The defaults file of the keycloak role contains a undefined variable
'database' which should actually be part of the string / path of the
pass file.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>

This separates the creation of installation and data directories and
applies SELinux context to the data directories on creation. This fixes
a bug on first time run of the playbook where the run would succeed,
but the services would fail since they can't access the mounted dirs.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>

Right now this option causes more problems than it's worth, sadly. Have 
to find another solution later

Pretty much since I run Nextcloud in a container this happened over and
over again, but I was simply to lazy to fix it permanently. Apps
disappeared from Nextcloud as soon as you would run `docker-compose down`

This was due to the wron mapping of the apps folder and therefore
persisting the standard apps that Nextcloud comes with instead of the
ones you download from the nextcloud app store.

Important: The app data always stays around, so after reinstalling the
apps, things work fine again.

This patch fixes the problem permanently by fixing the mapping of the
apps folder to `/var/www/html/custom_apps` instead of
`/var/www/html/apps`, which is the actual location for those
non-standard apps.

Note: This is a breaking change. It might won't break your setup, but
you should still empty the apps directory before deploying it.

Having the backup inside a blog will allow it be completed/progressed
independent from other hosts. This should improve the failsafety of the
backup process.

With 7.0.1 suddenly user uploaded scripts no longer work. Long term
solution is to properly build a script plugin for keycloak, for now this
workaround works fine.

According to the Nextcloud documentation it's now recommended to run the
cronjob every 5[1] instead of every 15[2] minutes.

This patch implements this change and makes Nextcloud happy agian.

It seems like since Nextcloud 17 this causes an error message, even when
it's recommend since version 15.

[1]: https://docs.nextcloud.com/server/17/admin_manual/configuration_server/background_jobs_configuration.html#cron

[2]: https://docs.nextcloud.com/server/14/admin_manual/configuration_server/background_jobs_configuration.html#cron

In order to use custom themes properly, the welcome theme option is
required.

Since themes need to be integrated into the image, it's sometimes
required to use a different image for keycloak than the official one.

This patch allows to specify another image that allows to use different
themes than the two default ones.

To simplify future development, images moved to an own organization
on quay.io. This patch represents the needed change for the mastodon
role.

As it turns out, it's rather annoying to set all users enabled after the
first login. This change disabled the blocking of new users by default
and makes it easier to handle them.

This feature isn't meant to be enabled by default, therefore this change
removed it from the default settings and makes it a comment that can be
used in group_vars as template to set it up.

Right now saml is only setup to be used as an addition login provider.
This patch allows to setup `autologin` for saml, which will
automatically redirect users to the SAML provider instead of showing the
regular login screen, when they click on "Sign In".

This removes another click from visiting the page, to being logged in.

Gitlab allows to create and reply to issues and even to create merge
requests via email, when an imap connection is configured. This patch
adds the needed variables and templates to the gitlab role but optional.

Currently traefik doesn't see public IPv6 addresses due to docker proxy
and it's work on published ports.

This patch adds a new network for IPv6 traffic which is routed
publically. Therefore traefik should now see incoming traffic properly
on IPv6. Main problem: now there needs to be a separate hostname for
traefik in order to manage IPv4 and IPv6 traffic just for this
container.

The IPv4 address will stay identical to the host's IPv4 address.

A while ago a bug in the container, prevented it from running properly.
Therefore this repository was sticking with a unbroken version. After
re-checking today, it turned out they fixed it.

This patch switches back to latest version again, since minio has close
to daily releases which is hard to keep up with, while the core
functionality only has minor changes.

This change adds the regular ssh-hardening role from dev-sec.io.

This provides some additional SSH hardening.

`/tmp` is used to store uploaded images for a moment. This patch
increases the size to allow proper images to be uploaded.

This patch prevents traefik from falling back to insecure SSLv3.