Update Nextcloud major version to 29

Docker should only be updated when run explicitly as it currently
requires a re-run of the complete playbook afterwards (does not work for
single-tag deployments e.g.) since it will recreate caddy container and
lose all reverse proxy information.

README.md

@@ -32,7 +32,6 @@ simply by executing `ansible-playbook site.yml`.
 You can of course pick and choose what should be executed with host limits, tags, group variables, and so on,
 but this should provide an easy way to see if a) the playbook is working as intended and b) what it does is useful.
 
-
 ## Deployment
 
 Most variables to be changed should be set either through `group_variables` or `host_variables`.

group_vars/testing.yml

@@ -1,5 +1,4 @@
 ---
-
 docker_swarm_advertise_addr: eth1
 
 caddy_use_debug: yes

roles/caddy/README.md

@@ -48,7 +48,6 @@ caddy_version: alpine
 
 Sets the docker image version to be used.
 
-
 ## Internal variables
 
 ```yaml
@@ -66,7 +65,7 @@ or directly here like the following:
 ```yaml
 compose:
   - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
-      - version: '3'
+  - version: "3"
     services:
       another-container:
         image: nginx:latest

roles/caddy/defaults/main.yml

@@ -1,6 +1,5 @@
 ---
-
-caddy_version: alpine
+caddy_version: 2.8.4-alpine # tag exact version to avoid suprising container renewals
 caddy_caddyfile_dir: "{{ docker_stack_files_dir }}/caddy"
 
 caddy_use_debug: no

roles/caddy/meta/main.yml

@@ -1,5 +1,3 @@
 ---
-
 dependencies:
-  - docker
   - docker-swarm

roles/caddy/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 caddy_stack:
   name: caddy
   compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"

roles/caddy_id/README.md

@@ -48,7 +48,6 @@ caddy_version: alpine
 
 Sets the docker image version to be used.
 
-
 ## Internal variables
 
 ```yaml
@@ -66,7 +65,7 @@ or directly here like the following:
 ```yaml
 compose:
   - "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"
-      - version: '3'
+  - version: "3"
     services:
       another-container:
         image: nginx:latest

roles/caddy_id/meta/main.yml

@@ -1,5 +1,3 @@
 ---
-
 dependencies:
-  - docker
   - docker-swarm

roles/diun/README.md

@@ -0,0 +1,5 @@
+# diun
+
+Monitor the deployed swarm containers for updates.
+Will notify you when it found any update for any container.
+Can (currently) notify you either through mail or on matrix.

roles/diun/defaults/main.yml

@@ -0,0 +1,26 @@
+---
+diun_version: 4
+
+diun_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
+
+diun_use_https: true
+
+# the subdomain link diun will be reachable under
+subdomain_alias: diun
+
+diun_tz: Europe/Berlin
+diun_log_level: info
+diun_watch_swarm_by_default: true
+
+diun_notif_mail_host: localhost
+diun_notif_mail_port: 25
+# diun_notif_mail_username: required for mail
+# diun_notif_mail_password: required for mail
+# diun_notif_mail_from: required for mail
+# diun_notif_mail_to: required for mail
+
+diun_notif_matrix_url: "https://matrix.org"
+#diun_notif_matrix_user:  required for matrix
+#diun_notif_matrix_password:  required for matrix
+#diun_notif_matrix_roomid:  required for matrix
+

roles/diun/meta/main.yml

@@ -0,0 +1,10 @@
+---
+galaxy_info:
+  author: Marty Oehme
+  description: Notify on any docker swarm container updates
+  license: GPL-3.0-only
+  min_ansible_version: "2.9"
+  galaxy_tags: []
+
+dependencies:
+  - docker-swarm

roles/diun/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+## install diun container
+- name: Deploy diun to swarm
+  community.general.docker_stack:
+    name: "{{ stack_name }}"
+    state: present
+    prune: yes
+    compose:
+      - "{{ stack_compose }}"
+  become: true
+  tags:
+    - docker-swarm

roles/diun/templates/docker-stack.yml.j2

@@ -0,0 +1,51 @@
+version: '3.4'
+
+services:
+  app:
+    image: crazymax/diun:latest
+    # healthcheck:
+    #   test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"]
+    #   interval: 1m
+    #   timeout: 10s
+    #   retries: 3
+    #   start_period: 1m
+    command: serve
+    volumes:
+      - "data:/data"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - "TZ={{ diun_tz }}"
+      - "LOG_LEVEL={{ diun_log_level }}"
+      - "LOG_JSON=false"
+      - "DIUN_WATCH_WORKERS=20"
+      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
+      - "DIUN_WATCH_JITTER=30s"
+      - "DIUN_PROVIDERS_SWARM=true"
+      - "DIUN_PROVIDERS_SWARM_WATCHBYDEFAULT={{ diun_watch_swarm_by_default }}"
+{% if diun_notif_matrix_user is not undefined and not None and diun_notif_matrix_password is not undefined and not None and diun_notif_matrix_roomid is not undefined and not None %}
+      - "DIUN_NOTIF_MATRIX_HOMESERVERURL={{ diun_notif_matrix_url }}"
+      - "DIUN_NOTIF_MATRIX_USER={{ diun_notif_matrix_user }}"
+      - "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_notif_matrix_password }}"
+      - "DIUN_NOTIF_MATRIX_ROOMID={{ diun_notif_matrix_roomid }}"
+{% endif %}
+{% if diun_notif_mail_username is not undefined and not None and diun_notif_mail_password is not undefined and not None and diun_notif_mail_from is not undefined and not None and diun_notif_mail_to is not undefined and not None %}
+      - "DIUN_NOTIF_MAIL_HOST={{ diun_notif_mail_host }}"
+      - "DIUN_NOTIF_MAIL_PORT={{ diun_notif_mail_port }}"
+      - "DIUN_NOTIF_MAIL_USERNAME={{ diun_notif_mail_username }}"
+      - "DIUN_NOTIF_MAIL_PASSWORD={{ diun_notif_mail_password }}"
+      - "DIUN_NOTIF_MAIL_FROM={{ diun_notif_mail_from }}"
+      - "DIUN_NOTIF_MAIL_TO={{ diun_notif_mail_to }}"
+{% endif %}
+#    deploy:
+#      mode: replicated
+#      replicas: 1
+#      placement:
+#        constraints:
+#          - node.role == manager
+
+volumes:
+  data:
+
+networks:
+  "{{ docker_swarm_public_network_name }}":
+    external: true

roles/diun/vars/main.yml

@@ -0,0 +1,6 @@
+---
+stack_name: diun
+
+stack_image: "crazymax/diun"
+
+stack_compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"

roles/docker-swarm/defaults/main.yml

@@ -1,5 +1,3 @@
 ---
-
 docker_stack_files_dir: /stacks
 docker_swarm_public_network_name: public
-

roles/docker-swarm/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - docker

roles/docker-swarm/tasks/main.yml

@@ -28,7 +28,7 @@
   ansible.builtin.file:
     path: "{{ docker_stack_files_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   tags:
     - fs

roles/docker/tasks/Ubuntu.yml

@@ -30,7 +30,18 @@
     - repository
   become: true
 
-- name: Ensure latest docker-ce installed
+- name: docker-ce is installed
+  ansible.builtin.package:
+    name: "{{ packages }}"
+    state: present
+  tags:
+    - apt
+    - download
+    - packages
+  become: true
+  notify: Handle docker daemon
+
+- name: Latest docker-ce is installed
   ansible.builtin.package:
     name: "{{ packages }}"
     state: latest
@@ -38,6 +49,8 @@
     - apt
     - download
     - packages
+    - docker
+    - never
   become: true
   notify: Handle docker daemon
 

roles/forgejo/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 forgejo_version: 7
 
 forgejo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@@ -30,3 +29,6 @@ forgejo_use_ci: false
 # forgejo_ci_gitlab_secret:
 # forgejo_ci_forgejo_client:
 # forgejo_ci_forgejo_secret:
+# forgejo_ci_gitea_url:
+# forgejo_ci_gitea_client:
+# forgejo_ci_gitea_secret:

roles/forgejo/meta/main.yml

@@ -1,15 +1,15 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Light-weight git hosting
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
   platforms:
     - name: GenericLinux
-      versions: all
+      versions:
+        - all
 
 dependencies:
-  - docker
   - docker-swarm
+  - caddy_id

roles/forgejo/tasks/Ubuntu.yml

@@ -9,4 +9,3 @@
     - apt
     - download
     - packages
-

roles/forgejo/tasks/main.yml

@@ -36,7 +36,7 @@
   ansible.builtin.file:
     path: "/app/forgejo/"
     state: directory
-    mode: '0770'
+    mode: "0770"
     owner: "{{ git_user['uid'] }}"
     group: "{{ git_user['group'] }}"
   become: true
@@ -47,7 +47,7 @@
     dest: "/app/forgejo/forgejo"
     owner: "{{ git_user['uid'] }}"
     group: "{{ git_user['group'] }}"
-    mode: '0750'
+    mode: "0750"
   become: true
 
 - name: Host machine forgejo command points to passthrough command

roles/forgejo/templates/docker-stack.yml.j2

@@ -81,8 +81,8 @@ services:
 {% endif %}
 {% if forgejo_ci_gitlab_client is not undefined and not None and forgejo_ci_gitlab_secret is not undefined and not None %}
       - WOODPECKER_GITLAB=true
-      - WOODPECKER_gitlab_CLIENT={{ forgejo_ci_gitlab_client }}
-      - WOODPECKER_gitlab_SECRET={{ forgejo_ci_gitlab_secret }}
+      - WOODPECKER_GITLAB_CLIENT={{ forgejo_ci_gitlab_client }}
+      - WOODPECKER_GITLAB_SECRET={{ forgejo_ci_gitlab_secret }}
 {% endif %}
 {% if forgejo_ci_forgejo_client is not undefined and not None and forgejo_ci_forgejo_secret is not undefined and not None %}
       - WOODPECKER_FORGEJO=true
@@ -90,6 +90,12 @@ services:
       - WOODPECKER_FORGEJO_CLIENT={{ forgejo_ci_forgejo_client }}
       - WOODPECKER_FORGEJO_SECRET={{ forgejo_ci_forgejo_secret }}
 {% endif %}
+{% if forgejo_ci_gitea_url is not undefined and not None and forgejo_ci_gitea_client is not undefined and not None and forgejo_ci_gitea_secret is not undefined and not None %}
+      - WOODPECKER_GITEA=true
+      - "WOODPECKER_GITEA_URL={{ (forgejo_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
+      - WOODPECKER_GITEA_CLIENT={{ forgejo_ci_gitea_client }}
+      - WOODPECKER_GITEA_SECRET={{ forgejo_ci_gitea_secret }}
+{% endif %}
 
   wp-agent:
     image: woodpeckerci/woodpecker-agent:latest

roles/forgejo/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: forgejo
 
 stack_image: "codeberg.org/forgejo/forgejo"

roles/landingpage/README.md

@@ -34,4 +34,3 @@ subdomain_alias: www
 If the deployed container should be served over a uri that is not the stack name.
 By default, it will be set to `www.yourdomain.com` -
 if this option is not set it will be served on `landingpage.yourdomain.com` instead.
-

roles/landingpage/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 landingpage_version: latest
 
 landingpage_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/landingpage/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ landingpage_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update landingpage upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update landingpage upstream"
-

roles/landingpage/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs my personal public facing landing page as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/landingpage/tasks/main.yml

@@ -21,4 +21,3 @@
   tags:
     - docker-swarm
   notify: "update landingpage upstream"
-

roles/landingpage/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: landingpage
 
 stack_image: "martyo/cloudserve-landing"

roles/miniflux/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 miniflux_version: latest
 
 miniflux_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/miniflux/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ miniflux_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update miniflux upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update miniflux upstream"
-

roles/miniflux/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs miniflux as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/miniflux/tasks/main.yml

@@ -21,4 +21,3 @@
   tags:
     - docker-swarm
   notify: "update miniflux upstream"
-

roles/miniflux/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: miniflux
 
 stack_image: "miniflux/miniflux"

roles/monica/README.md

@@ -81,5 +81,5 @@ monica_mail_new_user_notification_address: "{{ caddy_email }}"
 Sets up the necessary details for Monica to send out registration and reminder e-mails.
 Requires an smtp server set up, most easily doable through things like mailgun or sendgrid.
 Variables should be relatively self-explanatory,
-with `monica_mail_new_user_notification_address` being the address the notifications should be sent *to*,
+with `monica_mail_new_user_notification_address` being the address the notifications should be sent _to_,
 so in all probability some sort of administration address.

roles/monica/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 monica_version: latest
 
 monica_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/monica/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ monica_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update monica upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update monica upstream"
-

roles/monica/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs monica as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/monica/tasks/Ubuntu.yml

@@ -9,4 +9,3 @@
     - apt
     - download
     - packages
-

roles/monica/tasks/main.yml

@@ -12,8 +12,7 @@
   ansible.builtin.shell: echo -n 'base64:'; openssl rand -base64 32
   register: monica_app_key
 
-- set_fact: 
-    monica_app_key={{ monica_app_key.stdout }}
+- set_fact: monica_app_key={{ monica_app_key.stdout }}
 
 ## install container
 - name: Check upstream status
@@ -37,4 +36,3 @@
   tags:
     - docker-swarm
   notify: "update monica upstream"
-

roles/monica/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: monica
 
 stack_image: "monica"

roles/nextcloud/README.md

@@ -6,9 +6,10 @@ AKA Dropbox replacement.
 
 This software can grow enormous and enormously complicated,
 this Ansible setup role concentrates on 3 things:
-* a stable and secure base setup from the official docker container
-* automatic setup of an email pipeline so users can reset passwords and be updated of changes
-* the ability to use S3 object storage as the primary way of storing users' files
+
+- a stable and secure base setup from the official docker container
+- automatic setup of an email pipeline so users can reset passwords and be updated of changes
+- the ability to use S3 object storage as the primary way of storing users' files
 
 The rest should be taken care of either automatically,
 or supplied after the fact (if using different plugins or similar).
@@ -43,7 +44,7 @@ take care to change where the upstream proxy is pointing to since the Caddy serv
 The second variable points to the docker image that should be used for the PostgreSQL database,
 with 12 pre-filled as default.
 You can put this to latest, but should take care to migrate the database correctly when an update rolls around,
-or it *will* destroy your data at some point.
+or it _will_ destroy your data at some point.
 Generally, it seems easier to pin this to a specific version and then only update manually.
 
 ```yml
@@ -130,7 +131,6 @@ If your details are correct, Nextcloud should automatically set up S3 as its pri
 
 Be careful if you switch an existing data volume of the Nextcloud image to S3
 as you will lose all access to existing files.
-The files *should* not be deleted at this point,
+The files _should_ not be deleted at this point,
 only access will be lost,
 but you are playing with fire at this point.
-

roles/nextcloud/defaults/main.yml

@@ -1,7 +1,6 @@
 ---
-
 # set preferred application version
-nextcloud_version: 28-fpm-alpine
+nextcloud_version: 29-fpm-alpine
 # set preferred postgres version
 nextcloud_db_version: 12-alpine
 
@@ -31,7 +30,6 @@ nextcloud_smtp_authtype: LOGIN
 # nextcloud_smtp_password: <smtp-password>
 nextcloud_smtp_from_address: noreply
 nextcloud_smtp_from_domain: "{{ server_domain }}"
-
 # the following block is required *fully* for primary object storage
 # nextcloud_s3_host: s3.eu-central-1.wasabisys.com
 # nextcloud_s3_bucket: nextcloud

roles/nextcloud/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ nextcloud_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update nextcloud upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update nextcloud upstream"
-

roles/nextcloud/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs nextcloud as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/nextcloud/tasks/main.yml

@@ -14,7 +14,7 @@
   ansible.builtin.file:
     path: "{{ nextcloud_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   notify: "update nextcloud upstream"
 
@@ -36,4 +36,3 @@
   tags:
     - docker-swarm
   notify: "update nextcloud upstream"
-

roles/nextcloud/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: nextcloud
 
 stack_image: "nextcloud"

roles/ntfy/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ ntfy_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update ntfy upstream"
 
@@ -43,4 +43,3 @@
       curl -X POST -H "Content-Type: application/json" -d @{{ ntfy_upstream_file_dir }}/upstream.json localhost:2019/config/apps/http/servers/{{ (ntfy_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/
   become: true
   listen: "update ntfy upstream"
-

roles/ntfy/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs a self-hosted push notification service through docker-swarm.
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/ntfy/tasks/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ ntfy_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
 
 - name: Move ntfy configuration file to target dir
@@ -35,4 +35,3 @@
   tags:
     - docker-swarm
   notify: "update ntfy upstream"
-

roles/ntfy/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: ntfy
 
 stack_image: "binwiederhier/ntfy"

roles/searx/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 searx_version: latest
 
 searx_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
@@ -8,7 +7,6 @@ searx_use_https: true
 
 # the subdomain link searx will be reachable under
 subdomain_alias: search
-
 # searx_authentication:
 #   - username: mysearxusername
 #     password: JDJhJDE0JFdjUnQ5WWllcU8wa01xS0JBS2dlMy5zMEhRTmxqTXdIZmdjcTN6ZGFwRjJlYUdoSHAwRUhL # mysearxpassword

roles/searx/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ searx_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update searx upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update searx upstream"
-

roles/searx/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs searx as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/searx/tasks/main.yml

@@ -21,4 +21,3 @@
   tags:
     - docker-swarm
   notify: "update searx upstream"
-

roles/searx/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: searx
 
 stack_image: "searxng/searxng"

roles/shaarli/README.md

@@ -3,11 +3,11 @@
 A simple and fast bookmark manager.
 Can be deployed in minutes and takes minimum amount of resources.
 
-Be aware that shaarli installations can *not* be fully automated.
+Be aware that shaarli installations can _not_ be fully automated.
 That means after running this ansible role you will still have to setup up the first run wizard and create a user and so forth
 (if not running with an existing data-store).
 Do this quickly after setup,
-*especially* if your instance is public-facing!
+_especially_ if your instance is public-facing!
 {: .alert .alert-warning}
 
 ## Defaults
@@ -37,4 +37,3 @@ subdomain_alias: links
 If the deployed container should be served over a uri that is not the stack name.
 By default, it will be set to `links.yourdomain.com` -
 if this option is not set it will be served on `shaarli.yourdomain.com` instead.
-

roles/shaarli/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 shaarli_version: release # they offer: latest and release (stable) versions
 
 shaarli_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/shaarli/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ shaarli_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update shaarli upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update shaarli upstream"
-

roles/shaarli/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs shaarli as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/shaarli/tasks/main.yml

@@ -21,4 +21,3 @@
   tags:
     - docker-swarm
   notify: "update shaarli upstream"
-

roles/shaarli/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: shaarli
 
 stack_image: "ghcr.io/shaarli/shaarli"

roles/traggo/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 traggo_version: latest
 
 traggo_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/traggo/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ traggo_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update traggo upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update traggo upstream"
-

roles/traggo/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs traggo as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/traggo/tasks/main.yml

@@ -21,4 +21,3 @@
   tags:
     - docker-swarm
   notify: "update traggo upstream"
-

roles/traggo/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: traggo
 
 stack_image: "traggo/server"

roles/wallabag/README.md

@@ -39,4 +39,3 @@ stack_image: "wallabag/wallabag"
 ```
 
 The docker hub image to be use in provisioning.
-

roles/wallabag/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 wallabag_version: latest
 
 wallabag_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

roles/wallabag/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ wallabag_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update wallabag upstream"
 

roles/wallabag/meta/main.yml

@@ -1,14 +1,11 @@
 ---
-
 galaxy_info:
   author: Marty Oehme
   description: Installs wallabag as a docker stack service
   license: GPL-3.0-only
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   galaxy_tags: []
 
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/wallabag/vars/main.yml

@@ -1,5 +1,4 @@
 ---
-
 stack_name: wallabag
 
 stack_image: "wallabag/wallabag"

roles/whoami/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 whoami_version: latest
 
 whoami_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack.name }}"

roles/whoami/handlers/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ whoami_upstream_file_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
   become: true
   listen: "update whoami upstream"
 
@@ -50,4 +50,3 @@
     state: absent
   become: true
   listen: "update whoami upstream"
-

roles/whoami/meta/main.yml

@@ -1,6 +1,4 @@
 ---
-
 dependencies:
-  - docker
   - docker-swarm
-  - caddy
+  - caddy_id

roles/whoami/tasks/main.yml

@@ -22,4 +22,3 @@
   tags:
     - docker-swarm
   notify: "update whoami upstream"
-

roles/whoami/vars/main.yml

@@ -1,6 +1,4 @@
 ---
-
-
 stack:
   name: whoami
   compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}"

site.yml

@@ -49,12 +49,16 @@
     - name: Install traggo
       import_role:
         role: traggo
-      tags: traggo
+      tags:
+        - traggo
+        - never
 
     - name: Install monica
       import_role:
         role: monica
-      tags: monica
+      tags:
+        - monica
+        - never
 
     - name: Install nextcloud
       import_role:
@@ -79,4 +83,12 @@
     - name: Install ntfy
       import_role:
         role: ntfy
-      tags: ntfy
+      tags:
+        - ntfy
+        - never
+
+    - name: Install diun
+      import_role:
+        role: diun
+      tags:
+        - diun