Merge pull request 'fixed wrong volume paths' (#2) from bugfix/wrong_volume_paths into main

Reviewed-on: https://git.local.zernis.ch/simon/homeserver.zernis.ch/pulls/2

.gitignore

@@ -1,3 +1,3 @@
 # ---> Ansible
 *.retry
-
+facts/*

ansible.cfg

@@ -3,3 +3,7 @@ remote_user = simon
 inventory = hosts.yml
 vault_password_file = ~/.ansible/vault_pass.txt
 private_key_file=~/.ssh/ansible
+fact_caching = jsonfile
+fact_caching_connection = facts/
+host_key_checking = False
+roles_path = ~/dev/ansible/roles

host_vars/10.11.12.35/vars

@@ -2,9 +2,10 @@
 hostname: "{{ vault_hostname }}"
 domain: "{{ vault_domain }}"
 
-user:
-  name: '{{ vault_user_name }}'
-  password: '{{ vault_user_password }}'
+system_user_name: '{{ vault_system_user_name }}'
+system_user_password: '{{ vault_system_user_password }}'
+system_user_uid: '1000'
+system_user_gid: '1000'
 
 admin_mail: '{{ vault_admin_mail }}'
 sender_address: '{{ vault_sender_address }}'
@@ -36,6 +37,7 @@ borg_pass: '{{ vault_pass }}'
 # Gitea
 GITEA_DB_TYPE: '{{ vault_GITEA_DB_TYPE }}'
 GITEA_DB_HOST: '{{ vault_GITEA_DB_HOST }}'
+GITEA_DB_PORT: ' {{ vault_GITEA_DB_PORT }}'
 GITEA_DB_ROOT_PASS: '{{ vault_GITEA_DB_ROOT_PASS }}'
 GITEA_DB_USER: '{{ vault_GITEA_DB_USER }}'
 GITEA_DB_PASS: '{{ vault_GITEA_DB_PASS }}'
@@ -50,6 +52,13 @@ NEXTCLOUD_MYSQL_USER: '{{ vault_NEXTCLOUD_MYSQL_USER }}'
 NEXTCLOUD_MYSQL_PASS: '{{ vault_NEXTCLOUD_MYSQL_PASS }}'
 NEXTCLOUD_MYSQL_ROOT_PASS: '{{ vault_NEXTCLOUD_MYSQL_ROOT_PASS }}'
 
+# Paperless
+PAPERLESS_POSTGRES_DB: "{{ vault_PAPERLESS_POSTGRES_DB }}"
+PAPERLESS_POSTGRES_USER: "{{ vault_PAPERLESS_POSTGRES_USER }}"
+PAPERLESS_POSTGRES_PASS: "{{ vault_PAPERLESS_POSTGRES_PASS }}"
+PAPERLESS_POSTGRES_PORT: "5432"
+PAPERLESS_URL: "https://dms.zernis.ch"
+
 # Nginx Proxy Manager
 NPM_MYSQL_HOST: '{{ vault_NPM_MYSQL_HOST }}'
 NPM_MYSQL_PORT: '{{ vault_NPM_MYSQL_PORT }}'
@@ -67,4 +76,86 @@ WIKI_JS_DB_HOST: '{{ vault_WIKI_JS_DB_HOST }}'
 WIKI_JS_DB_PORT: '{{ vault_WIKI_JS_DB_PORT }}'
 WIKI_JS_POSTGRES_DB: '{{ vault_WIKI_JS_POSTGRES_DB }}'
 WIKI_JS_POSTGRES_USER: '{{ vault_WIKI_JS_POSTGRES_USER }}'
-WIKI_JS_POSTGRES_PASS: '{{ vault_WIKI_JS_POSTGRES_PASS }}'
+WIKI_JS_POSTGRES_PASS: '{{ vault_WIKI_JS_POSTGRES_PASS }}'
+
+# Stirling PDF
+
+stirling_pdf_description: '{{ vault_stirling_pdf_description }}'
+stirling_pdf_name: '{{ vault_stirling_pdf_name }}'
+
+# OpensourcePOS
+
+OPENSOURCEPOS_CI_ENV: '{{ vault_OPENSOURCEPOS_CI_ENV }}'
+OPENSOURCEPOS_FORCE_HTTPS: '{{ vault_OPENSOURCEPOS_FORCE_HTTPS }}'
+OPENSOURCEPOS_PHP_TIMEZONE: '{{ vault_OPENSOURCEPOS_PHP_TIMEZONE }}'
+OPENSOURCEPOS_DB_USER: '{{ vault_OPENSOURCEPOS_DB_USER }}'
+OPENSOURCEPOS_DB_PASS: '{{ vault_OPENSOURCEPOS_DB_PASS }}'
+OPENSOURCEPOS_DB_NAME: '{{ vault_OPENSOURCEPOS_DB_NAME }}'
+OPENSOURCEPOS_DB_HOST: '{{ vault_OPENSOURCEPOS_DB_HOST }}'
+OPENSOURCEPOS_DB_ROOT_PASS: '{{ vault_OPENSOURCEPOS_DB_ROOT_PASS }}'
+
+# Wordpress
+
+WORDPRESS_DB_USER: '{{ vault_WORDPRESS_DB_USER }}'
+WORDPRESS_DB_PASS: '{{ vault_WORDPRESS_DB_PASS }}'
+WORDPRESS_DB_NAME: '{{ vault_WORDPRESS_DB_NAME }}'
+WORDPRESS_DB_HOST: '{{ vault_WORDPRESS_DB_HOST }}'
+WORDPRESS_DB_ROOT_PASS: '{{ vault_WORDPRESS_DB_ROOT_PASS }}'
+
+### Borgmatic ###
+borg_source_directories:
+  - /home/{{ system_user_name }}/docker
+
+borgmatic_bin_dir: '/home/{{ system_user_name }}/.local/bin'
+#local_backup_path: '/backups/borgmatic'
+borgbase_ssh_repo_url: '{{ vault_borgbase_ssh_repo_url }}'
+borgbase_hostname: "{{ borgbase_ssh_repo_url.split('@')[1].split('/')[0] }}"
+ssh_backup_keyfile: '/home/simon/.ssh/id_ed25519'
+borgmatic_passphrase: '{{ vault_borgmatic_passphrase }}'
+backup_user_name: '{{ vault_backup_user_name }}'
+
+borg_exlcude_patterns:
+    - /home/{{ system_user_name }}/docker/*/db
+    - /home/{{ system_user_name }}/docker/gitea/data/ssh/*
+    - /home/{{ system_user_name }}/docker/npm/letsencrypt/*
+
+BORGMATIC_BACKUP_HOST: '127.0.0.1'
+BORGMATIC_GITEA_DB_PORT: '33306'
+BORGMATIC_NEXTCLOUD_MYSQL_PORT: '33307'
+BORGMATIC_NPM_MYSQL_PORT: '33308'
+BORGMATIC_WIKI_JS_DB_PORT: '33309'
+BORGMATIC_PAPERLESS_POSTGRES_PORT: '33310'
+
+mysql_databases:
+
+  - name: '{{ GITEA_DB_NAME }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_GITEA_DB_PORT }}'
+    username: 'root'
+    password: '{{ GITEA_DB_ROOT_PASS }}'
+
+mariadb_databases:
+
+  - name: '{{ NEXTCLOUD_MYSQL_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_NEXTCLOUD_MYSQL_PORT }}'
+    username: '{{ NEXTCLOUD_MYSQL_USER }}'
+    password: '{{ NEXTCLOUD_MYSQL_PASS }}'
+
+  - name: '{{ NPM_MYSQL_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_NPM_MYSQL_PORT }}'
+    username: '{{ NPM_MYSQL_USER }}'
+    password: '{{ NPM_MYSQL_PASS }}'
+
+postgresql_databases:
+  - name: '{{ WIKI_JS_POSTGRES_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_WIKI_JS_DB_PORT }}'
+    username: '{{ WIKI_JS_POSTGRES_USER }}'
+    password: '{{ WIKI_JS_POSTGRES_PASS }}'
+  - name: '{{ PAPERLESS_POSTGRES_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_PAPERLESS_POSTGRES_PORT }}'
+    username: '{{ PAPERLESS_POSTGRES_USER }}'
+    password: '{{ PAPERLESS_POSTGRES_PASS }}'

host_vars/10.11.12.35/vault

@@ -1,96 +1,146 @@
 $ANSIBLE_VAULT;1.1;AES256
-36336162633434623330663764366462646230663364323631333266623462343762633439353966
-3066383131336437333531363539353263653666393338390a303936393633323163633434616337
-38336362633733636436383335623735383833376262383964643439626437343836346363633466
-6365306665623932350a633439323964306263363432643039383436353538306131356263346332
-61633864393235353265626634636138666535646430326464616231643063333532356664363563
-31653161643762316534376333303362383064636637313366393464386339386630373365613863
-34343964343932393335653337356263656333363466306330323536336430653632356436666163
-37336632623238383030623564353738306165326435363930336362616638376562383831343034
-35343061633038333062326630386137663261633366633466623961326333393338343636376563
-32386165386530346637656638333239393664653330336233623837656362613037633737383536
-31323635653264646239306337656437656138653338353665333533326562396131313031653264
-39656539646638646135333031323032663162643066343032306130333935363266656164663431
-33646662373561353161616633313939626639366232616465643831316365303361636561393065
-30353236313437333531636235353333663231303735636638353235653965626563386162663066
-38363766363566343030306234373434623462393538663531633435333337653632393331336432
-31346466616666663638623665316165386137396131646564363863323066396239333333313539
-66656366313035646338613332303538343439343561396338383166636131663061646265313937
-66363932313233626561663364346633633662396537313663393833393937656636386633663034
-30653334316134393739616335303361356164383134376362343664626438613937623830623332
-31663637303635336436623161663833653338626530373061366131613139353963353932623564
-39613066623835636130386664303230373936336439643032653831353039356135633439653737
-39393263383234656637646438383364656534353637623338633065353561656366393432396138
-66333231323266666165383932616661346163613338633537383866386438656637646465343166
-34346531303330643738313562383935643534633566333533653434333132653232626632336565
-62636634623962346330346238316364316364376135303432323863646333346634353566363138
-33393966363638653135616338316331393065646466343536363865353362373932643730663232
-33353232343431363832323833376663336539306265656632316466343165646137326261363831
-34356365336465633135623865366566356162313166393230333166306433306238353438616463
-31636666653138333235326163656366633337396630366137623430633332316561343661646530
-38383964353266643363643563333535316335343065626337646462613037626636306231656366
-30346631356433376665343961316139373032613839316361656161633035323039646536353030
-37666362363839326661316362303035626430666462633066646532396564386166313966363736
-64316465393634616431363234376162323564643837653537343764613639626339326637623934
-33363363623661356539663736393836653132313461316662366639623437373664313832373836
-33356337616232373462653865636264323565663233633737386464613738623664633863623036
-34343665396130353066663534383964626565303234626564306431396638333639306131613631
-61653039666139373466306165373937366336313235393838333738303434396632353536363532
-32366662353562303066376334656264633837653936323834623038396566313936323261356133
-62643564643232616639646633643439666361333339356433633135666665623930323638306366
-30653934633330383561366664666366326533336366356162643636663330656531366164373763
-38366466316230343764303566323736643763643062393461316232383532333264323863626338
-65646562376236326533353832323131303233623739373038643430653963653532323935623130
-38306366343037323566346366343430393634333630653535633039623466353539346261626530
-66393362353634343935363263313333666266653039313632646330333063663762326537326331
-37656534313637666439356432323961376233326162393832323935323761616530303233633864
-31623133366366626236316130336164623533633432363236343931646563396465646631653463
-37313537363739323936663861366665333533333763643664323561663063303532386530393133
-66353162386232353032376433343131376635373130396561306239373562633334343630306165
-36663661376133653365366162343431623737613639353637623065663638366334313737643237
-35623033613839633635313530653734626465396632333462396164333232336433666663623739
-38386565383630613234363435653531616535636366316538363661303336663461613564333439
-62323062313837326365373664633036646533656231323062656462373262363863626434663062
-62346337643262323364633332613836336333353061646335326164623433376639646533376565
-38333330386336396361303435626362393735303039376561356634363661666561646630323234
-33376662346262633633333664616130613466343235396633616536663336656165353065313434
-62336632376564636534633132633163666234663232373432613336343930326334303661613261
-62313837626265646630333230643439383131636661366339626662383866333664333266633130
-64623162383737663961303938626533643330353835636231663131646663336163353939363938
-32646364346337323939383461633131656537353532636231333832356161356561383535613130
-39306564613166643338353034366534316233306631333062613737393530663466313235626662
-62313838623161643433366564376337393937626637356232343662663435613037393436653130
-34663063613635633036353564653832643237353538616238376436333339623536626462306263
-38393537303730646634396365363865363931613538326132376562313438326661613161373532
-35623835363432333634353437633831626330343864626530393437316237663034666133613431
-64646336313764623361353338333763633062623162373163353161313230643836383164633235
-66656266323939346465313433356438663537663361366561393137316534323036626536313165
-39623136623931373034353038343030303830393336643163336433633633653664343932653135
-62323939666363623963666138343734333363303435343339616665643562353861646532356433
-62313065373965663461363164346663653634343833323163616362383863306630356334653030
-36646535316336626532323131636131363766646663623065346565313432656130636337623837
-32616533363764383538313263383332623562353535393064663863303932343034306463393135
-37323362376364356638323563383135316264616239366165666461623663653564386461373731
-39323363343130353537363831623663386466333163656365373764343230663132633564356334
-32396632336238623837363766316464653866336134653137353832333031376562356536316666
-30623630373665336536333431666361336532613937313566373965663566393962613633326663
-66663363336136373836636331373639343431366437333434623336623130336435623932353637
-63353763343035363066353835633063633934616334643463336235336531623839376166333263
-33363238646131386666663365633433643030313937333662326461393532636262633061633437
-64626531303037313165656634653235363862303964313835613863633865613037363436636664
-61323133313866656536356338346136313131396139363234613234393237646634376133653633
-66623561663534323630323064373839313462646363326639666236383839643062613463333434
-64373662376430613632313866616339663838313931616231346535653739386462323761373036
-37636531353536653939643335656666333165653130623833616534323364616336626637346365
-32396665323966623335323637666331646336313337303362363739643864386235363464336532
-38623736626337653462306530353536393732386565653432656631636462663032623839323730
-62653464326632393736616436316535333133653033316234626432343336323231613964646664
-39656165333763393361393263643063633932313530666338316335616434383730383934393661
-32633131343264653039366539333930653563366431646265383630373730353038373032383338
-39373661666134653738653632343430663636656162373631336635633136393934623663323131
-39616439623964326466663232343231616631323362333966346530303065303936383938343036
-34366662656134383864313261646238363736343837373162303163323230326361653937346266
-30666431666335616336626636353262613661366137333933656338363736653031346335313238
-36306633633362646638303730393534306330386439643033313430393334386165613439353764
-30323563666466333530366666313962303830333339636630656230666266313063643564623735
-393336336234666665663931316362656337
+62363039313461363031633062353466326637326665653939353964383036333565306639663965
+3836313239333761323835643366633538663565363335390a613233663337306230393936646463
+64316439363634313062333664613363303539396537666166323765663434333665656335393636
+6234393733633262360a396634663065653537333032383361353133633737376335363563386364
+38613561306234636461333861396237343936633131636164383034623736316661313963396466
+30343064626434303061313365663833313334383334386239306339346464323538623763383832
+36376535633864663537623662663562393537316238356239356262383833366164653565306165
+64373036383938313166373134613664363831363862373761616364376137356366343162353733
+30626464333630303330623666343739326632633665376261613263653732356235393065663165
+38346133323139323765306536613361336436323935316266343630306363646236316165613461
+37643936376339633664313738303738393431366133336431613833383162623061613666636265
+33393066653463636364643634663863316662356631353166343536313930303435353735353166
+65313133373766646163393262383631333262306166343039343639653139636338663238303962
+39353233396238383366643637336131663931343530323937363531353538633662386638663833
+35323138333063316431666436336434313936666139386665626233623835626332336263303165
+33323866646335326433643464626639346630636133343634323032613132363232646163316266
+63336662336638383430616233613137346535623138663435303131363165656235356338653631
+63613131663166636233356130653639366135343435363266626530366337633932633766333764
+36643336346239613763616562383438346165633434336632393532313237613164646665363339
+31363332643331316437313464633139356631326436373261393533323265613365383530373030
+63363163376338363738373930646363326636616639363431333135616361393165323334353963
+36386130356534653937356238313336333135363135363637386239613361356237323865656331
+64623538663361326334646635373830373736663463313163353331343064373032623235663261
+65396634366334346662373636336532393434373265376232363734333831656466666433623764
+64623838303637643134376562626639643139656537333163663261383333343864333639393436
+63646335343639626230376436303065346232626261363131643631353731323733396232663230
+35363530343336383866353639353066333836343363623438316134393261366630663237316230
+66633563333466656361643266356134623634643066643264363830373536616264613331643464
+64323837666330316364633234636633373139303530396664623066373037616530623661326335
+39356666396231343665336438336233633936333135653966656465333762303461373335386233
+65666264313837666538363435643762393938616435323761393366663833353266616266653135
+62316364366333653363613737383238336633666333333963326261366166666337333230666262
+35356638656432383164656663303133323062623435653331356631323762306231366134623236
+64663263653161323862613334376363333438353261316138343234376337383565316566623035
+63386234646239363535333832313533313661646635323334383463633533316432333765643830
+38336636616530646336633831373836626430303266373835363266663335363830373938636431
+34313030336536643438346539336365386435643834303139623238343635323030613232363136
+30646337396366356164373734323431323935626537643338646334346562633735663661646536
+37373830633638303361346465343361323461393364363963383030663232373533393362313864
+35623965303766343265346161343939353138346361386561316662656562626239663866323833
+37313361626431373833396364653239336561363739663133323332323339343866336264333736
+31633539646439326164363437633765303062343836656165616639663964653331356161326362
+38373539353665303562346361613830306461616231313839646530323665323231633539613466
+33346139653763623266616136363833633032326365343836613630643664313630323030356638
+65613062323630396137363764663730383237333136396634316663613237623730663865356163
+39323061383965373233393434336363386366343630386339663838323565313837656131313230
+61623863343065303736356230663933646437383039396437313034303234356564333338303733
+39633663643461656132346538303434643565316165346563656565616539303964376334366335
+39393139386464383166396165303861373634323530613434373363336333303433613330333330
+38303334626336646635356566666238383334623635313464323932353832366539336366323862
+38303236656664306131306638633433343434386265353332313532643364336335343863306661
+65626464313564643966386333626366613732633235633961353136353537366166393266653765
+36666266386664393134303665366263623262306662633262613063633566303533613733636462
+61653563303938313633306136383164616361313334636531376436383030356633343737316531
+66656431363133373438613631326362346333376332353238653733633961386330336233613730
+35373361623331353531363062306331323234326438366463373337363731313330373962393330
+34343032303034666630343634313566333233333732626133306135316464336537393038383133
+63336663363633396339616137306530393863316266346462353232333061386331343832366162
+33363938346661646362353331656262623730306438373135316634323137386134623366653135
+35326531653331626165656634643064363866333062323634316533633930306235646131396530
+64613535623536396532383532356161663439376130613432656431363734643934316164346465
+32333961336438363838626564633161656437653963333162313362633365346334373564386530
+66663932663239323238643333306461356564616634643236636233376666626335633662653365
+34353931333063623266646265653064383839393461656230353661656365393737613331323664
+33313963303833666532386463663335346331626237346532613261393763363166376563346632
+61383765633461313932326264646334326563303035353537363466633636396635393237623737
+63623131633266616562633261333235633465633065336133353763363534383138613438626330
+63383939316630373165343462393335323061666134663435373930343132663365653861656431
+66346534353864663862386534626332653333363461666163313038656430383261306639326535
+64653630396465373034353831613635363735613363383563633362656430383437343733636239
+30366237333163663135393635306533636362643238383364396535333639323133396363623630
+32333763646231323365646161363734373635633266353364663032373738363362303666376137
+65383339653666393230626164383031653863323665656463356366353036323535626265613335
+31303837393763656639393761633831653134633731316232643462626234623837306261343937
+31646331303237646161663535333366376233636430666539653961333038663833333938346463
+34326135633061396261333064616233353435346266313264653665666566353336353164323164
+36363531383663636331326630346630336635306230366337613938643230386363343236613965
+34306138343964396133313937656430373131393933623338386632343165376230633166306565
+31336236346131383135313430666161343963383430383733363466636266323066666162363566
+36343963366361376538633861313265636132376432353533623563613864633164613462616161
+39353966613237643834366365613836633433636530346166643436363864366138356338646331
+31356239393264343862663138393435393265663766616463323730663433656237663965613839
+62396463643461326633383332316566366231343332373163643662373831366266393433353438
+38626131346535306361366539323335636666393261306233373232653233303430633539613930
+37653366656238616631376562336362343933393835306261303463363263653836393430333936
+35363536316664356462656533636361323661306162613630656164326135303363336563326264
+66323665623535663135313236323062666131323135393134323532316638626535323633363035
+39383330636135663737363065366530373466363161353265666239616632613733393038643236
+61323062666539333765336530363761666365373535356537613030313731396638663064346334
+30326431323132656331373232393133373261636135363761653266383631363530393935363865
+63376265373132393435636463306532303437343539636230616234626232383637623063343234
+65313266376563663063366138376361306339343030616265303730646630666430646233353336
+33333961356439623930323661313839376438396139303239346237653264626366313166333964
+33636132376164653739303738613163383234326563306432396661656632633038353133336530
+39393437373832333961613532653265633938393639626337386362363932366561323532343336
+64303262373766643931323939663730656466393430366339323361323636303861616463663065
+32383630303532323634643233636464386234373065343839393233313163303566663963656661
+37306539353033656662316639316266643862626334663766383735396332653135333235366363
+37393937376336353837653737366262306162363435616232323165633632636363623739363430
+35353536383664343339396439636261656137316332376566366138616632666431666632633963
+62623965643439343131646631353032616131346338303161363038623634336532633363396333
+31323634376130363030333164616465623730666637306338626366656262343930663131393934
+38373432646266356133663039323030366535383939663534316634316665646637653564303062
+38313031343835306266303161326461333463653265376264376334663835653333626333613261
+38376339326430353861626631633461333934313435623262633964303939386361613862386564
+66373339326333623233326462386535353730626634656261323235353534366163353161303633
+38613463306136336635363833366565313465363463353532316533366665613765336430313835
+30353032643263636435326263626136666466346161373330376663346461656666353335663333
+31393366333366333831383636333766353938663534343766383937613939323365366132323037
+63633866343034626162643039623935313263373061346130303231376563353933313762363237
+35363134353364653832616165323236333233303338623835343438643566373732303166353765
+32623238346631363331356131313561626535303032346133636636383466633931346462613035
+34353438363832656637393233613263366136323332353031356234373739373263393138626562
+63633364623961616237393231643237386336313833656362313939386336366330346165616464
+30356337646566353666613265386662623030373839316365393339393463343731666535353731
+37306665343532326138346231386634626333616639336237316634323438353635363365613834
+38363330616262333766323633386665316137363731356339343736333462313034363436386630
+32633764646665383836613838373630353435613234373832656339663138646663383037643364
+61616332623439313232316663663266343962663065363939396632646465313064353838613662
+61373034336136343230353235346164626434363237323931633661303062376365653134376563
+31396536393866323330363061623261313266303064303437376633313030646237666630666438
+36313234346264626262353536356166326565326538363761633539356362343533636636396237
+66393537343436396436616535633738333062343439366261373836316237323165663435383437
+35313430663334626337353766363737363332313537623637323634306363663033623264396261
+37346338633831356165383333393764633734633434323664363562396165386532306463626433
+31643835363936353034636162623137623035623165313937323866373034386432393263363235
+37623632666331376539616435316238356536303934386538313032346432396366643430323763
+39616563373962633735313634393435623966306333313337393234376534366664326664656362
+66383938623461303361323331303039636339313238353332393333363830663034633766613861
+63346663373132346365316239316264366665396666636138373435343938616462623961323733
+64323331393066313666353831633731323537313365383561666363353539626333663134613262
+61373064373966346362623030663936343435366266386634326235376664363335333038383939
+63623564633133636665383564356465363763373832386633656233663764653935333464666138
+31356131313463356231396466633630363430316636653437386436373230353963383836316331
+66336231376661366463356231336662356338323831643164313764343431323661373761613562
+32646237346164373463643464623235343166363532383965373333396339666361353137343239
+35336334633033613462613334656465666263363764363835383638393065303261323239326437
+31306436383566643563613933356463366664656134393935663666623863656637613764626565
+62343665383362376132623137633431393033396234616635376165393538396233636264663461
+62313531383039396333346139303764623133353765323666626465646336613566633464623138
+61313966383666363261336363323934666161643638326634303534376237636533333666333438
+65373234653532303533383161313164366464386530613230373663336331303336373262636131
+61346364323730316564636462363333353336323065616130393238323737366234656135626338
+64326437383138393631613963396163646263353436393064313763373231383333346137336534
+66663365633333353431343934303830386363663939666139633030326433376333

host_vars/host-ip

@@ -1,17 +0,0 @@
-hostname: '<hostname>'
-domain: '<domain.tld>'
-
-user:
-  name: '<username>'
-  password: '<bas64-hashed-user-pass>'
-
-admin_mail: '<your@mail.com>'
-
-relay:
-  server: '<mail-relay>'
-  port: '587'
-  user: '<sasl_user>'
-  password: '<sasl_pass>'
-
-backup_via_samba: false
-backup_via_nfs: true

hosts.yml

@@ -2,12 +2,10 @@
 all:
   hosts:
     10.11.12.35:
-    10.11.12.250:
   children:
     docker_hosts:
       hosts:
         10.11.12.35:
-        10.11.12.250:
     npm_hosts:
       hosts:
         10.11.12.35:
@@ -28,4 +26,17 @@ all:
         10.11.12.35:
     chatpad_hosts:
       hosts:
-        10.11.12.35:
+        10.11.12.35:
+    stirling_pdf_hosts:
+      hosts:
+        10.11.12.35:
+    borgmatic_hosts:
+      hosts:
+        10.11.12.35:
+    paperless_hosts:
+      hosts:
+        10.11.12.35:
+    opensourcepos_hosts:
+      hosts:
+    wordpress_hosts:
+      hosts:

main.yml

@@ -20,6 +20,13 @@
     - borgbackup
   tags: borgbackup
 
+- name: Configure Borgmatic Backup
+  hosts: all
+  become: false
+  roles: 
+    - borgmatic
+  tags: borgmatic
+
 - name: Update the system
   hosts: all
   become: true
@@ -76,4 +83,32 @@
   become: true
   roles:
     - chatpad
-  tags: chatpad  
+  tags: chatpad  
+
+- name: Configure Stirling-PDF
+  hosts: stirling_pdf_hosts
+  become: true
+  roles:
+    - stirling_pdf
+  tags: stirling_pdf
+
+- name: Configure OpensourcePOS
+  hosts: opensourcepos_hosts
+  become: true
+  roles:
+    - opensourcepos
+  tags: opensourcepos
+
+- name: Configure Wordpress
+  hosts: wordpress_hosts
+  become: true
+  roles:
+    - wordpress
+  tags: wordpress
+
+- name: Configure Paperless
+  hosts: paperless_hosts
+  become: true
+  roles:
+    - paperless_ngx
+  tags: paperless

roles/audiobookshelf/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Audiobookshelf directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/audiobookshelf/{{ item }}
+    path: /home/{{ system_user_name }}/docker/audiobookshelf/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ audiobookshelf_folder }}'
@@ -22,9 +22,9 @@
       - '11002:80'
     env:
     volumes:
-      - /home/{{ user['name'] }}/docker/audiobookshelf/data/audiobooks:/audiobooks
-      - /home/{{ user['name'] }}/docker/audiobookshelf/data/podcasts:/podcasts
-      - /home/{{ user['name'] }}/docker/audiobookshelf/config:/config
-      - /home/{{ user['name'] }}/docker/audiobookshelf/metadata:/metadata
+      - /home/{{ system_user_name }}/docker/audiobookshelf/data/audiobooks:/audiobooks
+      - /home/{{ system_user_name }}/docker/audiobookshelf/data/podcasts:/podcasts
+      - /home/{{ system_user_name }}/docker/audiobookshelf/config:/config
+      - /home/{{ system_user_name }}/docker/audiobookshelf/metadata:/metadata
     networks:
       - name: proxy

roles/borgbackup/tasks/main.yml

@@ -9,9 +9,9 @@
 - name: Copy smb credentials file
   ansible.builtin.template:
     src: "../templates/cifs.j2"
-    dest: "/home/{{ user['name'] }}/.cifs"
-    owner: "{{ user['name'] }}"
-    group: "{{ user['name'] }}"
+    dest: "/home/{{ system_user_name }}/.cifs"
+    owner: "{{ system_user_name }}"
+    group: "{{ system_user_name }}"
     mode: '0600'
   when: backup_via_samba == true
 
@@ -19,15 +19,15 @@
   ansible.builtin.template:
     src: "../templates/backup_to_smb.sh"
     dest: /usr/local/bin/
-    owner: "{{ user['name'] }}"
-    group: "{{ user['name'] }}"
+    owner: "{{ system_user_name }}"
+    group: "{{ system_user_name }}"
     mode: '0700'
   when: backup_via_samba == true
 
 - name: add cron backupjob for backups to samba server
   become: true
   ansible.builtin.cron:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     name: "borgbackup the docker dir to smb share"
     minute: "30"
     hour: "3"
@@ -40,8 +40,8 @@
   ansible.builtin.template:
     src: "../templates/backup_to_nfs.sh"
     dest: /usr/local/bin/
-    owner: "{{ user['name'] }}"
-    group: "{{ user['name'] }}"
+    owner: "{{ system_user_name }}"
+    group: "{{ system_user_name }}"
     mode: '0700'
   when: backup_via_nfs == true
 
@@ -49,10 +49,10 @@
 - name: add cron backupjob for backups to NFS server
   become: true
   ansible.builtin.cron:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     name: "borgbackup the docker dir to nfs share"
     minute: "30"
-    hour: "4"
+    hour: "2"
     job: "sudo /usr/local/bin/backup_to_nfs.sh > /dev/null 2>&1"
   notify: Restart cron
   when: backup_via_nfs == true

roles/borgbackup/templates/backup_to_nfs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Variablen
-data_dir="/home/{{ user['name'] }}/docker"
+data_dir="/home/{{ system_user_name }}/docker"
 nfs_share="{{ nfs_share }}"
 backup_target_usage_threshold="{{nfs_threshold}}" # Prozentuale Schwellenwert für die Speicherauslastung
 mount_point="{{ mount_point }}"
@@ -47,7 +47,7 @@ if [ "$mount_successful" -eq 1 ]; then
     done
 
     # Backup-Integrität überprüfen
-    borg_check_result=$(borg check --repository-only "$backup_repository" 2>&1)
+    borg_check_result=$(borg check --repository-only --max-duration 7200 "$backup_repository" 2>&1)
 
     # Backup-Status und Speicherauslastung prüfen
     if [ "$backup_status" -eq 0 ]; then

roles/borgbackup/templates/backup_to_smb.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 # Variablen
-data_dir="/home/{{ user['name'] }}/docker"
+data_dir="/home/{{ system_user_name }}/docker"
 samba_share="{{ smb_share }}"
-samba_credentials="/home/{{ user['name'] }}/.cifs"
+samba_credentials="/home/{{ system_user_name }}/.cifs"
 backup_target_usage_threshold="{{smb_threshold}}" # Prozentuale Schwellenwert für die Speicherauslastung
 mount_point="{{ mount_point }}"
 backup_repository="$mount_point/{{borg_repo}}"
@@ -48,7 +48,7 @@ if [ "$mount_successful" -eq 1 ]; then
     done
 
     # Backup-Integrität überprüfen
-    borg_check_result=$(borg check --repository-only "$backup_repository" 2>&1)
+    borg_check_result=$(borg check --repository-only --max-duration 7200 "$backup_repository" 2>&1)
 
     # Backup-Status und Speicherauslastung prüfen
     if [ "$backup_status" -eq 0 ]; then

roles/defaults/tasks/main.yml

@@ -6,15 +6,15 @@
     name:
       - sudo
 
-- name: Add user "{{ user['name'] }}"
+- name: Add user "{{ system_user_name }}"
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
-    password: "{{ user['password'] }}"
+    name: "{{ system_user_name }}"
+    password: "{{ system_user_password }}"
     shell: /bin/bash
 
-- name: Add user "{{ user['name'] }}" to sudo group
+- name: Add user "{{ system_user_name }}" and join sudo group
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
+    user: '{{ system_user_name }}'
     groups: sudo
     append: yes
 
@@ -29,4 +29,16 @@
   ansible.builtin.import_tasks: ssh-config.yml
 
 - name: Install & Configure unattended upgrades
-  ansible.builtin.import_tasks: unattended-upgrades.yml
+  ansible.builtin.import_tasks: unattended-upgrades.yml
+
+- name: Install Quemu Guest Agent if virtualization type is kvm
+  ansible.builtin.apt:
+    name: qemu-guest-agent
+    state: latest
+  when: ansible_virtualization_type == 'kvm'
+
+- name: Enable QEMU Guest Agent
+  ansible.builtin.systemd:
+    name: qemu-guest-agent
+    enabled: true
+  when: ansible_virtualization_type == 'kvm'

roles/defaults/tasks/postfix.yml

@@ -57,10 +57,17 @@
     state: "{{ postfix_service_state }}"
     enabled: "{{ postfix_service_enabled }}"
 
-- name: Update /etc/aliases | set email adress
+- name: Update /etc/aliases for root user | set email adress
   become: true
   ansible.builtin.lineinfile:
     path: /etc/aliases
     regexp: '^root:'
     line: 'root: {{ admin_mail }}'
+  notify: New aliases
+
+- name: Update /etc/aliases for {{system_user_name}} | set email adress
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/aliases
+    line: '{{ system_user_name }}: {{ admin_mail }}'
   notify: New aliases

roles/defaults/tasks/ssh-config.yml

@@ -1,7 +1,7 @@
 ---
 - name: Add Authorized Keys
   ansible.posix.authorized_key:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     state: present
     key: "{{ lookup('file', 'key.pub') }}"
 

roles/docker/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart cron
+  ansible.builtin.service:
+    name: cron
+    state: restarted

roles/docker/tasks/main.yml

@@ -36,9 +36,9 @@
     name: docker
     state: present
 
-- name: Add user to group docker | "{{ user['name'] }}"
+- name: Add user to group docker | "{{ system_user_name }}"
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
+    name: "{{ system_user_name }}"
     groups:
       - docker
     append: true
@@ -57,6 +57,15 @@
 - name: Create docker dir if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/
+    path: /home/{{ system_user_name }}/docker/
     state: directory
-    mode: '0755'
+    mode: '0755'
+
+- name: Create cronjob to prune unused docker stuff
+  ansible.builtin.cron:
+    user: "{{ system_user_name }}"
+    name: "prune unused docker stuff every night at 00:15"
+    minute: "15"
+    hour: "00"
+    job: 'sudo docker system prune -af  --filter "until=$((30*24))h"'
+  notify: Restart cron

roles/gitea/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create gitea directories they do not exist
   become: true
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/gitea/{{ item }}
+    path: /home/{{ system_user_name }}/docker/gitea/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ gitea_folder }}'
@@ -27,9 +27,11 @@
       MYSQL_PASSWORD: "{{ GITEA_DB_PASS | string }}"
       MYSQL_DATABASE: "{{ GITEA_DB_NAME | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/gitea/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/gitea/db:/var/lib/mysql
     networks:
       - name: gitea_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_GITEA_DB_PORT }}:{{GITEA_DB_PORT}}"
 
 - name: Create Gitea Container
   community.docker.docker_container:
@@ -42,6 +44,8 @@
       - '11004:3000'
       - '222:22'
     env:
+      USER_UID: "{{ system_user_uid }}"
+      USER_GID: "{{ system_user_gid }}"
       GITEA__database__DB_TYPE: "{{ GITEA_DB_TYPE | string}}"
       GITEA__database__HOST: "{{ GITEA_DB_HOST | string}}"
       GITEA__database__NAME: "{{ GITEA_DB_NAME | string }}"
@@ -49,7 +53,7 @@
       GITEA__database__PASSWD: "{{ GITEA_DB_PASS | string }}"
       LOCAL_ROOT_URL: "{{ GITEA_ROOT_URL | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/gitea/data:/data
+      - /home/{{ system_user_name }}/docker/gitea/data:/data
     networks:
       - name: gitea_internal
       - name: proxy

roles/nextcloud/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Nextcloud directories if they do not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/nextcloud/{{ item }}
+    path: /home/{{ system_user_name }}/docker/nextcloud/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ nextcloud_folder }}'
@@ -27,9 +27,11 @@
       MYSQL_USER: "{{ NEXTCLOUD_MYSQL_USER | string }}"
       MYSQL_PASSWORD: "{{ NEXTCLOUD_MYSQL_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/nextcloud/db:/var/lib/mysql
     networks:
       - name: nextcloud_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_NEXTCLOUD_MYSQL_PORT }}:{{ NEXTCLOUD_MYSQL_PORT }}"
 
 - name: Create Nextcloud Redis Container
   community.docker.docker_container:
@@ -38,7 +40,7 @@
     state: started
     restart_policy: unless-stopped
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/redis:/var/lib/redis
+      - /home/{{ system_user_name }}/docker/nextcloud/redis:/var/lib/redis
     networks:
       - name: nextcloud_internal
 
@@ -60,7 +62,7 @@
       REDIS_HOST: nextcloud_redis
 
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/data:/var/www/html
+      - /home/{{ system_user_name }}/docker/nextcloud/data:/var/www/html
     networks:
       - name: nextcloud_internal
       - name: proxy

roles/npm/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create NPM directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/npm/{{ item }}
+    path: /home/{{ system_user_name }}/docker/npm/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ npm_folder }}'
@@ -27,9 +27,12 @@
       MYSQL_USER: "{{ NPM_MYSQL_USER | string }}"
       MYSQL_PASSWORD: "{{ NPM_MYSQL_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/npm/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/npm/db:/var/lib/mysql
     networks:
       - name: npm_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_NPM_MYSQL_PORT }}:{{ NPM_MYSQL_PORT }}"
+
 
 - name: Create NPM Container
   community.docker.docker_container:
@@ -49,8 +52,8 @@
       DB_MYSQL_PASSWORD: "{{ NPM_MYSQL_PASS | string }}"
       DB_MYSQL_NAME: "{{ NPM_MYSQL_DB | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/npm/data:/data
-      - /home/{{ user['name'] }}/docker/npm/letsencrypt:/etc/letsencrypt
+      - /home/{{ system_user_name }}/docker/npm/data:/data
+      - /home/{{ system_user_name }}/docker/npm/letsencrypt:/etc/letsencrypt
     networks:
       - name: npm_internal
       - name: proxy

roles/opensourcepos/defaults/main.yml

@@ -0,0 +1,4 @@
+opensourcepos_folder:
+  - uploads
+  - logs
+  - mysql

roles/opensourcepos/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Create opensourcepos directories they do not exist
+  become: False
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/opensourcepos/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ opensourcepos_folder }}'
+
+- name: Create docker network 'opensourcepos_internal'
+  community.docker.docker_network:
+    name: opensourcepos_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create SQLscript Container
+  community.docker.docker_container:
+    name: sqlscript
+    image: jekkos/opensourcepos:sqlscript
+    command: /bin/sh -c 'exit 0'
+
+- name: Create opensourcepos DB Container
+  community.docker.docker_container:
+    name: opensourcepos_db
+    image: 'mariadb:10.5'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      MYSQL_ROOT_PASSWORD: "{{ OPENSOURCEPOS_DB_ROOT_PASS | string }}"
+      MYSQL_USER: "{{ OPENSOURCEPOS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ OPENSOURCEPOS_DB_PASS | string }}"
+      MYSQL_DATABASE: "{{ OPENSOURCEPOS_DB_NAME | string }}"
+    volumes_from:
+      - sqlscript
+    volumes:
+      - /home/{{ system_user_name }}/docker/opensourcepos/mysql:/var/lib/mysql:rw
+    networks:
+      - name: opensourcepos_internal
+
+- name: Create opensourcepos Container
+  community.docker.docker_container:
+    name: opensourcepos_app
+    image: 'jekkos/opensourcepos:3.3.8'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11007:80'
+    env:
+      CI_ENV: "{{ OPENSOURCEPOS_CI_ENV | string}}"
+      FORCE_HTTPS: "{{ OPENSOURCEPOS_FORCE_HTTPS | string}}"
+      PHP_TIMEZONE: "{{ OPENSOURCEPOS_PHP_TIMEZONE | string }}"
+      MYSQL_USERNAME: "{{ OPENSOURCEPOS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ OPENSOURCEPOS_DB_PASS | string }}"
+      MYSQL_DB_NAME: "{{ OPENSOURCEPOS_DB_NAME | string }}"
+      MYSQL_HOST_NAME: "{{ OPENSOURCEPOS_DB_HOST | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/opensourcepos/uploads:/app/public/uploads
+      - /home/{{ system_user_name }}/docker/opensourcepos/logs:/app/application/logs
+    networks:
+      - name: opensourcepos_internal
+      - name: proxy

roles/paperless_ngx/defaults/main.yml

@@ -0,0 +1,7 @@
+paperless_folder:
+ - data
+ - db
+ - redisdata
+ - media
+ - ./export
+ - ./consume

roles/paperless_ngx/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+- name: Create Paperless directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/paperless/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ paperless_folder }}'
+
+- name: Create docker network 'paperless_internal'
+  community.docker.docker_network:
+    name: paperless_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create Paperless Postgres Container
+  community.docker.docker_container:
+    name: paperless_db
+    image: 'docker.io/library/postgres:16'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      POSTGRES_DB: "{{ PAPERLESS_POSTGRES_DB | string }}"
+      POSTGRES_USER: "{{ PAPERLESS_POSTGRES_USER | string }}"
+      POSTGRES_PASSWORD: "{{ PAPERLESS_POSTGRES_PASS | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/db:/var/lib/postgresql/data
+    networks:
+      - name: paperless_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_PAPERLESS_POSTGRES_PORT }}:{{ PAPERLESS_POSTGRES_PORT }}"
+
+- name: Create Paperless Redis Container
+  community.docker.docker_container:
+    name: paperless_redis
+    image: 'docker.io/library/redis:7'
+    state: started
+    restart_policy: unless-stopped
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/redisdata:/data
+    networks:
+      - name: paperless_internal
+
+- name: Create Paperless Container
+  community.docker.docker_container:
+    name: paperless_app
+    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11007:8000'
+    env:
+      PAPERLESS_URL: "{{ PAPERLESS_URL }}"
+      PAPERLESS_DBENGINE: postgresql
+      PAPERLESS_REDIS: redis://paperless_redis:6379
+      PAPERLESS_DBHOST: paperless_db
+      PAPERLESS_DBNAME: "{{ PAPERLESS_POSTGRES_DB | string }}"
+      PAPERLESS_DBUSER: "{{ PAPERLESS_POSTGRES_USER | string }}"
+      PAPERLESS_DBPASS: "{{ PAPERLESS_POSTGRES_PASS | string }}"
+
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/data:/usr/src/paperless/data
+      - /home/{{ system_user_name }}/docker/paperless/media:/usr/src/paperless/media
+      - /home/{{ system_user_name }}/docker/paperless/./export:/usr/src/paperless/export
+      - /home/{{ system_user_name }}/docker/paperless/./consume:/usr/src/paperless/consume
+    networks:
+      - name: paperless_internal
+      - name: proxy

roles/semaphore/defaults/main.yml

@@ -0,0 +1,2 @@
+semaphore_folder:
+  - db

roles/semaphore/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: Create Semaphore directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/semaphore/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ semaphore_folder }}'
+
+- name: Create docker network 'semaphore'
+  community.docker.docker_network:
+    name: semaphore
+
+- name: Create mySQL Container
+  community.docker.docker_container:
+    name: semaphore_db
+    image: 'mysql:8.0'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '3006:30006'
+    env:
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_DATABASE: "{{ SEMAPHORE_DB_NAME }}"
+      MYSQL_USER: "{{ SEMAPHORE_DB_USER }}"
+      MYSQL_PASSWORD: "{{ SEMAPHORE_DB_PASSWORD }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/semaphore/db:/var/lib/mysql
+    networks:
+      - name: semaphore
+
+- name: Create Semaphore Container
+  community.docker.docker_container:
+    name: semaphore_app
+    image: 'semaphoreui/semaphore:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '3000:3000'
+    env:
+      SEMAPHORE_DB_USER: "{{ SEMAPHORE_DB_USER }}"
+      SEMAPHORE_DB_PASS: "{{ SEMAPHORE_DB_PASSWORD }}"
+      SEMAPHORE_DB_HOST: "semaphore_db"
+      SEMAPHORE_DB_PORT: "3306"
+      SEMAPHORE_DB_DIALECT: "mysql"
+      SEMAPHORE_DB: "{{ SEMAPHORE_DB_NAME }}"
+      SEMAPHORE_PLAYBOOK_PATH: "{{ SEMAPHORE_PLAYBOOK_DIR }}"
+      SEMAPHORE_ADMIN_PASSWORD: "{{ SEMAPHORE_ADMIN_PASSWORD }}"
+      SEMAPHORE_ADMIN_NAME: "{{ SEMAPHORE_ADMIN_USER }}"
+      SEMAPHORE_ADMIN_EMAIL: "{{ SEMAPHORE_ADMIN_MAIL }}"
+      SEMAPHORE_ADMIN: "{{ SEMAPHORE_ADMIN_USER }}"
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ SEMAPHORE_ACCESS_KEY }}"
+    networks:
+      - name: semaphore

roles/stirling_pdf/defaults/main.yml

@@ -0,0 +1,6 @@
+stirling_pdf_folder:
+  - config
+  - data
+
+stirling_pdf_locale: de_DE
+stirling_pdf_google_visibility: False

roles/stirling_pdf/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Create Stirling-PDF directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/stirling_pdf/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ stirling_pdf_folder }}'
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create Stirling-PDF Container
+  community.docker.docker_container:
+    name: stirling-pdf
+    image: 'frooodle/s-pdf:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11006:8080'
+    env:
+      APP_LOCALE: "{{ stirling_pdf_locale }}"
+      APP_HOME_NAME: "{{ stirling_pdf_name }}"
+      APP_HOME_DESCRIPTION: "{{ stirling_pdf_description }}"
+      APP_NAVBAR_NAME: "{{ stirling_pdf_name }}"
+      APP_ROOT_PATH: /
+      ALLOW_GOOGLE_VISIBILITY: "{{ stirling_pdf_google_visibility | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/stirling_pdf/config:/configs
+    networks:
+      - name: proxy

roles/vaultwarden/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Vaultwarden directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/vaultwarden/{{ item }}
+    path: /home/{{ system_user_name }}/docker/vaultwarden/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ vaultwarden_folder }}'
@@ -25,6 +25,6 @@
       SIGNUPS_ALLOWED: "{{ VW_SIGNUPS_ALLOWED | string }}"
 #      ADMIN_TOKEN=${ADMIN_TOKEN}: "{{ VW_ADMIN_TOKEN | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/vaultwarden/data:/data
+      - /home/{{ system_user_name }}/docker/vaultwarden/data:/data
     networks:
       - name: proxy

roles/wiki_js/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Wiki_JS directories they do not exist
   become: true
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/wiki_js/{{ item }}
+    path: /home/{{ system_user_name }}/docker/wiki_js/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ wiki_js_folder }}'
@@ -26,9 +26,11 @@
       POSTGRES_USER: "{{ WIKI_JS_POSTGRES_USER | string }}"
       POSTGRES_PASSWORD: "{{ WIKI_JS_POSTGRES_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/wiki_js/db:/var/lib/postgresql/data
+      - /home/{{ system_user_name }}/docker/wiki_js/db:/var/lib/postgresql/data
     networks:
       - name: wiki_js_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_WIKI_JS_DB_PORT }}:{{ WIKI_JS_DB_PORT }}"
 
 - name: Create Wiki_JS Container
   community.docker.docker_container:

roles/wordpress/defaults/main.yml

@@ -0,0 +1,3 @@
+wordpress_folder:
+  - data
+  - mysql

roles/wordpress/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+- name: Create wordpress directories they do not exist
+  become: False
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/wordpress/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ wordpress_folder }}'
+
+- name: Create docker network 'wordpress_internal'
+  community.docker.docker_network:
+    name: wordpress_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create wordpress DB Container
+  community.docker.docker_container:
+    name: wordpress_db
+    image: 'mariadb:10.5'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      MYSQL_ROOT_PASSWORD: "{{ WORDPRESS_DB_ROOT_PASS | string }}"
+      MYSQL_USER: "{{ WORDPRESS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ WORDPRESS_DB_PASS | string }}"
+      MYSQL_DATABASE: "{{ WORDPRESS_DB_NAME | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/wordpress/mysql:/var/lib/mysql:rw
+    networks:
+      - name: wordpress_internal
+
+- name: Create wordpress Container
+  community.docker.docker_container:
+    name: wordpress_app
+    image: 'wordpress:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11008:80'
+    env:
+      MYSQL_USERNAME: "{{ WORDPRESS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ WORDPRESS_DB_PASS | string }}"
+      MYSQL_DB_NAME: "{{ WORDPRESS_DB_NAME | string }}"
+      MYSQL_HOST_NAME: "{{ WORDPRESS_DB_HOST | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/wordpress/data:/var/www/html
+    networks:
+      - name: wordpress_internal
+      - name: proxy
+
+- name: Copy Wordpress Config Template
+  ansible.builtin.template:
+    src: wp-config.php.j2
+    dest: /home/{{ system_user_name }}/docker/wordpress/data/wp-config.php
+  
+- name: Restart Wordpress Container
+  community.docker.docker_container:
+    name: wordpress_app
+    state: started
+    restart: True

roles/wordpress/templates/wp-config.php.j2

@@ -0,0 +1,110 @@
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the installation.
+ * You don't have to use the web site, you can copy this file to "wp-config.php"
+ * and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * Database settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * @link https://wordpress.org/documentation/article/editing-wp-config-php/
+ *
+ * @package WordPress
+ */
+
+// ** Database settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', '{{ WORDPRESS_DB_NAME }}' );
+
+/** Database username */
+define( 'DB_USER', '{{ WORDPRESS_DB_USER }}' );
+
+/** Database password */
+define( 'DB_PASSWORD', '{{ WORDPRESS_DB_PASS }}' );
+
+/** Database hostname */
+define( 'DB_HOST', 'wordpress_db' );
+
+/** Database charset to use in creating database tables. */
+define( 'DB_CHARSET', 'utf8mb4' );
+
+/** The database collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', '' );
+
+define('.COOKIE_DOMAIN.', '{{ WORDPRESS_SITEURL }}');
+define('.SITECOOKIEPATH.', '.');
+
+if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        $list = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
+        $_SERVER['REMOTE_ADDR'] = $list[0];
+  }
+define( 'WP_HOME', 'https://{{ WORDPRESS_SITEURL }}' );
+define( 'WP_SITEURL', 'https://{{ WORDPRESS_SITEURL }}' );
+$_SERVER['HTTP_HOST'] = '{{ WORDPRESS_SITEURL }}';
+$_SERVER['REMOTE_ADDR'] = 'https://{{ WORDPRESS_SITEURL }}';
+$_SERVER[ 'SERVER_ADDR' ] = '{{ WORDPRESS_SITEURL }}';
+
+if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+       $_SERVER['HTTPS']='on';
+
+/**#@+
+ * Authentication unique keys and salts.
+ *
+ * Change these to different unique phrases! You can generate these using
+ * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
+ *
+ * You can change these at any point in time to invalidate all existing cookies.
+ * This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define( 'AUTH_KEY',         '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'SECURE_AUTH_KEY',  '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'LOGGED_IN_KEY',    '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'NONCE_KEY',        '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'AUTH_SALT',        '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'SECURE_AUTH_SALT', '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'LOGGED_IN_SALT',   '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'NONCE_SALT',       '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+
+/**#@-*/
+
+/**
+ * WordPress database table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix = 'wp_';
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the documentation.
+ *
+ * @link https://wordpress.org/documentation/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', false );
+
+/* Add any custom values between this line and the "stop editing" line. */
+
+/* That's all, stop editing! Happy publishing. */
+
+/** Absolute path to the WordPress directory. */
+if ( ! defined( 'ABSPATH' ) ) {
+        define( 'ABSPATH', __DIR__ . '/' );
+}
+
+/** Sets up WordPress vars and included files. */
+require_once ABSPATH . 'wp-settings.php';