Update Nextcloud major version to 29

Only update docker when run explicitly
Docker should only be updated when run explicitly as it currently requires a re-run of the complete playbook afterwards (does not work for single-tag deployments e.g.) since it will recreate caddy container and lose all reverse proxy information.
2024-06-27 18:23:35 +02:00 · 2024-06-27 18:23:15 +02:00 · 2024-06-25 12:20:46 +02:00 · 2024-06-24 22:02:39 +02:00 · 2024-06-24 20:51:40 +02:00 · 2024-06-24 20:50:58 +02:00
84 changed files with 302 additions and 244 deletions
--- a/README.md
+++ b/README.md
@ -12,7 +12,7 @@ vagrant plugin install vagrant-hosts vagrant-hostsupdater
 ```
 Additionally, since the test setup mirrors the production setup in that it makes use of subdomains for the individual hosted applications,
-the server needs to be reachable under a domain name, 
+the server needs to be reachable under a domain name,
 not just an IP address.
 For now this is most simply accomplished through editing the hosts file, e.g.:
@ -23,21 +23,20 @@ For now this is most simply accomplished through editing the hosts file, e.g.:
 ```
 This will allow you to reach the main domain under `http(s)://ansible.test` and sets up two subdomains that can be reached.
-Be aware that the hosts file does not support subdomain wildcards. 
+Be aware that the hosts file does not support subdomain wildcards.
-You will have to specify each hostname individually or use a tool such as `dnsmasq`. 
+You will have to specify each hostname individually or use a tool such as `dnsmasq`.
 Read more [here](https://serverfault.com/questions/118378/in-my-etc-hosts-file-on-linux-osx-how-do-i-do-a-wildcard-subdomain).
-Then you are ready to run the complete infrastructure setup locally, 
+Then you are ready to run the complete infrastructure setup locally,
 simply by executing `ansible-playbook site.yml`.
 You can of course pick and choose what should be executed with host limits, tags, group variables, and so on,
 but this should provide an easy way to see if a) the playbook is working as intended and b) what it does is useful.
 ## Deployment
 Most variables to be changed should be set either through `group_variables` or `host_variables`.
 For my deployment I have a `production` group under `group_variables` which houses both a `vars.yml` containing basic variables
-(like `server_domain`, `caddy_email`, etc.) 
+(like `server_domain`, `caddy_email`, etc.)
 and a `vault.yml` which houses everything that should ideally not be lying around in plain-text
 (individual container and database passwords for the various roles etc).
--- a/group_vars/testing.yml
+++ b/group_vars/testing.yml
@ -1,22 +1,21 @@
 ---
 docker_swarm_advertise_addr: eth1
 caddy_use_debug: yes
 caddy_tls_use_staging: yes
-blog_use_https:        no
+blog_use_https: no
-caddy_use_https:       no
+caddy_use_https: no
-forgejo_use_https:     no
+forgejo_use_https: no
 landingpage_use_https: no
-miniflux_use_https:    no
+miniflux_use_https: no
-monica_use_https:      no
+monica_use_https: no
-nextcloud_use_https:   no
+nextcloud_use_https: no
-ntfy_use_https:        no
+ntfy_use_https: no
-searx_use_https:       no
+searx_use_https: no
-shaarli_use_https:     no
+shaarli_use_https: no
-traggo_use_https:      no
+traggo_use_https: no
-wallabag_use_https:    no
+wallabag_use_https: no
-whoami_use_https:      no
+whoami_use_https: no
 server_domain: ansible.test
--- a/roles/caddy/README.md
+++ b/roles/caddy/README.md
@ -1,7 +1,7 @@
-# Caddy 
+# Caddy
 Caddy is the reverse proxy for all other services running on the infrastructure.
-It was chosen for its relative ease of use, 
+It was chosen for its relative ease of use,
 interactible API and https-by-default setup.
 ## Variables
@ -48,28 +48,27 @@ caddy_version: alpine
 Sets the docker image version to be used.
 ## Internal variables
 ```yaml
 caddy_stack:
-    name: caddy
+  name: caddy
-    compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
+  compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
 ```
-Defines the actual docker stack which will later run on the target. 
+Defines the actual docker stack which will later run on the target.
-The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- 
+The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) ---
 though to be clear there is no intention currently to expose the caddy to the web at the moment.\
-The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, 
+The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file,
 or directly here like the following:
 ```yaml
-    compose: 
+compose:
-      - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
+  - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
-      - version: '3'
+  - version: "3"
-        services:
+    services:
-          another-container:
+      another-container:
-            image: nginx:latest
+        image: nginx:latest
 #           ...
 ```
--- a/roles/caddy/defaults/main.yml
+++ b/roles/caddy/defaults/main.yml
@ -1,6 +1,5 @@
 ---
-
+caddy_version: 2.8.4-alpine # tag exact version to avoid suprising container renewals
 caddy_version: alpine
 caddy_caddyfile_dir: "{{ docker_stack_files_dir }}/caddy"
 caddy_use_debug: no
--- a/roles/caddy/meta/main.yml
+++ b/roles/caddy/meta/main.yml
@ -1,5 +1,3 @@
 ---
 dependencies:
  - docker
  - docker-swarm
--- a/roles/caddy/vars/main.yml
+++ b/roles/caddy/vars/main.yml
@ -1,5 +1,4 @@
 ---
 caddy_stack:
  name: caddy
  compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
--- a/roles/caddy_id/README.md
+++ b/roles/caddy_id/README.md
@ -1,7 +1,7 @@
-# Caddy 
+# Caddy
 Caddy is the reverse proxy for all other services running on the infrastructure.
-It was chosen for its relative ease of use, 
+It was chosen for its relative ease of use,
 interactible API and https-by-default setup.
 ## Variables
@ -48,28 +48,27 @@ caddy_version: alpine
 Sets the docker image version to be used.
 ## Internal variables
 ```yaml
 caddy_stack:
-    name: caddy
+  name: caddy
-    compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
+  compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
 ```
-Defines the actual docker stack which will later run on the target. 
+Defines the actual docker stack which will later run on the target.
-The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) --- 
+The name can be changed and will be used as a proxy target (`caddy.mydomain.com` or `192.168.1.1/caddy`) ---
 though to be clear there is no intention currently to expose the caddy to the web at the moment.\
-The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file, 
+The compose option defines which template to use for the `docker-stack.yml` file. You can either change options for the stack in the template file,
 or directly here like the following:
 ```yaml
-    compose: 
+compose:
-      - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
+  - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
-      - version: '3'
+  - version: "3"
-        services:
+    services:
-          another-container:
+      another-container:
-            image: nginx:latest
+        image: nginx:latest
 #           ...
 ```
--- a/roles/caddy_id/meta/main.yml
+++ b/roles/caddy_id/meta/main.yml
@ -1,5 +1,3 @@
 ---
 dependencies:
  - docker
  - docker-swarm
--- a/roles/diun/README.md
+++ b/roles/diun/README.md
@ -0,0 +1,5 @@
 # diun
 Monitor the deployed swarm containers for updates.
 Will notify you when it found any update for any container.
 Can (currently) notify you either through mail or on matrix.
--- a/roles/diun/defaults/main.yml
+++ b/roles/diun/defaults/main.yml
@ -0,0 +1,26 @@
 ---
 diun_version: 4
 diun_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
 diun_use_https: true
 # the subdomain link diun will be reachable under
 subdomain_alias: diun
 diun_tz: Europe/Berlin
 diun_log_level: info
 diun_watch_swarm_by_default: true
 diun_notif_mail_host: localhost
 diun_notif_mail_port: 25
 # diun_notif_mail_username: required for mail
 # diun_notif_mail_password: required for mail
 # diun_notif_mail_from: required for mail
 # diun_notif_mail_to: required for mail
 diun_notif_matrix_url: "https://matrix.org"
 #diun_notif_matrix_user:  required for matrix
 #diun_notif_matrix_password:  required for matrix
 #diun_notif_matrix_roomid:  required for matrix
--- a/roles/diun/meta/main.yml
+++ b/roles/diun/meta/main.yml
@ -0,0 +1,10 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Notify on any docker swarm container updates
  license: GPL-3.0-only
  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker-swarm
--- a/roles/diun/tasks/main.yml
+++ b/roles/diun/tasks/main.yml
@ -0,0 +1,12 @@
 ---
 ## install diun container
 - name: Deploy diun to swarm
  community.general.docker_stack:
    name: "{{ stack_name }}"
    state: present
    prune: yes
    compose:
      - "{{ stack_compose }}"
  become: true
  tags:
    - docker-swarm
--- a/roles/diun/templates/docker-stack.yml.j2
+++ b/roles/diun/templates/docker-stack.yml.j2
@ -0,0 +1,51 @@
 version: '3.4'
 services:
  app:
    image: crazymax/diun:latest
    # healthcheck:
    #   test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"]
    #   interval: 1m
    #   timeout: 10s
    #   retries: 3
    #   start_period: 1m
    command: serve
    volumes:
      - "data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - "TZ={{ diun_tz }}"
      - "LOG_LEVEL={{ diun_log_level }}"
      - "LOG_JSON=false"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_SWARM=true"
      - "DIUN_PROVIDERS_SWARM_WATCHBYDEFAULT={{ diun_watch_swarm_by_default }}"
 {% if diun_notif_matrix_user is not undefined and not None and diun_notif_matrix_password is not undefined and not None and diun_notif_matrix_roomid is not undefined and not None %}
      - "DIUN_NOTIF_MATRIX_HOMESERVERURL={{ diun_notif_matrix_url }}"
      - "DIUN_NOTIF_MATRIX_USER={{ diun_notif_matrix_user }}"
      - "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_notif_matrix_password }}"
      - "DIUN_NOTIF_MATRIX_ROOMID={{ diun_notif_matrix_roomid }}"
 {% endif %}
 {% if diun_notif_mail_username is not undefined and not None and diun_notif_mail_password is not undefined and not None and diun_notif_mail_from is not undefined and not None and diun_notif_mail_to is not undefined and not None %}
      - "DIUN_NOTIF_MAIL_HOST={{ diun_notif_mail_host }}"
      - "DIUN_NOTIF_MAIL_PORT={{ diun_notif_mail_port }}"
      - "DIUN_NOTIF_MAIL_USERNAME={{ diun_notif_mail_username }}"
      - "DIUN_NOTIF_MAIL_PASSWORD={{ diun_notif_mail_password }}"
      - "DIUN_NOTIF_MAIL_FROM={{ diun_notif_mail_from }}"
      - "DIUN_NOTIF_MAIL_TO={{ diun_notif_mail_to }}"
 {% endif %}
 #    deploy:
 #      mode: replicated
 #      replicas: 1
 #      placement:
 #        constraints:
 #          - node.role == manager
 volumes:
  data:
 networks:
  "{{ docker_swarm_public_network_name }}":
    external: true
--- a/roles/diun/vars/main.yml
+++ b/roles/diun/vars/main.yml
@ -0,0 +1,6 @@
 ---
 stack_name: diun
 stack_image: "crazymax/diun"
 stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
--- a/roles/docker-swarm/defaults/main.yml
+++ b/roles/docker-swarm/defaults/main.yml
@ -1,5 +1,3 @@
 ---
 docker_stack_files_dir: /stacks
 docker_swarm_public_network_name: public
--- a/roles/docker-swarm/meta/main.yml
+++ b/roles/docker-swarm/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - docker
--- a/roles/docker-swarm/tasks/main.yml
+++ b/roles/docker-swarm/tasks/main.yml
@ -28,7 +28,7 @@
  ansible.builtin.file:
    path: "{{ docker_stack_files_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
-  tags: 
+  tags:
    - fs
--- a/roles/docker/tasks/Ubuntu.yml
+++ b/roles/docker/tasks/Ubuntu.yml
@ -30,7 +30,18 @@
    - repository
  become: true
- name: Ensure latest docker-ce installed
+- name: docker-ce is installed
  ansible.builtin.package:
    name: "{{ packages }}"
    state: present
  tags:
    - apt
    - download
    - packages
  become: true
  notify: Handle docker daemon
 - name: Latest docker-ce is installed
  ansible.builtin.package:
    name: "{{ packages }}"
    state: latest
@ -38,6 +49,8 @@
    - apt
    - download
    - packages
    - docker
    - never
  become: true
  notify: Handle docker daemon
--- a/roles/forgejo/README.md
+++ b/roles/forgejo/README.md
@ -26,8 +26,8 @@ The docker image version to be used in stack creation.
 subdomain_alias: git
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `git.yourdomain.com` - 
+By default, it will be set to `git.yourdomain.com` -
 if this option is not set it will be served on `forgejo.yourdomain.com` instead.
 For now forgejo will still need to be initially set up after installation.
--- a/roles/forgejo/defaults/main.yml
+++ b/roles/forgejo/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 forgejo_version: 7
 forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@ -30,3 +29,6 @@ forgejo_use_ci: false
 # forgejo_ci_gitlab_secret:
 # forgejo_ci_forgejo_client:
 # forgejo_ci_forgejo_secret:
 # forgejo_ci_gitea_url:
 # forgejo_ci_gitea_client:
 # forgejo_ci_gitea_secret:
--- a/roles/forgejo/meta/main.yml
+++ b/roles/forgejo/meta/main.yml
@ -1,15 +1,15 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Light-weight git hosting
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
  platforms:
    - name: GenericLinux
-      versions: all
+      versions:
-  
+        - all
 dependencies:
  - docker
  - docker-swarm
  - caddy_id
--- a/roles/forgejo/tasks/Ubuntu.yml
+++ b/roles/forgejo/tasks/Ubuntu.yml
@ -9,4 +9,3 @@
    - apt
    - download
    - packages
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@ -36,7 +36,7 @@
  ansible.builtin.file:
    path: "/app/forgejo/"
    state: directory
-    mode: '0770'
+    mode: "0770"
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
  become: true
@ -47,7 +47,7 @@
    dest: "/app/forgejo/forgejo"
    owner: "{{ git_user['uid'] }}"
    group: "{{ git_user['group'] }}"
-    mode: '0750'
+    mode: "0750"
  become: true
 - name: Host machine forgejo command points to passthrough command
--- a/roles/forgejo/templates/docker-stack.yml.j2
+++ b/roles/forgejo/templates/docker-stack.yml.j2
@ -81,8 +81,8 @@ services:
 {% endif %}
 {% if forgejo_ci_gitlab_client is not undefined and not None and forgejo_ci_gitlab_secret is not undefined and not None %}
      - WOODPECKER_GITLAB=true
-      - WOODPECKER_gitlab_CLIENT={{ forgejo_ci_gitlab_client }}
+      - WOODPECKER_GITLAB_CLIENT={{ forgejo_ci_gitlab_client }}
-      - WOODPECKER_gitlab_SECRET={{ forgejo_ci_gitlab_secret }}
+      - WOODPECKER_GITLAB_SECRET={{ forgejo_ci_gitlab_secret }}
 {% endif %}
 {% if forgejo_ci_forgejo_client is not undefined and not None and forgejo_ci_forgejo_secret is not undefined and not None %}
      - WOODPECKER_FORGEJO=true
@ -90,6 +90,12 @@ services:
      - WOODPECKER_FORGEJO_CLIENT={{ forgejo_ci_forgejo_client }}
      - WOODPECKER_FORGEJO_SECRET={{ forgejo_ci_forgejo_secret }}
 {% endif %}
 {% if forgejo_ci_gitea_url is not undefined and not None and forgejo_ci_gitea_client is not undefined and not None and forgejo_ci_gitea_secret is not undefined and not None %}
      - WOODPECKER_GITEA=true
      - "WOODPECKER_GITEA_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
      - WOODPECKER_GITEA_CLIENT={{ forgejo_ci_gitea_client }}
      - WOODPECKER_GITEA_SECRET={{ forgejo_ci_gitea_secret }}
 {% endif %}
  wp-agent:
    image: woodpeckerci/woodpecker-agent:latest
--- a/roles/forgejo/vars/main.yml
+++ b/roles/forgejo/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: forgejo
 stack_image: "codeberg.org/forgejo/forgejo"
--- a/roles/landingpage/README.md
+++ b/roles/landingpage/README.md
@ -1,10 +1,10 @@
 # landingpage
-The public face of my server. 
+The public face of my server.
 Not much to see here honestly,
 just a few simple lines of html explaining what this server is about and how to contact me.
-I don't see anybody else benefiting massively from this role but me, 
+I don't see anybody else benefiting massively from this role but me,
 but if you want the same web presence go for it I suppose 😉
 ## Defaults
@ -31,7 +31,6 @@ The docker image version to be used in stack creation.
 subdomain_alias: www
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `www.yourdomain.com` - 
+By default, it will be set to `www.yourdomain.com` -
 if this option is not set it will be served on `landingpage.yourdomain.com` instead.
--- a/roles/landingpage/defaults/main.yml
+++ b/roles/landingpage/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 landingpage_version: latest
 landingpage_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
--- a/roles/landingpage/handlers/main.yml
+++ b/roles/landingpage/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ landingpage_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update landingpage upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ landingpage_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (landingpage_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ landingpage_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (landingpage_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update landingpage upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update landingpage upstream"
--- a/roles/landingpage/meta/main.yml
+++ b/roles/landingpage/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs my personal public facing landing page as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/landingpage/tasks/main.yml
+++ b/roles/landingpage/tasks/main.yml
@ -21,4 +21,3 @@
  tags:
    - docker-swarm
  notify: "update landingpage upstream"
--- a/roles/landingpage/vars/main.yml
+++ b/roles/landingpage/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: landingpage
 stack_image: "martyo/cloudserve-landing"
--- a/roles/miniflux/README.md
+++ b/roles/miniflux/README.md
@ -27,6 +27,6 @@ The docker image version to be used in stack creation.
 subdomain_alias: rss
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `rss.yourdomain.com` - 
+By default, it will be set to `rss.yourdomain.com` -
 if this option is not set it will be served on `miniflux.yourdomain.com` instead.
--- a/roles/miniflux/defaults/main.yml
+++ b/roles/miniflux/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 miniflux_version: latest
 miniflux_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
--- a/roles/miniflux/handlers/main.yml
+++ b/roles/miniflux/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ miniflux_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update miniflux upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ miniflux_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (miniflux_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ miniflux_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (miniflux_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update miniflux upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update miniflux upstream"
--- a/roles/miniflux/meta/main.yml
+++ b/roles/miniflux/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs miniflux as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/miniflux/tasks/main.yml
+++ b/roles/miniflux/tasks/main.yml
@ -21,4 +21,3 @@
  tags:
    - docker-swarm
  notify: "update miniflux upstream"
--- a/roles/miniflux/vars/main.yml
+++ b/roles/miniflux/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: miniflux
 stack_image: "miniflux/miniflux"
--- a/roles/monica/README.md
+++ b/roles/monica/README.md
@ -27,8 +27,8 @@ The docker image version to be used in stack creation.
 subdomain_alias: prm
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `prm.yourdomain.com` (personal relationship manager) - 
+By default, it will be set to `prm.yourdomain.com` (personal relationship manager) -
 if this option is not set it will be served on `monica.yourdomain.com` instead.
 ```
@ -38,14 +38,14 @@ monica_db_password: mymonicadbpassword
 ```
 Set the default username and password combination on first container start.
-If loading from an existing volume this does nothing, otherwise it sets the 
+If loading from an existing volume this does nothing, otherwise it sets the
 first user so you can instantly log in.
 ```
 monica_app_disable_signups: true
 ```
-Sets the behavior on the login screen --- 
+Sets the behavior on the login screen ---
 if set to true (default) will not let anyone but the first user sign up,
 who automatically becomes an administrative user.
 If set to false will allow multiple users to sign up on the instance.
@ -57,13 +57,13 @@ monica_app_weather_api_key: <your-darksky-key>
 If `monica_app_geolocation_api_key` is set, Monica will translate addresses
 input into the app to geographical latitude/ longitude data.
-It requires an api key from https://locationiq.com/, which are free for 
+It requires an api key from https://locationiq.com/, which are free for
 10.000 daily requests.
-Similarly, if `monica_app_weather_api_key` is set, monica will (afaik) show 
+Similarly, if `monica_app_weather_api_key` is set, monica will (afaik) show
-weather data for the location of individual contacts. 
+weather data for the location of individual contacts.
 It requires an API key from https://darksky.net/dev/register, where
-1.000 daily requests are free. 
+1.000 daily requests are free.
 Be aware, however, that since darksky's sale to Apple, no new API signups are possible.
 To use this feature, `monica_app_geolocation_api_key` must also be filled out.
@ -71,8 +71,8 @@ To use this feature, `monica_app_geolocation_api_key` must also be filled out.
 monica_mail_host: smtp.eu.mailgun.org
 monica_mail_port: 465
 monica_mail_encryption: tls
-monica_mail_username: 
+monica_mail_username:
-monica_mail_password: 
+monica_mail_password:
 monica_mail_from: monica@yourserver.com
 monica_mail_from_name: Monica
 monica_mail_new_user_notification_address: "{{ caddy_email }}"
@ -81,5 +81,5 @@ monica_mail_new_user_notification_address: "{{ caddy_email }}"
 Sets up the necessary details for Monica to send out registration and reminder e-mails.
 Requires an smtp server set up, most easily doable through things like mailgun or sendgrid.
 Variables should be relatively self-explanatory,
-with `monica_mail_new_user_notification_address` being the address the notifications should be sent *to*,
+with `monica_mail_new_user_notification_address` being the address the notifications should be sent _to_,
 so in all probability some sort of administration address.
--- a/roles/monica/defaults/main.yml
+++ b/roles/monica/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 monica_version: latest
 monica_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@ -19,8 +18,8 @@ monica_db_password: mymonicadbpassword
 #monica_app_weather_api_key:
 #monica_mail_host: smtp.eu.mailgun.org
-#monica_mail_username: 
+#monica_mail_username:
-#monica_mail_password: 
+#monica_mail_password:
 monica_mail_port: 465
 monica_mail_encryption: tls
 #monica_mail_from: monica@yourserver.com
--- a/roles/monica/handlers/main.yml
+++ b/roles/monica/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ monica_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update monica upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ monica_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (monica_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ monica_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (monica_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update monica upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update monica upstream"
--- a/roles/monica/meta/main.yml
+++ b/roles/monica/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs monica as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/monica/tasks/Ubuntu.yml
+++ b/roles/monica/tasks/Ubuntu.yml
@ -9,4 +9,3 @@
    - apt
    - download
    - packages
--- a/roles/monica/tasks/main.yml
+++ b/roles/monica/tasks/main.yml
@ -12,8 +12,7 @@
  ansible.builtin.shell: echo -n 'base64:'; openssl rand -base64 32
  register: monica_app_key
- set_fact: 
+- set_fact: monica_app_key={{ monica_app_key.stdout }}
    monica_app_key={{ monica_app_key.stdout }}
 ## install container
 - name: Check upstream status
@ -37,4 +36,3 @@
  tags:
    - docker-swarm
  notify: "update monica upstream"
--- a/roles/monica/vars/main.yml
+++ b/roles/monica/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: monica
 stack_image: "monica"
--- a/roles/nextcloud/README.md
+++ b/roles/nextcloud/README.md
@ -4,13 +4,14 @@ A full office suite and groupware proposition,
 though its main draw for most is the file synchronization abilities.
 AKA Dropbox replacement.
-This software can grow enormous and enormously complicated, 
+This software can grow enormous and enormously complicated,
 this Ansible setup role concentrates on 3 things:
 * a stable and secure base setup from the official docker container
 * automatic setup of an email pipeline so users can reset passwords and be updated of changes
 * the ability to use S3 object storage as the primary way of storing users' files
-The rest should be taken care of either automatically, 
+- a stable and secure base setup from the official docker container
 - automatic setup of an email pipeline so users can reset passwords and be updated of changes
 - the ability to use S3 object storage as the primary way of storing users' files
 The rest should be taken care of either automatically,
 or supplied after the fact (if using different plugins or similar).
 ## Defaults
@ -32,7 +33,7 @@ nextcloud_version: fpm
 nextcloud_db_version: 12
 ```
-The docker image version to be used in stack creation. 
+The docker image version to be used in stack creation.
 The role sets up the `php-fpm` version of the official Nextcloud image.
 That means, Caddy is used in front as the server which presents all pages
 and access to files, the Nextcloud image itself only serves as the PHP data store.
@ -41,17 +42,17 @@ If changing the version to one relying on Nextcloud's in-built Apache server,
 take care to change where the upstream proxy is pointing to since the Caddy server in front loses its meaning.
 The second variable points to the docker image that should be used for the PostgreSQL database,
-with 12 pre-filled as default. 
+with 12 pre-filled as default.
 You can put this to latest, but should take care to migrate the database correctly when an update rolls around,
-or it *will* destroy your data at some point.
+or it _will_ destroy your data at some point.
 Generally, it seems easier to pin this to a specific version and then only update manually.
 ```yml
 subdomain_alias: files
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `files.yourdomain.com`  - 
+By default, it will be set to `files.yourdomain.com` -
 if this option is not set it will be served on `nextcloud.yourdomain.com` instead.
 If you change or delete this, you should also change what `nextcloud_trusted_domains` points to.
@ -66,7 +67,7 @@ nextcloud_db_password: secretnextcloud
 ```
 Sets the default username and password for application and database.
-All of these variables are necessary to circumvent the manual installation process 
+All of these variables are necessary to circumvent the manual installation process
 you would usually be faced with on first creating a Nextcloud instance.
 Ideally change all of these for your personal setup,
 but it is especially important to change the app admin login data since they are what is public facing.
@ -77,7 +78,7 @@ nextcloud_trusted_domains: "{{ subdomain_alias }}.{{ server_domain }}"
 The domains that are allowed to access your Nextcloud instance.
 Should point to any domains that you want it accessible on,
-can be a space-separated list of them. 
+can be a space-separated list of them.
 Take care to include the sub-domain if your are accessing it through one of them.
 [Further explanation](https://blog.martyoeh.me/posts/2021-11-18-nextcloud-trusted-domains/).
@ -130,7 +131,6 @@ If your details are correct, Nextcloud should automatically set up S3 as its pri
 Be careful if you switch an existing data volume of the Nextcloud image to S3
 as you will lose all access to existing files.
-The files *should* not be deleted at this point,
+The files _should_ not be deleted at this point,
 only access will be lost,
 but you are playing with fire at this point.
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -1,7 +1,6 @@
 ---
 # set preferred application version
-nextcloud_version: 28-fpm-alpine
+nextcloud_version: 29-fpm-alpine
 # set preferred postgres version
 nextcloud_db_version: 12-alpine
@ -31,7 +30,6 @@ nextcloud_smtp_authtype: LOGIN
 # nextcloud_smtp_password: <smtp-password>
 nextcloud_smtp_from_address: noreply
 nextcloud_smtp_from_domain: "{{ server_domain }}"
 # the following block is required *fully* for primary object storage
 # nextcloud_s3_host: s3.eu-central-1.wasabisys.com
 # nextcloud_s3_bucket: nextcloud
--- a/roles/nextcloud/handlers/main.yml
+++ b/roles/nextcloud/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ nextcloud_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update nextcloud upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ nextcloud_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (nextcloud_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ nextcloud_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (nextcloud_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update nextcloud upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update nextcloud upstream"
--- a/roles/nextcloud/meta/main.yml
+++ b/roles/nextcloud/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs nextcloud as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -14,7 +14,7 @@
  ansible.builtin.file:
    path: "{{ nextcloud_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  notify: "update nextcloud upstream"
@ -36,4 +36,3 @@
  tags:
    - docker-swarm
  notify: "update nextcloud upstream"
--- a/roles/nextcloud/vars/main.yml
+++ b/roles/nextcloud/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: nextcloud
 stack_image: "nextcloud"
--- a/roles/ntfy/README.md
+++ b/roles/ntfy/README.md
@ -19,7 +19,7 @@ The on-target directory where the proxy configuration file should be stashed.
 ntfy_use_https: true
 ```
-Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. 
+Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate.
 Usually you will want this to stay `true`,
 especially on the public facing web.
@ -33,8 +33,8 @@ The docker image version to be used in stack creation.
 subdomain_alias: push
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `push.yourdomain.com` - 
+By default, it will be set to `push.yourdomain.com` -
 if this option is not set it will be served on `ntfy.yourdomain.com` instead.
 The individual `ntfy` options to be changed are very well described on
--- a/roles/ntfy/handlers/main.yml
+++ b/roles/ntfy/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ ntfy_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update ntfy upstream"
@ -40,7 +40,6 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update ntfy upstream"
--- a/roles/ntfy/meta/main.yml
+++ b/roles/ntfy/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs a self-hosted push notification service through docker-swarm.
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/ntfy/tasks/main.yml
+++ b/roles/ntfy/tasks/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ ntfy_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
 - name: Move ntfy configuration file to target dir
@ -35,4 +35,3 @@
  tags:
    - docker-swarm
  notify: "update ntfy upstream"
--- a/roles/ntfy/vars/main.yml
+++ b/roles/ntfy/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: ntfy
 stack_image: "binwiederhier/ntfy"
--- a/roles/searx/README.md
+++ b/roles/searx/README.md
@ -26,8 +26,8 @@ The docker image version to be used in stack creation.
 subdomain_alias: search
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `search.yourdomain.com` - 
+By default, it will be set to `search.yourdomain.com` -
 if this option is not set it will be served on `searx.yourdomain.com` instead.
 ```
@ -39,11 +39,11 @@ searx_authentication:
 By default, the searx instance is not protected with a login, however you
 can have caddy provide a basic auth login form by using this variable.
-You can either change the login to suit you by generating a combination 
+You can either change the login to suit you by generating a combination
 (or multiple, it will also work with an arbitrary amount of logins),
-or remove the necessity to login altogether by not setting the 
+or remove the necessity to login altogether by not setting the
 `searx_authentication` variable to anything.
-The password needs to be in a hashed format, which is easiest to accomplish 
+The password needs to be in a hashed format, which is easiest to accomplish
-with the help of caddy itself --- simply doing `caddy hash-password` will 
+with the help of caddy itself --- simply doing `caddy hash-password` will
 allow you to create a new hashed password.
--- a/roles/searx/defaults/main.yml
+++ b/roles/searx/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 searx_version: latest
 searx_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@ -8,7 +7,6 @@ searx_use_https: true
 # the subdomain link searx will be reachable under
 subdomain_alias: search
 # searx_authentication:
 #   - username: mysearxusername
 #     password: JDJhJDE0JFdjUnQ5WWllcU8wa01xS0JBS2dlMy5zMEhRTmxqTXdIZmdjcTN6ZGFwRjJlYUdoSHAwRUhL # mysearxpassword
--- a/roles/searx/handlers/main.yml
+++ b/roles/searx/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ searx_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update searx upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ searx_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (searx_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ searx_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (searx_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update searx upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update searx upstream"
--- a/roles/searx/meta/main.yml
+++ b/roles/searx/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs searx as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/searx/tasks/main.yml
+++ b/roles/searx/tasks/main.yml
@ -21,4 +21,3 @@
  tags:
    - docker-swarm
  notify: "update searx upstream"
--- a/roles/searx/vars/main.yml
+++ b/roles/searx/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: searx
 stack_image: "searxng/searxng"
--- a/roles/shaarli/README.md
+++ b/roles/shaarli/README.md
@ -3,11 +3,11 @@
 A simple and fast bookmark manager.
 Can be deployed in minutes and takes minimum amount of resources.
-Be aware that shaarli installations can *not* be fully automated.
+Be aware that shaarli installations can _not_ be fully automated.
 That means after running this ansible role you will still have to setup up the first run wizard and create a user and so forth
 (if not running with an existing data-store).
 Do this quickly after setup,
-*especially* if your instance is public-facing!
+_especially_ if your instance is public-facing!
 {: .alert .alert-warning}
 ## Defaults
@ -34,7 +34,6 @@ The docker image version to be used in stack creation.
 subdomain_alias: links
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `links.yourdomain.com` - 
+By default, it will be set to `links.yourdomain.com` -
 if this option is not set it will be served on `shaarli.yourdomain.com` instead.
--- a/roles/shaarli/defaults/main.yml
+++ b/roles/shaarli/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 shaarli_version: release # they offer: latest and release (stable) versions
 shaarli_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
--- a/roles/shaarli/handlers/main.yml
+++ b/roles/shaarli/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ shaarli_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update shaarli upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ shaarli_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (shaarli_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ shaarli_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (shaarli_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update shaarli upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update shaarli upstream"
--- a/roles/shaarli/meta/main.yml
+++ b/roles/shaarli/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs shaarli as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/shaarli/tasks/main.yml
+++ b/roles/shaarli/tasks/main.yml
@ -21,4 +21,3 @@
  tags:
    - docker-swarm
  notify: "update shaarli upstream"
--- a/roles/shaarli/vars/main.yml
+++ b/roles/shaarli/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: shaarli
 stack_image: "ghcr.io/shaarli/shaarli"
--- a/roles/traggo/README.md
+++ b/roles/traggo/README.md
@ -27,8 +27,8 @@ The docker image version to be used in stack creation.
 subdomain_alias: time
 ```
-If the deployed container should be served over a uri that is not the stack name. 
+If the deployed container should be served over a uri that is not the stack name.
-By default, it will be set to `time.yourdomain.com` - 
+By default, it will be set to `time.yourdomain.com` -
 if this option is not set it will be served on `traggo.yourdomain.com` instead.
 ```
@ -37,5 +37,5 @@ traggo_password: mytraggopassword
 ```
 Set the default username and password combination on first container start.
-If loading from an existing volume this does nothing, otherwise it sets the 
+If loading from an existing volume this does nothing, otherwise it sets the
 first user so you can instantly log in.
--- a/roles/traggo/defaults/main.yml
+++ b/roles/traggo/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 traggo_version: latest
 traggo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
--- a/roles/traggo/handlers/main.yml
+++ b/roles/traggo/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ traggo_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update traggo upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ traggo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (traggo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ traggo_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (traggo_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update traggo upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update traggo upstream"
--- a/roles/traggo/meta/main.yml
+++ b/roles/traggo/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs traggo as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/traggo/tasks/main.yml
+++ b/roles/traggo/tasks/main.yml
@ -21,4 +21,3 @@
  tags:
    - docker-swarm
  notify: "update traggo upstream"
--- a/roles/traggo/vars/main.yml
+++ b/roles/traggo/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: traggo
 stack_image: "traggo/server"
--- a/roles/wallabag/README.md
+++ b/roles/wallabag/README.md
@ -39,4 +39,3 @@ stack_image: "wallabag/wallabag"
 ```
 The docker hub image to be use in provisioning.
--- a/roles/wallabag/defaults/main.yml
+++ b/roles/wallabag/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 wallabag_version: latest
 wallabag_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
--- a/roles/wallabag/handlers/main.yml
+++ b/roles/wallabag/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ wallabag_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update wallabag upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ wallabag_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (wallabag_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ wallabag_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (wallabag_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update wallabag upstream"
--- a/roles/wallabag/meta/main.yml
+++ b/roles/wallabag/meta/main.yml
@ -1,14 +1,11 @@
 ---
 galaxy_info:
  author: Marty Oehme
  description: Installs wallabag as a docker stack service
  license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
  galaxy_tags: []
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/wallabag/vars/main.yml
+++ b/roles/wallabag/vars/main.yml
@ -1,5 +1,4 @@
 ---
 stack_name: wallabag
 stack_image: "wallabag/wallabag"
--- a/roles/whoami/defaults/main.yml
+++ b/roles/whoami/defaults/main.yml
@ -1,5 +1,4 @@
 ---
 whoami_version: latest
 whoami_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack.name }}"
--- a/roles/whoami/handlers/main.yml
+++ b/roles/whoami/handlers/main.yml
@ -3,7 +3,7 @@
  ansible.builtin.file:
    path: "{{ whoami_upstream_file_dir }}"
    state: directory
-    mode: '0755'
+    mode: "0755"
  become: true
  listen: "update whoami upstream"
@ -40,7 +40,7 @@
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
-      curl -X POST -H "Content-Type: application/json" -d @{{ whoami_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (whoami_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+      curl -X POST -H "Content-Type: application/json" -d @{{ whoami_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (whoami_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
  become: true
  listen: "update whoami upstream"
@ -50,4 +50,3 @@
    state: absent
  become: true
  listen: "update whoami upstream"
--- a/roles/whoami/meta/main.yml
+++ b/roles/whoami/meta/main.yml
@ -1,6 +1,4 @@
 ---
 dependencies:
  - docker
  - docker-swarm
-  - caddy
+  - caddy_id
--- a/roles/whoami/tasks/main.yml
+++ b/roles/whoami/tasks/main.yml
@ -22,4 +22,3 @@
  tags:
    - docker-swarm
  notify: "update whoami upstream"
--- a/roles/whoami/vars/main.yml
+++ b/roles/whoami/vars/main.yml
@ -1,6 +1,4 @@
 ---
 stack:
  name: whoami
  compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
--- a/site.yml
+++ b/site.yml
@ -21,13 +21,13 @@
    - name: Install caddy reverse proxy
      import_role:
        role: caddy
-      tags: 
+      tags:
        - caddy
    - name: Grab caddy container id for all following services
      import_role:
        role: caddy_id
-      tags: 
+      tags:
        - caddy_id
        - always
@ -49,12 +49,16 @@
    - name: Install traggo
      import_role:
        role: traggo
-      tags: traggo
+      tags:
        - traggo
        - never
    - name: Install monica
      import_role:
        role: monica
-      tags: monica
+      tags:
        - monica
        - never
    - name: Install nextcloud
      import_role:
@ -79,4 +83,12 @@
    - name: Install ntfy
      import_role:
        role: ntfy
-      tags: ntfy
+      tags:
        - ntfy
        - never
    - name: Install diun
      import_role:
        role: diun
      tags:
        - diun
Author	SHA1	Message	Date
Marty Oehme	801d4b751b	Update Nextcloud major version to 29	2024-06-27 18:23:35 +02:00
Marty Oehme	be875edea9	Only update docker when run explicitly Docker should only be updated when run explicitly as it currently requires a re-run of the complete playbook afterwards (does not work for single-tag deployments e.g.) since it will recreate caddy container and lose all reverse proxy information.	2024-06-27 18:23:15 +02:00
Marty Oehme	e8447a6289	Add diun role	2024-06-25 12:20:46 +02:00
Marty Oehme	b6f7934c5f	Add gitea as potential woodpecker agent target In addition to the connected forgejo instance, we can now also target a remote gitea instance for woodpecker agents, should we want to.	2024-06-24 22:02:39 +02:00
Marty Oehme	86dd20fbf0	Remove some services from default deployment Services I have not used or not used for a long time will now not be deployed by default (but could still be specifically targeted through tags).	2024-06-24 20:51:40 +02:00
Marty Oehme	b3f201ed7d	Pin exact caddy version Stay on the exact version unless it is specifically told to upgrade. This is a first-step workaround for the (non-)idempodency issue of the caddy container's json config injection.	2024-06-24 20:50:58 +02:00
Marty Oehme	c498b3ced8	Apply prettier formatting	2024-06-24 20:36:55 +02:00
Marty Oehme	6b4c4ccde4	Update dependencies to enable easy single-tag deployments Previously every deployment (even just for a single tag, such as `ansible-playbook site.yml --tags landingpage`) would have the caddy deployment in its dependency. That meant in effect whenever there was an updated caddy image, the role would update it and we would lose all previous caddy configuration - which in turn would necessitate a complete redeploymnet of all steps. This is now not the case anymore.	2024-06-24 20:24:04 +02:00
`@ -39,4 +39,3 @@ stack_image: "wallabag/wallabag"`
	```	```

	`The docker hub image to be use in provisioning.`	`The docker hub image to be use in provisioning.`