/dbname = {{ database_name }}/" {{ matomo_config }}
+
+    - name: Update DB user
+      command: >
+        docker exec --user root {{ matomo_name }}
+        sed -i "s/^username *=.*/username = {{ database_username }}/" {{ matomo_config }}
+
+    - name: Update DB password
+      command: >
+        docker exec --user root {{ matomo_name }}
+        sed -i "s/^password *=.*/password = {{ database_password }}/" {{ matomo_config }}
--- a/roles/web-app-matomo/templates/docker-compose.yml.j2
+++ b/roles/web-app-matomo/templates/docker-compose.yml.j2
@@ -1,5 +1,6 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
+    container_name:  {{ matomo_name }}
 {% set container_port = 80 %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "{{ matomo_image }}:{{ matomo_version }}"
--- a/roles/web-app-matomo/vars/main.yml
+++ b/roles/web-app-matomo/vars/main.yml
@@ -6,7 +6,10 @@ matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/ind
 matomo_auth_token:    "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}"
 matomo_version:       "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}"
 matomo_image:         "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
+matomo_name:          "{{ applications | get_app_conf(application_id, 'docker.services.matomo.name', True) }}"
 matomo_data:          "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+matomo_backup_file:   "{{ docker_compose.directories.instance }}/config.ini.php.bak"
+matomo_config:        "/var/www/html/config/config.ini.php"

 # I don't know if this is still necessary
 domain:               "{{ domains | get_domain(application_id) }}"
--- a/roles/web-app-moodle/config/main.yml
+++ b/roles/web-app-moodle/config/main.yml
@@ -1,9 +1,8 @@
 site_titel:           "Academy on {{primary_domain}}"
-version:              "4.5"                                 # Latest LTS - Necessary for OIDC
 features:
  matomo:             true
  css:                false
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  central_database:   true
  oidc:               true
 csp:
@@ -28,4 +27,12 @@ domains:
 docker:
  services:
    database:
-      enabled: true
+      enabled:        true
+    moodle:
+      version:        "4.5" # Latest LTS - Necessary for OIDC
+      image:          bitnami/moodle
+      name:           moodle
+  volumes:
+    data:             moodle_data
+    code:             moodle_code
+  
--- a/roles/web-app-moodle/tasks/database.yml
+++ b/roles/web-app-moodle/tasks/database.yml
@@ -0,0 +1,47 @@
+- name: Check if config.php exists
+  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  register: config_file_exists
+  changed_when: false
+  failed_when: false
+
+- name: Backup config.php to host
+  when: config_file_exists.rc == 0
+  block:
+    - name: Create backup directory on host
+      ansible.builtin.file:
+        path: "/opt/docker/moodle/_backup"
+        state: directory
+        mode: "0755"
+
+    - name: Copy config.php from container to host
+      command: >
+        docker cp {{ moodle_container }}:{{ moodle_config }} {{ moodle_backup_file }}
+
+- name: Check if config.php exists
+  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  register: config_file_exists
+  changed_when: false
+  failed_when: false
+
+- name: Patch Moodle config.php with updated DB credentials
+  when: config_file_exists.rc == 0
+  block:
+    - name: Update DB host
+      command: >
+        docker exec --user root {{ moodle_container }}
+        sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }}
+
+    - name: Update DB name
+      command: >
+        docker exec --user root {{ moodle_container }}
+        sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }}
+
+    - name: Update DB user
+      command: >
+        docker exec --user root {{ moodle_container }}
+        sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }}
+
+    - name: Update DB password
+      command: >
+        docker exec --user root {{ moodle_container }}
+        sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }}
--- a/roles/web-app-moodle/tasks/main.yml
+++ b/roles/web-app-moodle/tasks/main.yml
@@ -3,8 +3,14 @@
  include_role: 
    name: cmp-db-docker-proxy

+- name: "Update database credentials"
+  include_tasks: database.yml 
+
+- name: flush docker service
+  meta: flush_handlers
+
 - name: Wait until the Moodle container is healthy
-  shell: docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ container_name }}
+  shell: docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ moodle_container }}
  register: health_check
  until: health_check.stdout.strip() == "healthy"
  retries: 120
@@ -19,7 +25,7 @@

 - name: Run Moodle system check
  command: >
-    docker exec --user {{ bitnami_user }} {{ container_name }}
+    docker exec --user {{ bitnami_user }} {{ moodle_container }}
    php /opt/bitnami/moodle/admin/cli/checks.php
  register: moodle_checks
  changed_when: false
--- a/roles/web-app-moodle/tasks/oidc.yml
+++ b/roles/web-app-moodle/tasks/oidc.yml
@@ -2,7 +2,7 @@

 - name: Check if OIDC plugin is present in container
  command: >
-    docker exec --user root {{ container_name }} test -d {{ bitnami_oidc_plugin_dir }}
+    docker exec --user root {{ moodle_container }} test -d {{ bitnami_oidc_plugin_dir }}
  register: oidc_plugin_check
  ignore_errors: true
  changed_when: false
@@ -13,11 +13,11 @@
  when: oidc_plugin_check.rc != 0

 #- name: "Upgrade Moodle to apply OIDC plugin"
-#  command: "docker exec --user {{ bitnami_user }} {{ container_name }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive"
+#  command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive"
 #
 #- name: Clear Moodle cache
 #  command: >
-#    docker exec --user {{ bitnami_user }} {{ container_name }} php /opt/bitnami/moodle/admin/cli/purge_caches.php
+#    docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/purge_caches.php

 - name: "Set Moodle OIDC configuration via CLI"
  loop:
@@ -43,11 +43,11 @@
  loop_control:
    label: "{{ item.name }}"
  command: >
-    docker exec --user {{ bitnami_user }} {{ container_name }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc
+    docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc
    --name={{ item.name }} --set="{{ item.value }}"

 - name: "Enable OIDC login"
-  command: "docker exec --user {{ bitnami_user }} {{ container_name }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc"
+  command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc"

 - name: Set auth = 'oidc' for all users except guest
  shell: >
@@ -57,4 +57,4 @@
    executable: /bin/bash

 #- name: Prevent Account Creation
-#  command: docker exec --user {{ bitnami_user }} {{ container_name }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1
+#  command: docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1
--- a/roles/web-app-moodle/tasks/ownership.yml
+++ b/roles/web-app-moodle/tasks/ownership.yml
@@ -7,13 +7,13 @@
      - "{{ bitnami_data_dir }}"
  block:
    - name: Ensure ownership is correct
-      command: "docker exec --user root {{ container_name }} chown -R {{ bitnami_user_group }} {{ item }}"
+      command: "docker exec --user root {{ moodle_container }} chown -R {{ bitnami_user_group }} {{ item }}"
      loop: "{{ moodle_dirs }}"

    - name: Set directory permissions (770)
-      command: "docker exec --user root {{ container_name }} find {{ item }} -type d -exec chmod 770 {} \\;"
+      command: "docker exec --user root {{ moodle_container }} find {{ item }} -type d -exec chmod 770 {} \\;"
      loop: "{{ moodle_dirs }}"

    - name: Set file permissions (660)
-      command: "docker exec --user root {{ container_name }} find {{ item }} -type f -exec chmod 660 {} \\;"
+      command: "docker exec --user root {{ moodle_container }} find {{ item }} -type f -exec chmod 660 {} \\;"
      loop: "{{ moodle_dirs }}"
--- a/roles/web-app-moodle/templates/Dockerfile.j2
+++ b/roles/web-app-moodle/templates/Dockerfile.j2
@@ -1,10 +1,10 @@
-FROM bitnami/moodle:{{ applications | get_app_conf(application_id, 'version', True) }}
+FROM {{ moodle_image }}:{{ moodle_version }}

 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}
 RUN install_packages unzip curl jq \
 && VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \
      | jq -r '.[].name' \
-      | grep v{{ applications | get_app_conf(application_id, 'version', True) }} \
+      | grep v{{ moodle_version }} \
      | sort -Vr \
      | head -n1) \
 && echo "Using version $VERSION" \
--- a/roles/web-app-moodle/templates/docker-compose.yml.j2
+++ b/roles/web-app-moodle/templates/docker-compose.yml.j2
@@ -2,7 +2,7 @@

  moodle:
 {% set container_port = 8080 %}
-    container_name: {{ container_name }}
+    container_name: {{ moodle_container }}
    build:
      context: .
      dockerfile: Dockerfile
@@ -19,7 +19,9 @@

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  code:
+    name: {{ moodle_volume_code }}
  data:
+    name: {{ moodle_volume_data }}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
  
--- a/roles/web-app-moodle/vars/main.yml
+++ b/roles/web-app-moodle/vars/main.yml
@@ -1,11 +1,19 @@
 ---
-application_id:                 "moodle"
+application_id:                 "web-app-moodle"
 database_type:                  "mariadb"
-container_name:                 "{{ application_id }}"
 bitnami_code_link:              "/bitnami/moodle"
 bitnami_code_dir:               "/opt{{bitnami_code_link}}"
 bitnami_data_dir:               "/bitnami/moodledata"
 bitnami_oidc_plugin_dir:        "{{ bitnami_code_dir }}/auth/oidc"
 bitnami_user:                   "daemon"  
 bitnami_user_group:             "{{ bitnami_user }}:{{ bitnami_user }}"
-docker_compose_flush_handlers:  true
+
+docker_compose_flush_handlers:  false # Wait for env update
+
+moodle_backup_file:             "{{ docker_compose.directories.instance }}/config.ini.php.bak"
+moodle_config:                  "/bitnami/moodle/config.php"
+moodle_version:                 "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version', True) }}"
+moodle_image:                   "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image', True) }}"
+moodle_container:               "{{ applications | get_app_conf(application_id, 'docker.services.moodle.name', True) }}"
+moodle_volume_data:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+moodle_volume_code:             "{{ applications | get_app_conf(application_id, 'docker.volumes.code', True) }}"
--- a/roles/web-app-nextcloud/vars/plugins/sociallogin.yml
+++ b/roles/web-app-nextcloud/vars/plugins/sociallogin.yml
@@ -25,7 +25,7 @@ plugin_configuration:
    configkey: "custom_providers"
    configvalue: 
      custom_oidc:
-        - name: "{{ domains | get_domain('keycloak') }}"
+        - name: "{{ domains | get_domain('web-app-keycloak') }}"
          title: "keycloak"
          style: "keycloak"
          authorizeUrl: "{{ oidc.client.authorize_url }}"
--- a/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -2,7 +2,7 @@ http_address            =   "0.0.0.0:4180"
 cookie_secret           =   "{{ applications | get_app_conf(oauth2_proxy_application_id, 'credentials.oauth2_proxy_cookie_secret', True) }}"
 cookie_secure           =   "true"                                                                                                                                                  # True is necessary to force the cookie set via https
 upstreams               =   "http://{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.application', True) }}:{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.port', True) }}"
-cookie_domains          =   ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('keycloak') }}"]                                                   # Required so cookie can be read on all subdomains.
+cookie_domains          =   ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('web-app-keycloak') }}"]                                                   # Required so cookie can be read on all subdomains.
 whitelist_domains       =   [".{{ primary_domain }}"]                                                                                                                               # Required to allow redirection back to original requested target.

 # keycloak provider
--- a/roles/web-app-phpmyadmin/config/main.yml
+++ b/roles/web-app-phpmyadmin/config/main.yml
@@ -1,4 +1,3 @@
-version:              "latest"      # Use the latest phpmyadmin version
 autologin:            false         # This is a high security risk. Just activate this option if you know what you're doing
 oauth2_proxy:  
  port:               "80"
@@ -6,7 +5,7 @@ oauth2_proxy:
 features:
  matomo:             true
  css:                false
-  port-ui-desktop:   false   # Opens itself in a new window, when it's loaded in an iframe.
+  port-ui-desktop:    false   # Opens itself in a new window, when it's loaded in an iframe.
                              # it's anyhow not so enduser relevant, so it can be kept like this
  central_database:   true
  oauth2:             true
@@ -24,3 +23,7 @@ docker:
  services:
    database:
      enabled: true
+    phpmyadmin:
+      version:  "latest"      # Use the latest phpmyadmin version
+      name:     "phpmyadmin"
+      image:    phpmyadmin/phpmyadmin
--- a/roles/web-app-phpmyadmin/templates/docker-compose.yml.j2
+++ b/roles/web-app-phpmyadmin/templates/docker-compose.yml.j2
@@ -2,8 +2,8 @@

  application:
 {% set container_port = 80 %}
-    image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
-    container_name: phpmyadmin
+    image: "{{ phpmyadmin_image }}:{{ phpmyadmin_version }}"
+    container_name: "{{ phpmyadmin_name }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
--- a/roles/web-app-phpmyadmin/vars/main.yml
+++ b/roles/web-app-phpmyadmin/vars/main.yml
@@ -1,3 +1,6 @@
-application_id:       "phpmyadmin"
+application_id:       "web-app-phpmyadmin"
 database_type:        "mariadb"
 database_host:        "{{ applications | get_app_conf('svc-db-mariadb', 'docker.services.mariadb.name', True) if applications | get_app_conf(application_id, 'features.central_database', False)}}"
+phpmyadmin_version:   "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.version', True) }}"
+phpmyadmin_image:     "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.image', True) }}"
+phpmyadmin_name:      "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.name', True) }}"
--- a/roles/web-app-port-ui/templates/menu/applications.yml.j2
+++ b/roles/web-app-port-ui/templates/menu/applications.yml.j2
@@ -32,19 +32,19 @@ applications:
                description: Access the central admin console
                icon:
                  class: fa-solid fa-shield-halved
-                url: https://{{domains | get_domain('keycloak')}}/admin
-                iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
+                url: https://{{domains | get_domain('web-app-keycloak')}}/admin
+                iframe: {{ applications | get_app_conf( 'web-app-keycloak', 'features.port-ui-desktop', False) }}
              - name: Profile
                description: Update your personal admin settings
                icon:
                  class: fa-solid fa-user-gear
-                url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/account
-                iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
+                url: https://{{ domains | get_domain('web-app-keycloak') }}/realms/{{oidc.client.id}}/account
+                iframe: {{ applications | get_app_conf( 'web-app-keycloak', 'features.port-ui-desktop', False) }}
              - name: Logout
                description: End your admin session securely
                icon:
                  class: fa-solid fa-right-from-bracket
-                url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/protocol/openid-connect/logout
+                url: https://{{ domains | get_domain('web-app-keycloak') }}/realms/{{oidc.client.id}}/protocol/openid-connect/logout
                iframe: false

            {% endif %}
--- a/roles/web-app-port-ui/templates/menu/followus.yml.j2
+++ b/roles/web-app-port-ui/templates/menu/followus.yml.j2
@@ -31,7 +31,7 @@ followus:
          class: fa-solid fa-camera
      identifier: "{{service_provider.contact.pixelfed}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf(web-app-pixelfed,'features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-pixelfed','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
    - name: Peertube
--- a/tests/unit/filter_plugins/test_get_cymais_path.py
+++ b/tests/unit/filter_plugins/test_get_cymais_path.py
@@ -1,46 +0,0 @@
-# tests/unit/filter_plugins/test_get_cymais_path.py
-
-import unittest
-import sys
-import os
-
-# Ensure the filter_plugins directory is in the import path
-sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '../../../filter_plugins')))
-
-from get_cymais_path import get_cymais_dir, get_cymais_file
-from ansible.errors import AnsibleFilterError
-
-
-class TestGetCymaisPath(unittest.TestCase):
-    def test_valid_input(self):
-        """Test valid input with exactly one underscore"""
-        self.assertEqual(get_cymais_dir("web_app"), "web")
-        self.assertEqual(get_cymais_file("web_app"), "app")
-
-        self.assertEqual(get_cymais_dir("sys_timer"), "sys")
-        self.assertEqual(get_cymais_file("sys_timer"), "timer")
-
-    def test_invalid_no_underscore(self):
-        """Test input with no underscore raises error"""
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_dir("invalid")
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_file("invalid")
-
-    def test_invalid_multiple_underscores(self):
-        """Test input with more than one underscore raises error"""
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_dir("too_many_parts_here")
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_file("too_many_parts_here")
-
-    def test_empty_string(self):
-        """Test empty string input raises error"""
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_dir("")
-        with self.assertRaises(AnsibleFilterError):
-            get_cymais_file("")
-
-
-if __name__ == '__main__':
-    unittest.main()
--- a/tests/unit/filter_plugins/test_get_public_id.py
+++ b/tests/unit/filter_plugins/test_get_public_id.py
@@ -0,0 +1,26 @@
+import unittest
+from filter_plugins.get_public_id import FilterModule
+
+class TestGetPublicId(unittest.TestCase):
+    def setUp(self):
+        self.filter = FilterModule().filters()['get_public_id']
+
+    def test_extract_public_id(self):
+        self.assertEqual(self.filter("svc-user-abc123"), "abc123")
+        self.assertEqual(self.filter("something-simple-xyz"), "xyz")
+        self.assertEqual(self.filter("a-b-c-d-e"), "e")
+
+    def test_no_hyphen(self):
+        with self.assertRaises(ValueError):
+            self.filter("nohyphenhere")
+
+    def test_non_string_input(self):
+        with self.assertRaises(ValueError):
+            self.filter(12345)
+
+    def test_empty_string(self):
+        with self.assertRaises(ValueError):
+            self.filter("")
+
+if __name__ == '__main__':
+    unittest.main()
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	9469452275	Finalized matomo integration into new architecture	2025-07-17 12:09:20 +02:00
Kevin Veen-Birkenbach	fd8ef26b53	Solved streaming bugs	2025-07-17 09:47:08 +02:00
Kevin Veen-Birkenbach	8cda54c46e	Finished moodle adaptation to new structure	2025-07-17 09:18:24 +02:00
Kevin Veen-Birkenbach	90bc52632e	Moved web-app-phpmyadmin to new structure	2025-07-17 08:24:07 +02:00
Kevin Veen-Birkenbach	0b8d2e0b40	Solved variable bug	2025-07-17 08:22:59 +02:00
Kevin Veen-Birkenbach	40491dbc2e	Solved typos in port-ui	2025-07-17 07:54:19 +02:00
Kevin Veen-Birkenbach	fac8971982	Solved typo	2025-07-17 07:49:05 +02:00
Kevin Veen-Birkenbach	c791e86b8b	Solved discourse variable bug	2025-07-17 07:46:39 +02:00
Kevin Veen-Birkenbach	d222b55f30	Changed espocrm application id to new forma	2025-07-17 07:43:50 +02:00
Kevin Veen-Birkenbach	a04a1710d3	Changed keycloak application id	2025-07-17 07:16:38 +02:00
Kevin Veen-Birkenbach	4f06f94023	Added credentials replacement draft for matomo	2025-07-17 06:57:35 +02:00
Kevin Veen-Birkenbach	2529c7cdb3	Optimized moodle variables	2025-07-17 06:56:54 +02:00
Kevin Veen-Birkenbach	ab12a933f6	Optimized keycloak variables	2025-07-17 06:56:26 +02:00
Kevin Veen-Birkenbach	529efc0bd7	Optimized moodle variable names	2025-07-17 06:38:51 +02:00
Kevin Veen-Birkenbach	725fea1169	Solved database credentials bug	2025-07-17 06:32:53 +02:00
Kevin Veen-Birkenbach	84322f81ef	Implemented draft for auto database credentials change moodle	2025-07-17 06:31:55 +02:00