dockerbob: Set to http protocol

Can be set globally ('protocol: http://') or per stack.
Defaults to empty which caddy treats as https.

ansible/inventory

@@ -1,6 +0,0 @@
-[host_system]
-bob ansible_ssh_private_key_file=~/.ssh/keys/bob
-
-[instance_system]
-#ansibletest ansible_connection=docker
-dockerbob ansible_connection=community.general.incus ansible_incus_remote=bob

ansible/roles/arr/defaults/main.yml

@@ -1,14 +0,0 @@
----
-
-arrstack_env_dir: /opt/arrstack
-
-arrstack_serve_dir: /srv
-arrstack_serve_dir_create: true
-
-arrstack_puid: 1000
-arrstack_pgid: 100
-arrstack_tz: America/Chicago
-arrstack_umask_set: 022
-
-# arrstack_mb_user: Musicbrainz-user
-# arrstack_mb_pass: Musicbrainz-password

ansible/roles/paperless/handlers/main.yml

@@ -1,2 +0,0 @@
----
-# handlers file for paperless

ansible/roles/paperless/vars/main.yml

@@ -1,2 +0,0 @@
----
-# vars file for paperless

arr/arr.yml

@@ -1,172 +0,0 @@
-version: "3"
-services:
-  sonarr:
-    container_name: sonarr
-    image: lscr.io/linuxserver/sonarr:latest
-    ports:
-      - 8989:8989
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-    volumes:
-      - "./config/sonarr:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH:/data"
-    restart: unless-stopped
-  radarr:
-    container_name: radarr
-    image: lscr.io/linuxserver/radarr:latest
-    ports:
-      - 7878:7878
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-    volumes:
-      - "./config/radarr:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH:/data"
-    restart: unless-stopped
-  lidarr:
-    container_name: lidarr
-    image: lscr.io/linuxserver/lidarr:latest
-    ports:
-      - 8686:8686
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-      - DOCKER_MODS=linuxserver/mods:universal-docker
-    volumes:
-      - "./config/lidarr:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH:/data"
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-    restart: unless-stopped
-  readarr:
-    container_name: readarr
-    image: lscr.io/linuxserver/readarr:develop
-    ports:
-      - 8787:8787
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-    volumes:
-      - "./config/readarr:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH:/data"
-    restart: unless-stopped
-  prowlarr:
-    container_name: prowlarr
-    image: lscr.io/linuxserver/prowlarr:develop
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-    volumes:
-      - "./config/prowlarr:/config"
-    ports:
-      - 9696:9696
-    restart: unless-stopped
-  sabnzbd:
-    container_name: sabnzbd
-    image: lscr.io/linuxserver/sabnzbd:latest
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - TZ=${TZ}
-    volumes:
-      - "./config/sabnzbd:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/usenet:/data/usenet:rw"
-    ports:
-      - 8080:8080
-    restart: unless-stopped
-  pia-qbittorrent:
-    image: j4ym0/pia-qbittorrent
-    container_name: pia-qbittorrent
-    cap_add:
-      - NET_ADMIN
-    environment:
-      - UID=${PUID}
-      - GID=${PGID}
-      - TZ=${TZ}
-      - REGION=Netherlands
-      - USER=${PIA_USER}
-      - PASSWORD=${PIA_PASS}
-    volumes:
-      - "./config/piaqbit:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/torrent:/downloads:rw"
-    ports:
-      - "8888:8888"
-    restart: unless-stopped
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    container_name: jellyfin
-    environment:
-      - PUID={$PUID}
-      - PGID={$PGID}
-      - TZ=${TZ}
-      #- JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
-    volumes:
-      - ".config/jellyfin:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/media:/data"
-    ports:
-      - 8096:8096
-      - 7359:7359/udp #optional - network discovery
-      - 1900:1900/udp #optional - dlna discovery
-    restart: unless-stopped
-  audiobookshelf:
-    container_name: audiobookshelf
-    image: ghcr.io/advplyr/audiobookshelf:latest
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - UMASK_SET=022
-      - TZ=${TZ}
-    ports:
-      - 13378:80
-    volumes:
-      - "CHANGE_TO_COMPOSE_DATA_PATH/media/audio/books:/audiobooks"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/media/audio/podcasts:/podcasts"
-      - ".config/audiobookshelf:/config"
-      - ".metadata/audiobookshelf:/metadata"
-    restart: unless-stopped
-  jellyseerr:
-    image: fallenbagel/jellyseerr:latest
-    container_name: jellyseerr
-    environment:
-      - TZ=${TZ}
-    ports:
-      - 5055:5055
-    volumes:
-      - "./config/jellyseerr:/app/config"
-    restart: unless-stopped
-  beets:
-    image: lscr.io/linuxserver/beets:latest
-    container_name: beets
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - TZ=${TZ}
-    volumes:
-      - "./config/beets:/config"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/media/audio/music:/music"
-      - "CHANGE_TO_COMPOSE_DATA_PATH/media/audio/music-unsorted:/downloads"
-      - "CHANGE_TO_COMPOSE_DATA_PATH:/data"
-    ports:
-      - 8337:8337
-    restart: unless-stopped
-  homarr:
-    image: ghcr.io/ajnart/homarr:latest
-    container_name: homarr
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
-      - ./config/homarr/configs:/app/data/configs
-      - ./config/homarr/icons:/app/public/icons
-      - ./config/homarr/data:/data
-    ports:
-      - '80:7575'
-    restart: unless-stopped

group_vars/instance_system/vars.yaml

@@ -1,4 +1,8 @@
-arrstack_tz: Europe/Berlin
-stack_paperless_tz: Europe/Berlin
+---
+
+timezone: Europe/Berlin
+domain: pichi.berlin
+protocol: http://
+
 stack_paperless_ocr_language: deu+eng
 stack_paperless_ocr_languages: eng deu frk

inventory

@@ -0,0 +1,13 @@
+host_system:
+  hosts:
+    bob:
+      ansible_ssh_private_key_file: ~/.ssh/keys/bob
+      ansible_become_pass: "{{ lookup('community.general.passwordstore', 'hosting/ansible/bob/sudo-password') }}"
+
+instance_system:
+  #ansibletest:
+  # ansible_connection: docker
+  hosts:
+    dockerbob:
+      ansible_connection: community.general.incus
+      ansible_incus_remote: bob

playbook.yaml

@@ -32,6 +32,8 @@
 
 - name: Prepare all docker hosted containers
   hosts: instance_system
+  tags:
+    - containers
   tasks:
     - name: Set up Caddy stack
       ansible.builtin.import_role:
@@ -47,3 +49,8 @@
       ansible.builtin.import_role:
         name: paperless
       tags: paperless
+
+    - name: Set up Grocy stack
+      ansible.builtin.import_role:
+        name: grocy
+      tags: grocy

roles/arr/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+
+# inherited from global
+arrstack_protocol: "{{ protocol | default('')}}"
+arrstack_sonarr_subdomain: "{{ arrstack_protocol }}sonarr.{{ domain | default('example.org') }}"
+arrstack_radarr_subdomain: "{{ arrstack_protocol }}radarr.{{ domain | default('example.org') }}"
+arrstack_lidarr_subdomain: "{{ arrstack_protocol }}lidarr.{{ domain | default('example.org') }}"
+arrstack_readarr_subdomain: "{{ arrstack_protocol }}readarr.{{ domain | default('example.org') }}"
+arrstack_prowlarr_subdomain: "{{ arrstack_protocol }}prowlarr.{{ domain | default('example.org') }}"
+arrstack_beets_subdomain: "{{ arrstack_protocol }}beets.{{ domain | default('example.org') }}"
+arrstack_sabnzbd_subdomain: "{{ arrstack_protocol }}usenet.{{ domain | default('example.org') }}"
+arrstack_qbit_subdomain:  "{{ arrstack_protocol }}torrent.{{ domain | default('example.org') }}"
+arrstack_jellyseerr_subdomain: "{{ arrstack_protocol }}get.{{ domain | default('example.org') }}"
+arrstack_jellyfin_subdomain: "{{ arrstack_protocol }}media.{{ domain | default('example.org') }}"
+arrstack_audiobookshelf_subdomain: "{{ arrstack_protocol }}books.{{ domain | default('example.org') }}"
+arrstack_gonic_subdomain:  "{{ arrstack_protocol }}music.{{ domain | default('example.org') }}"
+arrstack_homarr_subdomain: "{{ arrstack_protocol }}{{ domain | default('example.org') }}"
+arrstack_tz: "{{ timezone | default('America/Chicago') }}"
+arrstack_puid: "{{ puid | default(1000) }}"
+arrstack_pgid: "{{ pgid | default(100) }}"
+arrstack_umask_set: "{{ umask_set | default('022') }}"
+
+arrstack_env_dir: /opt/arrstack
+arrstack_serve_dir: /srv
+arrstack_serve_dir_create: true
+
+# arrstack_mb_user: Musicbrainz-user
+# arrstack_mb_pass: Musicbrainz-password
+
+# TODO: add commented version of remaining required vars (qbit, vpn)

roles/arr/tasks/main.yml

@@ -10,7 +10,7 @@
 - name: Create Arr stack data directory
   ansible.builtin.file:
     state: directory
-    path: "{{ arrstack_data_dir }}/{{ item }}"
+    path: "{{ arrstack_serve_dir }}/{{ item }}"
     owner: "{{ arrstack_puid }}"
     group: "{{ arrstack_pgid }}"
     mode: 0770

roles/arr/templates/docker-compose.yaml.j2

@@ -16,7 +16,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/torrent:/data/torrent"
     restart: unless-stopped
     labels:
-      caddy: "http://sonarr.pichi.berlin"
+      caddy: "{{ arrstack_sonarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8989{{ '}}'}}"
 
   radarr:
@@ -36,7 +36,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/torrent:/data/torrent"
     restart: unless-stopped
     labels:
-      caddy: "http://radarr.pichi.berlin"
+      caddy: "{{ arrstack_radarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 7878{{ '}}'}}"
 
   lidarr:
@@ -61,7 +61,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/torrent:/data/torrent"
     restart: unless-stopped
     labels:
-      caddy: "http://lidarr.pichi.berlin"
+      caddy: "{{ arrstack_lidarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8686{{ '}}'}}"
 
   readarr:
@@ -81,7 +81,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/torrent:/data/torrent"
     restart: unless-stopped
     labels:
-      caddy: "http://readarr.pichi.berlin"
+      caddy: "{{ arrstack_readarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8787{{ '}}'}}"
 
   prowlarr:
@@ -98,7 +98,7 @@ services:
       - "{{ arrstack_env_dir }}/config/prowlarr:/config"
     restart: unless-stopped
     labels:
-      caddy: "http://prowlarr.pichi.berlin"
+      caddy: "{{ arrstack_prowlarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 9696{{ '}}'}}"
 
   beets:
@@ -119,7 +119,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/music-unsorted:/downloads"
     restart: unless-stopped
     labels:
-      caddy: "http://prowlarr.pichi.berlin"
+      caddy: "{{ arrstack_beets_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8337{{ '}}'}}"
 
   sabnzbd:
@@ -137,7 +137,7 @@ services:
       - "{{ arrstack_serve_dir }}/files/usenet:/data/usenet:rw"
     restart: unless-stopped
     labels:
-      caddy: "http://usenet.pichi.berlin"
+      caddy: "{{ arrstack_sabnzbd_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8080{{ '}}'}}"
 
   vpn:
@@ -172,7 +172,7 @@ services:
     #  - 8000:8000  # gluetun http control
     restart: unless-stopped
     labels:
-      caddy: "http://torrent.pichi.berlin"
+      caddy: "{{ arrstack_qbit_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8888{{ '}}'}}"
   qbittorrent:
     image: linuxserver/qbittorrent
@@ -241,7 +241,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
     restart: unless-stopped
     labels:
-      caddy: "http://pichi.berlin"
+      caddy: "{{ arrstack_homarr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 7575{{ '}}'}}"
 
   jellyseerr:
@@ -258,7 +258,7 @@ services:
       - "{{ arrstack_env_dir }}/config/jellyseerr:/app/config"
     restart: unless-stopped
     labels:
-      caddy: "http://get.pichi.berlin"
+      caddy: "{{ arrstack_jellyseerr_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 5055{{ '}}'}}"
 
   audiobookshelf:
@@ -278,7 +278,7 @@ services:
       # - "{{ arrstack_serve_dir }}/media/podcasts:/podcasts" # TODO: If integrating podcasts
     restart: unless-stopped
     labels:
-      caddy: "http://books.pichi.berlin"
+      caddy: "{{ arrstack_audiobookshelf_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}"
 
   jellyfin:
@@ -306,7 +306,7 @@ services:
       - 1900:1900/udp #optional - dlna discovery
     restart: unless-stopped
     labels:
-      caddy: "http://media.pichi.berlin"
+      caddy: "{{ arrstack_jellyfin_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8096{{ '}}'}}"
 
   gonic:
@@ -325,7 +325,7 @@ services:
       - "/srv/media/podcasts:/podcasts"
         #- /path/to/cache:/cache # transcode / covers / etc cache dir
     labels:
-      caddy: "http://music.pichi.berlin"
+      caddy: "{{ arrstack_gonic_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}"
 
 

roles/grocy/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+# inherited from global
+stack_grocy_protocol: "{{ protocol | default('')}}"
+stack_grocy_subdomain: "{{ stack_grocy_protocol }}house.{{ domain | default('example.org') }}"
+stack_grocy_tz: "{{ timezone | default('America/Chicago') }}"
+stack_grocy_puid: "{{ puid | default(1000) }}"
+stack_grocy_pgid: "{{ pgid | default(100) }}"
+stack_grocy_umask_set: "{{ umask_set | default('022') }}"
+
+stack_grocy_env_dir: /opt/stack_grocy
+

roles/grocy/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Create grocy stack environment directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ stack_grocy_env_dir }}"
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Start the compose stack
+  community.docker.docker_compose_v2:
+    project_name: stack_grocy
+    definition: "{{ lookup('template', 'docker-compose.yaml.j2') | from_yaml }}"
+    remove_orphans: true
+    wait: true
+    wait_timeout: 60

roles/grocy/templates/docker-compose.yaml.j2

@@ -0,0 +1,24 @@
+services:
+  sonarr:
+    container_name: grocy
+    image: lscr.io/linuxserver/grocy:latest
+    networks:
+      - caddy
+    environment:
+      - PUID={{ stack_grocy_puid }}
+      - PGID={{ stack_grocy_pgid }}
+      - TZ={{ stack_grocy_tz }}
+      - UMASK_SET={{ stack_grocy_umask_set }}
+    volumes:
+      - "{{ arrstack_env_dir }}/config/grocy:/config"
+    restart: unless-stopped
+    labels:
+      caddy: "{{ stack_grocy_subdomain }}"
+      caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}"
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}

roles/grocy/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - grocy

roles/paperless/README.md

@@ -0,0 +1,46 @@
+Role Name
+=========
+
+Set up a docker-hosted paperless-ngx instance.
+
+Requirements
+------------
+
+The target server needs to be running a reasonably recent version of docker,
+which contains the `docker compose` (_not_ `docker-compose`) sub-command.
+
+Role Variables
+--------------
+
+All relevant variables reside in `defaults/main.yml`.
+<!-- TODO: Describe variables -->
+
+Dependencies
+------------
+
+Relies on the `caddy` role to be executed for caddy to pick up the container and proxy to it.
+
+Example Playbook
+----------------
+
+The role can easily be set up in the following way to deploy to any server:
+
+    - hosts: servers
+      roles:
+         - role: paperless
+
+An example scanning script is included which I wrote for my old printer and allows (relatively) rapid scanning by pushing a button,
+and automatically merging and sending the files to the consume folder.
+
+This will need to be adjusted for wherever you watch for the documents,
+but is a simple example of how it could be integrated into a scanning workflow.
+
+License
+-------
+
+MIT
+
+Author Information
+------------------
+
+Copyright (c) 2025 Marty Oehme. All Rights Reserved.

roles/paperless/defaults/main.yml

@@ -1,13 +1,16 @@
 ---
 
-stack_paperless_env_dir: /opt/stack_paperless
-stack_paperless_puid: 1000
-stack_paperless_pgid: 100
+# inherited from global
+stack_paperless_protocol: "{{ protocol | default('')}}"
+stack_paperless_subdomain: "{{ stack_paperless_protocol }}documents.{{ domain | default('example.org') }}"
+stack_paperless_tz: "{{ timezone | default('America/Chicago') }}"
+stack_paperless_puid: "{{ puid | default(1000) }}"
+stack_paperless_pgid: "{{ pgid | default(100) }}"
 
+stack_paperless_env_dir: /opt/stack_paperless
 stack_paperless_serve_dir: /srv
 stack_paperless_serve_dir_create: true
 
-stack_paperless_tz: America/Chicago
 stack_paperless_ocr_language: eng # default OCR languages
 stack_paperless_ocr_languages: eng deu frk # ALL installed languages
 stack_paperless_ocr_skip_archive_file: with_text

roles/paperless/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/paperless/scripts/scantopaperless.sh

@@ -24,5 +24,5 @@ if ! stat -t out*.png >/dev/null 2>&1; then
 fi
 
 magick out*.png out.pdf
-mv out.pdf "$HOME/documents/archive/consume/$(date +'%Y-%m-%dT%H-%M')_scan.pdf"
+mv out.pdf "$HOME/documents/consume/$(date +'%Y-%m-%dT%H-%M')_scan.pdf"
 rm out*.png

roles/paperless/templates/docker-compose.yaml.j2

@@ -34,7 +34,7 @@ services:
       - "PAPERLESS_ADMIN_USER={{ stack_paperless_admin_user }}"
       - "PAPERLESS_ADMIN_PASSWORD={{ stack_paperless_admin_password }}"
     labels:
-      caddy: "http://documents.pichi.berlin"
+      caddy: "{{ stack_paperless_subdomain }}"
       caddy.reverse_proxy: "{{ '{{' }}upstreams 8000{{ '}}'}}"
 
   paperless-postgres:

roles/paperless/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+