Merge pull request 'fixed wrong volume paths' (#2) from bugfix/wrong_volume_paths into main

Reviewed-on: https://git.local.zernis.ch/simon/homeserver.zernis.ch/pulls/2

.gitignore

@@ -1,3 +1,3 @@
 # ---> Ansible
 *.retry
-
+facts/*

ansible.cfg

@@ -3,3 +3,7 @@ remote_user = simon
 inventory = hosts.yml
 vault_password_file = ~/.ansible/vault_pass.txt
 private_key_file=~/.ssh/ansible
+fact_caching = jsonfile
+fact_caching_connection = facts/
+host_key_checking = False
+roles_path = ~/dev/ansible/roles

host_vars/10.11.12.35

@@ -1,25 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35373961616333373836623537333162323833363437393036376230383866303262383235313039
-3636616561633430353132313461386139303931666563350a326162333664303966373363656662
-31633562613565386639623937653461363439343862633965386533373532323466636361373636
-3061383737633537390a653131643138653964623430323064353366656366303461386565626236
-38303461653166386165653862666665653139386637646561326537393766306464643933346330
-39643239343430363734613931336636356237393537323061363736633033373639663130316563
-34663162626262656632393763373834373461353165326137653438653331313738393166363438
-34346638343966363632396531366439666466313361646130623733373337663332623533653730
-65636534303632396164326139396236646133373731653235366466623664343331373863366136
-32333330623130383364653038383038366431633436646665653939646237396266363965313464
-36656539356231373039363334666432316331343534306162323335356161653331383163623035
-62643238663935636261653537333030653038383633646133326336303336343666353336643837
-33616362323261646665346638323639323964626263623665376165343231366435666535303063
-38643764373164393232376434653939623062623537366164393863633431386439623663346233
-30353862306139323731666531646336316635616537366363396663643133616363303031396136
-61363461393333366465666635666432666336343865623665633765306336306232646539353532
-37653433386334356439666261303234396636333565636437346530663035313564613436306433
-36643064643532653762376233373831396464623435646162303530333837613162613834623262
-63336433656638303632643463623634386635383066393766656636626666653236613934613430
-36376634393632373131393562643564666135336166653731623163386466373636376161323633
-65313363353939663866363064353237323130623037336636613134333163363863666531626536
-65656537333837356339626437666233316331616636623464353165363338353332306530313665
-64306532393835653032386132306230303339656566353531633938326362393939613232396339
-31326264386133316237

host_vars/10.11.12.35/vars

@@ -0,0 +1,161 @@
+################## System Vars ############################
+hostname: "{{ vault_hostname }}"
+domain: "{{ vault_domain }}"
+
+system_user_name: '{{ vault_system_user_name }}'
+system_user_password: '{{ vault_system_user_password }}'
+system_user_uid: '1000'
+system_user_gid: '1000'
+
+admin_mail: '{{ vault_admin_mail }}'
+sender_address: '{{ vault_sender_address }}'
+
+relay:
+  server: '{{ vault_relay_server }}'
+  port: '{{ vault_relay_port }}'
+  user: '{{ vault_relay_user }}'
+  password: '{{ vault_relay_password }}'
+
+backup_via_samba: '{{ vault_backup_via_samba }}'
+backup_via_nfs: '{{ vault_backup_via_nfs }}'
+
+######################## Service Vars #########################
+
+# Borgbackup
+smb_share: '{{ vault_smb_share }}'
+smb_username: '{{ vault_smb_username }}'
+smb_pass: '{{ vault_smb_pass }}'
+smb_threshold: '{{ vault_smb_threshold }}'
+
+nfs_share: '{{ vault_nfs_share }}'
+nfs_threshold: '{{ vault_nfs_threshold }}'
+
+mount_point: '{{ vault_mount_point }}'
+borg_repo: '{{ vault_repo }}'
+borg_pass: '{{ vault_pass }}'
+
+# Gitea
+GITEA_DB_TYPE: '{{ vault_GITEA_DB_TYPE }}'
+GITEA_DB_HOST: '{{ vault_GITEA_DB_HOST }}'
+GITEA_DB_PORT: ' {{ vault_GITEA_DB_PORT }}'
+GITEA_DB_ROOT_PASS: '{{ vault_GITEA_DB_ROOT_PASS }}'
+GITEA_DB_USER: '{{ vault_GITEA_DB_USER }}'
+GITEA_DB_PASS: '{{ vault_GITEA_DB_PASS }}'
+GITEA_DB_NAME: '{{ vault_GITEA_DB_NAME }}'
+GITEA_ROOT_URL: '{{ vault_GITEA_ROOT_URL }}'
+
+# Nextcloud
+NEXTCLOUD_MYSQL_HOST: '{{ vault_NEXTCLOUD_MYSQL_HOST }}'
+NEXTCLOUD_MYSQL_PORT: '{{ vault_NEXTCLOUD_MYSQL_PORT }}'
+NEXTCLOUD_MYSQL_DB: '{{ vault_NEXTCLOUD_MYSQL_DB }}'
+NEXTCLOUD_MYSQL_USER: '{{ vault_NEXTCLOUD_MYSQL_USER }}'
+NEXTCLOUD_MYSQL_PASS: '{{ vault_NEXTCLOUD_MYSQL_PASS }}'
+NEXTCLOUD_MYSQL_ROOT_PASS: '{{ vault_NEXTCLOUD_MYSQL_ROOT_PASS }}'
+
+# Paperless
+PAPERLESS_POSTGRES_DB: "{{ vault_PAPERLESS_POSTGRES_DB }}"
+PAPERLESS_POSTGRES_USER: "{{ vault_PAPERLESS_POSTGRES_USER }}"
+PAPERLESS_POSTGRES_PASS: "{{ vault_PAPERLESS_POSTGRES_PASS }}"
+PAPERLESS_POSTGRES_PORT: "5432"
+PAPERLESS_URL: "https://dms.zernis.ch"
+
+# Nginx Proxy Manager
+NPM_MYSQL_HOST: '{{ vault_NPM_MYSQL_HOST }}'
+NPM_MYSQL_PORT: '{{ vault_NPM_MYSQL_PORT }}'
+NPM_MYSQL_DB: '{{ vault_NPM_MYSQL_DB }}'
+NPM_MYSQL_USER: '{{ vault_NPM_MYSQL_USER }}'
+NPM_MYSQL_PASS: '{{ vault_NPM_MYSQL_PASS }}'
+NPM_MYSQL_ROOT_PASS: '{{ vault_NPM_MYSQL_ROOT_PASS }}'
+
+# Vaultwarden
+#VW_ADMIN_TOKEN: '{{ vault_VW_ADMIN_TOKEN }}'
+
+# WikiJS
+WIKI_JS_DB_TYPE: '{{ vault_WIKI_JS_DB_TYPE }}'
+WIKI_JS_DB_HOST: '{{ vault_WIKI_JS_DB_HOST }}'
+WIKI_JS_DB_PORT: '{{ vault_WIKI_JS_DB_PORT }}'
+WIKI_JS_POSTGRES_DB: '{{ vault_WIKI_JS_POSTGRES_DB }}'
+WIKI_JS_POSTGRES_USER: '{{ vault_WIKI_JS_POSTGRES_USER }}'
+WIKI_JS_POSTGRES_PASS: '{{ vault_WIKI_JS_POSTGRES_PASS }}'
+
+# Stirling PDF
+
+stirling_pdf_description: '{{ vault_stirling_pdf_description }}'
+stirling_pdf_name: '{{ vault_stirling_pdf_name }}'
+
+# OpensourcePOS
+
+OPENSOURCEPOS_CI_ENV: '{{ vault_OPENSOURCEPOS_CI_ENV }}'
+OPENSOURCEPOS_FORCE_HTTPS: '{{ vault_OPENSOURCEPOS_FORCE_HTTPS }}'
+OPENSOURCEPOS_PHP_TIMEZONE: '{{ vault_OPENSOURCEPOS_PHP_TIMEZONE }}'
+OPENSOURCEPOS_DB_USER: '{{ vault_OPENSOURCEPOS_DB_USER }}'
+OPENSOURCEPOS_DB_PASS: '{{ vault_OPENSOURCEPOS_DB_PASS }}'
+OPENSOURCEPOS_DB_NAME: '{{ vault_OPENSOURCEPOS_DB_NAME }}'
+OPENSOURCEPOS_DB_HOST: '{{ vault_OPENSOURCEPOS_DB_HOST }}'
+OPENSOURCEPOS_DB_ROOT_PASS: '{{ vault_OPENSOURCEPOS_DB_ROOT_PASS }}'
+
+# Wordpress
+
+WORDPRESS_DB_USER: '{{ vault_WORDPRESS_DB_USER }}'
+WORDPRESS_DB_PASS: '{{ vault_WORDPRESS_DB_PASS }}'
+WORDPRESS_DB_NAME: '{{ vault_WORDPRESS_DB_NAME }}'
+WORDPRESS_DB_HOST: '{{ vault_WORDPRESS_DB_HOST }}'
+WORDPRESS_DB_ROOT_PASS: '{{ vault_WORDPRESS_DB_ROOT_PASS }}'
+
+### Borgmatic ###
+borg_source_directories:
+  - /home/{{ system_user_name }}/docker
+
+borgmatic_bin_dir: '/home/{{ system_user_name }}/.local/bin'
+#local_backup_path: '/backups/borgmatic'
+borgbase_ssh_repo_url: '{{ vault_borgbase_ssh_repo_url }}'
+borgbase_hostname: "{{ borgbase_ssh_repo_url.split('@')[1].split('/')[0] }}"
+ssh_backup_keyfile: '/home/simon/.ssh/id_ed25519'
+borgmatic_passphrase: '{{ vault_borgmatic_passphrase }}'
+backup_user_name: '{{ vault_backup_user_name }}'
+
+borg_exlcude_patterns:
+    - /home/{{ system_user_name }}/docker/*/db
+    - /home/{{ system_user_name }}/docker/gitea/data/ssh/*
+    - /home/{{ system_user_name }}/docker/npm/letsencrypt/*
+
+BORGMATIC_BACKUP_HOST: '127.0.0.1'
+BORGMATIC_GITEA_DB_PORT: '33306'
+BORGMATIC_NEXTCLOUD_MYSQL_PORT: '33307'
+BORGMATIC_NPM_MYSQL_PORT: '33308'
+BORGMATIC_WIKI_JS_DB_PORT: '33309'
+BORGMATIC_PAPERLESS_POSTGRES_PORT: '33310'
+
+mysql_databases:
+
+  - name: '{{ GITEA_DB_NAME }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_GITEA_DB_PORT }}'
+    username: 'root'
+    password: '{{ GITEA_DB_ROOT_PASS }}'
+
+mariadb_databases:
+
+  - name: '{{ NEXTCLOUD_MYSQL_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_NEXTCLOUD_MYSQL_PORT }}'
+    username: '{{ NEXTCLOUD_MYSQL_USER }}'
+    password: '{{ NEXTCLOUD_MYSQL_PASS }}'
+
+  - name: '{{ NPM_MYSQL_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_NPM_MYSQL_PORT }}'
+    username: '{{ NPM_MYSQL_USER }}'
+    password: '{{ NPM_MYSQL_PASS }}'
+
+postgresql_databases:
+  - name: '{{ WIKI_JS_POSTGRES_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_WIKI_JS_DB_PORT }}'
+    username: '{{ WIKI_JS_POSTGRES_USER }}'
+    password: '{{ WIKI_JS_POSTGRES_PASS }}'
+  - name: '{{ PAPERLESS_POSTGRES_DB }}'
+    host: '{{ BORGMATIC_BACKUP_HOST }}'
+    port: '{{ BORGMATIC_PAPERLESS_POSTGRES_PORT }}'
+    username: '{{ PAPERLESS_POSTGRES_USER }}'
+    password: '{{ PAPERLESS_POSTGRES_PASS }}'

host_vars/10.11.12.35/vault

@@ -0,0 +1,146 @@
+$ANSIBLE_VAULT;1.1;AES256
+62363039313461363031633062353466326637326665653939353964383036333565306639663965
+3836313239333761323835643366633538663565363335390a613233663337306230393936646463
+64316439363634313062333664613363303539396537666166323765663434333665656335393636
+6234393733633262360a396634663065653537333032383361353133633737376335363563386364
+38613561306234636461333861396237343936633131636164383034623736316661313963396466
+30343064626434303061313365663833313334383334386239306339346464323538623763383832
+36376535633864663537623662663562393537316238356239356262383833366164653565306165
+64373036383938313166373134613664363831363862373761616364376137356366343162353733
+30626464333630303330623666343739326632633665376261613263653732356235393065663165
+38346133323139323765306536613361336436323935316266343630306363646236316165613461
+37643936376339633664313738303738393431366133336431613833383162623061613666636265
+33393066653463636364643634663863316662356631353166343536313930303435353735353166
+65313133373766646163393262383631333262306166343039343639653139636338663238303962
+39353233396238383366643637336131663931343530323937363531353538633662386638663833
+35323138333063316431666436336434313936666139386665626233623835626332336263303165
+33323866646335326433643464626639346630636133343634323032613132363232646163316266
+63336662336638383430616233613137346535623138663435303131363165656235356338653631
+63613131663166636233356130653639366135343435363266626530366337633932633766333764
+36643336346239613763616562383438346165633434336632393532313237613164646665363339
+31363332643331316437313464633139356631326436373261393533323265613365383530373030
+63363163376338363738373930646363326636616639363431333135616361393165323334353963
+36386130356534653937356238313336333135363135363637386239613361356237323865656331
+64623538663361326334646635373830373736663463313163353331343064373032623235663261
+65396634366334346662373636336532393434373265376232363734333831656466666433623764
+64623838303637643134376562626639643139656537333163663261383333343864333639393436
+63646335343639626230376436303065346232626261363131643631353731323733396232663230
+35363530343336383866353639353066333836343363623438316134393261366630663237316230
+66633563333466656361643266356134623634643066643264363830373536616264613331643464
+64323837666330316364633234636633373139303530396664623066373037616530623661326335
+39356666396231343665336438336233633936333135653966656465333762303461373335386233
+65666264313837666538363435643762393938616435323761393366663833353266616266653135
+62316364366333653363613737383238336633666333333963326261366166666337333230666262
+35356638656432383164656663303133323062623435653331356631323762306231366134623236
+64663263653161323862613334376363333438353261316138343234376337383565316566623035
+63386234646239363535333832313533313661646635323334383463633533316432333765643830
+38336636616530646336633831373836626430303266373835363266663335363830373938636431
+34313030336536643438346539336365386435643834303139623238343635323030613232363136
+30646337396366356164373734323431323935626537643338646334346562633735663661646536
+37373830633638303361346465343361323461393364363963383030663232373533393362313864
+35623965303766343265346161343939353138346361386561316662656562626239663866323833
+37313361626431373833396364653239336561363739663133323332323339343866336264333736
+31633539646439326164363437633765303062343836656165616639663964653331356161326362
+38373539353665303562346361613830306461616231313839646530323665323231633539613466
+33346139653763623266616136363833633032326365343836613630643664313630323030356638
+65613062323630396137363764663730383237333136396634316663613237623730663865356163
+39323061383965373233393434336363386366343630386339663838323565313837656131313230
+61623863343065303736356230663933646437383039396437313034303234356564333338303733
+39633663643461656132346538303434643565316165346563656565616539303964376334366335
+39393139386464383166396165303861373634323530613434373363336333303433613330333330
+38303334626336646635356566666238383334623635313464323932353832366539336366323862
+38303236656664306131306638633433343434386265353332313532643364336335343863306661
+65626464313564643966386333626366613732633235633961353136353537366166393266653765
+36666266386664393134303665366263623262306662633262613063633566303533613733636462
+61653563303938313633306136383164616361313334636531376436383030356633343737316531
+66656431363133373438613631326362346333376332353238653733633961386330336233613730
+35373361623331353531363062306331323234326438366463373337363731313330373962393330
+34343032303034666630343634313566333233333732626133306135316464336537393038383133
+63336663363633396339616137306530393863316266346462353232333061386331343832366162
+33363938346661646362353331656262623730306438373135316634323137386134623366653135
+35326531653331626165656634643064363866333062323634316533633930306235646131396530
+64613535623536396532383532356161663439376130613432656431363734643934316164346465
+32333961336438363838626564633161656437653963333162313362633365346334373564386530
+66663932663239323238643333306461356564616634643236636233376666626335633662653365
+34353931333063623266646265653064383839393461656230353661656365393737613331323664
+33313963303833666532386463663335346331626237346532613261393763363166376563346632
+61383765633461313932326264646334326563303035353537363466633636396635393237623737
+63623131633266616562633261333235633465633065336133353763363534383138613438626330
+63383939316630373165343462393335323061666134663435373930343132663365653861656431
+66346534353864663862386534626332653333363461666163313038656430383261306639326535
+64653630396465373034353831613635363735613363383563633362656430383437343733636239
+30366237333163663135393635306533636362643238383364396535333639323133396363623630
+32333763646231323365646161363734373635633266353364663032373738363362303666376137
+65383339653666393230626164383031653863323665656463356366353036323535626265613335
+31303837393763656639393761633831653134633731316232643462626234623837306261343937
+31646331303237646161663535333366376233636430666539653961333038663833333938346463
+34326135633061396261333064616233353435346266313264653665666566353336353164323164
+36363531383663636331326630346630336635306230366337613938643230386363343236613965
+34306138343964396133313937656430373131393933623338386632343165376230633166306565
+31336236346131383135313430666161343963383430383733363466636266323066666162363566
+36343963366361376538633861313265636132376432353533623563613864633164613462616161
+39353966613237643834366365613836633433636530346166643436363864366138356338646331
+31356239393264343862663138393435393265663766616463323730663433656237663965613839
+62396463643461326633383332316566366231343332373163643662373831366266393433353438
+38626131346535306361366539323335636666393261306233373232653233303430633539613930
+37653366656238616631376562336362343933393835306261303463363263653836393430333936
+35363536316664356462656533636361323661306162613630656164326135303363336563326264
+66323665623535663135313236323062666131323135393134323532316638626535323633363035
+39383330636135663737363065366530373466363161353265666239616632613733393038643236
+61323062666539333765336530363761666365373535356537613030313731396638663064346334
+30326431323132656331373232393133373261636135363761653266383631363530393935363865
+63376265373132393435636463306532303437343539636230616234626232383637623063343234
+65313266376563663063366138376361306339343030616265303730646630666430646233353336
+33333961356439623930323661313839376438396139303239346237653264626366313166333964
+33636132376164653739303738613163383234326563306432396661656632633038353133336530
+39393437373832333961613532653265633938393639626337386362363932366561323532343336
+64303262373766643931323939663730656466393430366339323361323636303861616463663065
+32383630303532323634643233636464386234373065343839393233313163303566663963656661
+37306539353033656662316639316266643862626334663766383735396332653135333235366363
+37393937376336353837653737366262306162363435616232323165633632636363623739363430
+35353536383664343339396439636261656137316332376566366138616632666431666632633963
+62623965643439343131646631353032616131346338303161363038623634336532633363396333
+31323634376130363030333164616465623730666637306338626366656262343930663131393934
+38373432646266356133663039323030366535383939663534316634316665646637653564303062
+38313031343835306266303161326461333463653265376264376334663835653333626333613261
+38376339326430353861626631633461333934313435623262633964303939386361613862386564
+66373339326333623233326462386535353730626634656261323235353534366163353161303633
+38613463306136336635363833366565313465363463353532316533366665613765336430313835
+30353032643263636435326263626136666466346161373330376663346461656666353335663333
+31393366333366333831383636333766353938663534343766383937613939323365366132323037
+63633866343034626162643039623935313263373061346130303231376563353933313762363237
+35363134353364653832616165323236333233303338623835343438643566373732303166353765
+32623238346631363331356131313561626535303032346133636636383466633931346462613035
+34353438363832656637393233613263366136323332353031356234373739373263393138626562
+63633364623961616237393231643237386336313833656362313939386336366330346165616464
+30356337646566353666613265386662623030373839316365393339393463343731666535353731
+37306665343532326138346231386634626333616639336237316634323438353635363365613834
+38363330616262333766323633386665316137363731356339343736333462313034363436386630
+32633764646665383836613838373630353435613234373832656339663138646663383037643364
+61616332623439313232316663663266343962663065363939396632646465313064353838613662
+61373034336136343230353235346164626434363237323931633661303062376365653134376563
+31396536393866323330363061623261313266303064303437376633313030646237666630666438
+36313234346264626262353536356166326565326538363761633539356362343533636636396237
+66393537343436396436616535633738333062343439366261373836316237323165663435383437
+35313430663334626337353766363737363332313537623637323634306363663033623264396261
+37346338633831356165383333393764633734633434323664363562396165386532306463626433
+31643835363936353034636162623137623035623165313937323866373034386432393263363235
+37623632666331376539616435316238356536303934386538313032346432396366643430323763
+39616563373962633735313634393435623966306333313337393234376534366664326664656362
+66383938623461303361323331303039636339313238353332393333363830663034633766613861
+63346663373132346365316239316264366665396666636138373435343938616462623961323733
+64323331393066313666353831633731323537313365383561666363353539626333663134613262
+61373064373966346362623030663936343435366266386634326235376664363335333038383939
+63623564633133636665383564356465363763373832386633656233663764653935333464666138
+31356131313463356231396466633630363430316636653437386436373230353963383836316331
+66336231376661366463356231336662356338323831643164313764343431323661373761613562
+32646237346164373463643464623235343166363532383965373333396339666361353137343239
+35336334633033613462613334656465666263363764363835383638393065303261323239326437
+31306436383566643563613933356463366664656134393935663666623863656637613764626565
+62343665383362376132623137633431393033396234616635376165393538396233636264663461
+62313531383039396333346139303764623133353765323666626465646336613566633464623138
+61313966383666363261336363323934666161643638326634303534376237636533333666333438
+65373234653532303533383161313164366464386530613230373663336331303336373262636131
+61346364323730316564636462363333353336323065616130393238323737366234656135626338
+64326437383138393631613963396163646263353436393064313763373231383333346137336534
+66663365633333353431343934303830386363663939666139633030326433376333

hosts.yml

@@ -23,4 +23,20 @@ all:
         10.11.12.35:
     gitea_hosts:
       hosts:
-        10.11.12.35:
+        10.11.12.35:
+    chatpad_hosts:
+      hosts:
+        10.11.12.35:
+    stirling_pdf_hosts:
+      hosts:
+        10.11.12.35:
+    borgmatic_hosts:
+      hosts:
+        10.11.12.35:
+    paperless_hosts:
+      hosts:
+        10.11.12.35:
+    opensourcepos_hosts:
+      hosts:
+    wordpress_hosts:
+      hosts:

main.yml

@@ -20,6 +20,20 @@
     - borgbackup
   tags: borgbackup
 
+- name: Configure Borgmatic Backup
+  hosts: all
+  become: false
+  roles: 
+    - borgmatic
+  tags: borgmatic
+
+- name: Update the system
+  hosts: all
+  become: true
+  roles: 
+    - update_system
+  tags: update
+
 ####################################################  Service Roles ############################################################
 
 - name: Configure Nginx Proxy Manager
@@ -62,4 +76,39 @@
   become: true
   roles:
     - gitea
-  tags: gitea  
+  tags: gitea  
+
+- name: Configure Chatpad
+  hosts: chatpad_hosts
+  become: true
+  roles:
+    - chatpad
+  tags: chatpad  
+
+- name: Configure Stirling-PDF
+  hosts: stirling_pdf_hosts
+  become: true
+  roles:
+    - stirling_pdf
+  tags: stirling_pdf
+
+- name: Configure OpensourcePOS
+  hosts: opensourcepos_hosts
+  become: true
+  roles:
+    - opensourcepos
+  tags: opensourcepos
+
+- name: Configure Wordpress
+  hosts: wordpress_hosts
+  become: true
+  roles:
+    - wordpress
+  tags: wordpress
+
+- name: Configure Paperless
+  hosts: paperless_hosts
+  become: true
+  roles:
+    - paperless_ngx
+  tags: paperless

roles/audiobookshelf/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Audiobookshelf directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/audiobookshelf/{{ item }}
+    path: /home/{{ system_user_name }}/docker/audiobookshelf/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ audiobookshelf_folder }}'
@@ -22,9 +22,9 @@
       - '11002:80'
     env:
     volumes:
-      - /home/{{ user['name'] }}/docker/audiobookshelf/data/audiobooks:/audiobooks
+      - /home/{{ system_user_name }}/docker/audiobookshelf/data/audiobooks:/audiobooks
-      - /home/{{ user['name'] }}/docker/audiobookshelf/data/podcasts:/podcasts
+      - /home/{{ system_user_name }}/docker/audiobookshelf/data/podcasts:/podcasts
-      - /home/{{ user['name'] }}/docker/audiobookshelf/config:/config
+      - /home/{{ system_user_name }}/docker/audiobookshelf/config:/config
-      - /home/{{ user['name'] }}/docker/audiobookshelf/metadata:/metadata
+      - /home/{{ system_user_name }}/docker/audiobookshelf/metadata:/metadata
     networks:
       - name: proxy

roles/borgbackup/defaults/main.yml

@@ -0,0 +1,5 @@
+borgbackup_deps:
+  - borgbackup
+  - mailutils
+  - cifs-utils
+  - nfs-common

roles/borgbackup/tasks/main.yml

@@ -9,9 +9,9 @@
 - name: Copy smb credentials file
   ansible.builtin.template:
     src: "../templates/cifs.j2"
-    dest: "/home/{{ user['name'] }}/.cifs"
+    dest: "/home/{{ system_user_name }}/.cifs"
-    owner: "{{ user['name'] }}"
+    owner: "{{ system_user_name }}"
-    group: "{{ user['name'] }}"
+    group: "{{ system_user_name }}"
     mode: '0600'
   when: backup_via_samba == true
 
@@ -19,15 +19,15 @@
   ansible.builtin.template:
     src: "../templates/backup_to_smb.sh"
     dest: /usr/local/bin/
-    owner: "{{ user['name'] }}"
+    owner: "{{ system_user_name }}"
-    group: "{{ user['name'] }}"
+    group: "{{ system_user_name }}"
     mode: '0700'
   when: backup_via_samba == true
 
 - name: add cron backupjob for backups to samba server
   become: true
   ansible.builtin.cron:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     name: "borgbackup the docker dir to smb share"
     minute: "30"
     hour: "3"
@@ -40,8 +40,8 @@
   ansible.builtin.template:
     src: "../templates/backup_to_nfs.sh"
     dest: /usr/local/bin/
-    owner: "{{ user['name'] }}"
+    owner: "{{ system_user_name }}"
-    group: "{{ user['name'] }}"
+    group: "{{ system_user_name }}"
     mode: '0700'
   when: backup_via_nfs == true
 
@@ -49,10 +49,10 @@
 - name: add cron backupjob for backups to NFS server
   become: true
   ansible.builtin.cron:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     name: "borgbackup the docker dir to nfs share"
     minute: "30"
-    hour: "4"
+    hour: "2"
     job: "sudo /usr/local/bin/backup_to_nfs.sh > /dev/null 2>&1"
   notify: Restart cron
   when: backup_via_nfs == true

roles/borgbackup/templates/backup_to_nfs.sh

@@ -1,14 +1,14 @@
 #!/bin/bash
 
 # Variablen
-data_dir="/home/{{ user['name'] }}/docker"
+data_dir="/home/{{ system_user_name }}/docker"
 nfs_share="{{ nfs_share }}"
 backup_target_usage_threshold="{{nfs_threshold}}" # Prozentuale Schwellenwert für die Speicherauslastung
 mount_point="{{ mount_point }}"
 backup_repository="$mount_point/{{borg_repo}}"
 borg_password="{{borg_pass}}"
 email_recipient="{{admin_mail}}"
-sender_address="{{sender_adress}}"
+sender_address="{{sender_address}}"
 
 # Mounten des Backup-Ziels
 mount_successful=0
@@ -38,7 +38,7 @@ if [ "$mount_successful" -eq 1 ]; then
     fi
 
     # Backup mit BorgBackup erstellen
-    backup_result=$(borg create --progress --list --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
+    backup_result=$(borg create --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
     backup_status=$?
 
     # Alle gestoppten Container starten
@@ -47,7 +47,7 @@ if [ "$mount_successful" -eq 1 ]; then
     done
 
     # Backup-Integrität überprüfen
-    borg_check_result=$(borg check --repository-only "$backup_repository" 2>&1)
+    borg_check_result=$(borg check --repository-only --max-duration 7200 "$backup_repository" 2>&1)
 
     # Backup-Status und Speicherauslastung prüfen
     if [ "$backup_status" -eq 0 ]; then

roles/borgbackup/templates/backup_to_smb.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 
 # Variablen
-data_dir="/home/{{ user['name'] }}/docker"
+data_dir="/home/{{ system_user_name }}/docker"
 samba_share="{{ smb_share }}"
-samba_credentials="/home/{{ user['name'] }}/.cifs"
+samba_credentials="/home/{{ system_user_name }}/.cifs"
 backup_target_usage_threshold="{{smb_threshold}}" # Prozentuale Schwellenwert für die Speicherauslastung
 mount_point="{{ mount_point }}"
 backup_repository="$mount_point/{{borg_repo}}"
 borg_password="{{borg_pass}}"
 email_recipient="{{admin_mail}}"
-sender_address="{{sender_adress}}"
+sender_address="{{sender_address}}"
 
 # Mounten des Backup-Ziels
 mount_successful=0
@@ -39,7 +39,7 @@ if [ "$mount_successful" -eq 1 ]; then
     fi
 
     # Backup mit BorgBackup erstellen
-    backup_result=$(borg create --progress --list --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
+    backup_result=$(borg create --stats --compression lz4 "$backup_repository"::'{hostname}-{now:%Y-%m-%d_%H:%M:%S}' $data_dir 2>&1)
     backup_status=$?
 
     # Alle gestoppten Container starten
@@ -48,7 +48,7 @@ if [ "$mount_successful" -eq 1 ]; then
     done
 
     # Backup-Integrität überprüfen
-    borg_check_result=$(borg check --repository-only "$backup_repository" 2>&1)
+    borg_check_result=$(borg check --repository-only --max-duration 7200 "$backup_repository" 2>&1)
 
     # Backup-Status und Speicherauslastung prüfen
     if [ "$backup_status" -eq 0 ]; then

roles/borgbackup/vars/main.yml

@@ -1,24 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38313036656235383665646630346533333133313162366637326664306133383439663634386534
-6535663062616336366139323830393461353034333165610a623331333539623761343831333737
-39333661363932636337313734666439383039326133623037623261366162666335663735613138
-3266333365653030360a316636313133336365663430643464313530666564646164323166656535
-62343231326162313334383638386232366461353735613963333164623938643238303238393061
-35366561613863636164636363626536646364333464303137323132306339353061313966656239
-30646233383332373531633435613230326239326632313736626131383237373664356232303239
-30653236363966333962613534366164386538316535343564356234336632636235336231623535
-36643661363432666139383436336564386337333962653432393063666531336566646565356166
-35393031613234323961323764643733333962633834663066346166393066643434653937653864
-39346361323530313730323839383838646363376165333738636233376636373763343364623734
-34353530326461313537323430626164646164326166383330613435303362366230636566316330
-36613063646539333264303630643133656338616235393037626137353838613733666539303132
-36373634626438623137386234303234383261363438663132353334366634386561326436346239
-31316338386565623737616563636233306534653566613361633834363038663832633038643536
-30356234353665313161616639363639333237623862393330633365333466333337613435633861
-65306330333365373562313438333438333838393631643638393431656661343532303661343063
-38366566663164346635333136303864323863383864303166386662626264353138373236303030
-33626461333064613930356238666464336465366663663538313338636365316338313036633434
-39326266393238646332373738393064653766386134613230633633633162633034653463346139
-37643436643139336632656162353932373837383463643337663030356364313337666362646566
-64306531376538303834326565613463356361616461616531316537333966393934313838623138
-366464656361346630656232306561666564

roles/chatpad/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create Chatpad Container
+  community.docker.docker_container:
+    name: chatpad
+    image: 'ghcr.io/deiucanta/chatpad:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11005:80'
+    networks:
+      - name: proxy

roles/defaults/tasks/main.yml

@@ -6,15 +6,15 @@
     name:
       - sudo
 
-- name: Add user "{{ user['name'] }}"
+- name: Add user "{{ system_user_name }}"
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
+    name: "{{ system_user_name }}"
-    password: "{{ user['password'] }}"
+    password: "{{ system_user_password }}"
     shell: /bin/bash
 
-- name: Add user "{{ user['name'] }}" to sudo group
+- name: Add user "{{ system_user_name }}" and join sudo group
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
+    user: '{{ system_user_name }}'
     groups: sudo
     append: yes
 
@@ -29,4 +29,16 @@
   ansible.builtin.import_tasks: ssh-config.yml
 
 - name: Install & Configure unattended upgrades
-  ansible.builtin.import_tasks: unattended-upgrades.yml
+  ansible.builtin.import_tasks: unattended-upgrades.yml
+
+- name: Install Quemu Guest Agent if virtualization type is kvm
+  ansible.builtin.apt:
+    name: qemu-guest-agent
+    state: latest
+  when: ansible_virtualization_type == 'kvm'
+
+- name: Enable QEMU Guest Agent
+  ansible.builtin.systemd:
+    name: qemu-guest-agent
+    enabled: true
+  when: ansible_virtualization_type == 'kvm'

roles/defaults/tasks/postfix.yml

@@ -57,10 +57,17 @@
     state: "{{ postfix_service_state }}"
     enabled: "{{ postfix_service_enabled }}"
 
-- name: Update /etc/aliases | set email adress
+- name: Update /etc/aliases for root user | set email adress
   become: true
   ansible.builtin.lineinfile:
     path: /etc/aliases
     regexp: '^root:'
     line: 'root: {{ admin_mail }}'
+  notify: New aliases
+
+- name: Update /etc/aliases for {{system_user_name}} | set email adress
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/aliases
+    line: '{{ system_user_name }}: {{ admin_mail }}'
   notify: New aliases

roles/defaults/tasks/ssh-config.yml

@@ -1,7 +1,7 @@
 ---
 - name: Add Authorized Keys
   ansible.posix.authorized_key:
-    user: "{{ user['name'] }}"
+    user: "{{ system_user_name }}"
     state: present
     key: "{{ lookup('file', 'key.pub') }}"
 

roles/docker/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart cron
+  ansible.builtin.service:
+    name: cron
+    state: restarted

roles/docker/tasks/main.yml

@@ -36,9 +36,9 @@
     name: docker
     state: present
 
-- name: Add user to group docker | "{{ user['name'] }}"
+- name: Add user to group docker | "{{ system_user_name }}"
   ansible.builtin.user:
-    name: "{{ user['name'] }}"
+    name: "{{ system_user_name }}"
     groups:
       - docker
     append: true
@@ -57,6 +57,15 @@
 - name: Create docker dir if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/
+    path: /home/{{ system_user_name }}/docker/
     state: directory
-    mode: '0755'
+    mode: '0755'
+
+- name: Create cronjob to prune unused docker stuff
+  ansible.builtin.cron:
+    user: "{{ system_user_name }}"
+    name: "prune unused docker stuff every night at 00:15"
+    minute: "15"
+    hour: "00"
+    job: 'sudo docker system prune -af  --filter "until=$((30*24))h"'
+  notify: Restart cron

roles/gitea/defaults/main.yml

@@ -0,0 +1,3 @@
+gitea_folder:
+  - db
+  - data

roles/gitea/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create gitea directories they do not exist
   become: true
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/gitea/{{ item }}
+    path: /home/{{ system_user_name }}/docker/gitea/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ gitea_folder }}'
@@ -27,9 +27,11 @@
       MYSQL_PASSWORD: "{{ GITEA_DB_PASS | string }}"
       MYSQL_DATABASE: "{{ GITEA_DB_NAME | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/gitea/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/gitea/db:/var/lib/mysql
     networks:
       - name: gitea_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_GITEA_DB_PORT }}:{{GITEA_DB_PORT}}"
 
 - name: Create Gitea Container
   community.docker.docker_container:
@@ -42,6 +44,8 @@
       - '11004:3000'
       - '222:22'
     env:
+      USER_UID: "{{ system_user_uid }}"
+      USER_GID: "{{ system_user_gid }}"
       GITEA__database__DB_TYPE: "{{ GITEA_DB_TYPE | string}}"
       GITEA__database__HOST: "{{ GITEA_DB_HOST | string}}"
       GITEA__database__NAME: "{{ GITEA_DB_NAME | string }}"
@@ -49,7 +53,7 @@
       GITEA__database__PASSWD: "{{ GITEA_DB_PASS | string }}"
       LOCAL_ROOT_URL: "{{ GITEA_ROOT_URL | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/gitea/data:/data
+      - /home/{{ system_user_name }}/docker/gitea/data:/data
     networks:
       - name: gitea_internal
       - name: proxy

roles/gitea/vars/main.yml

@@ -1,19 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36333931323062653231636633643634626134623338623766643364613933613934353238356239
-6132353238613461643737346535653630313135663532650a313735356461303635313763633737
-64316565646632636234303333353238383638663932656334393133356130316264346465653831
-6335326462646335350a633363353262313130326637626262663631336536346430316132643564
-61663430346631613135616231336565313363393635613931653363633839613862623638626662
-66363238363666383062633334396366643964613936646538393635663564663136393439303364
-39386539663034636565633864623538613663363166623831303834646265323064383238356531
-62313161333665653433376365336263653765313164666664616162626438313964346435383961
-34343235346230633532336533383065653866623261303562656331616331346565653362666332
-35623661383665363632643362373537353637643465616233333439623138623966383866653363
-64633664353964653735373839326535363461616261616337666165343835393131323633373061
-32373932623665343030313331386436326332653231653931656164326266656364393133663838
-32343639333338646263396461373530386638363832326661663462373166656461613537613665
-36613336363362666335313031306363346139393366313136336230626330373234353964626531
-31353764386464623839653639613632653338313161363732616435343233643564386436633764
-32303934356664316564653462666464373737326630613065353533343139626338333665343765
-66643264303763376661613364343630326639383233343537393732633665316435386363373638
-3232666530636534356336613434313235633665613934646233

roles/nextcloud/defaults/main.yml

@@ -0,0 +1,4 @@
+nextcloud_folder:
+ - data
+ - db
+ - redis

roles/nextcloud/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Nextcloud directories if they do not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/nextcloud/{{ item }}
+    path: /home/{{ system_user_name }}/docker/nextcloud/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ nextcloud_folder }}'
@@ -27,9 +27,11 @@
       MYSQL_USER: "{{ NEXTCLOUD_MYSQL_USER | string }}"
       MYSQL_PASSWORD: "{{ NEXTCLOUD_MYSQL_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/nextcloud/db:/var/lib/mysql
     networks:
       - name: nextcloud_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_NEXTCLOUD_MYSQL_PORT }}:{{ NEXTCLOUD_MYSQL_PORT }}"
 
 - name: Create Nextcloud Redis Container
   community.docker.docker_container:
@@ -38,7 +40,7 @@
     state: started
     restart_policy: unless-stopped
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/redis:/var/lib/redis
+      - /home/{{ system_user_name }}/docker/nextcloud/redis:/var/lib/redis
     networks:
       - name: nextcloud_internal
 
@@ -60,7 +62,7 @@
       REDIS_HOST: nextcloud_redis
 
     volumes:
-      - /home/{{ user['name'] }}/docker/nextcloud/data:/var/www/html
+      - /home/{{ system_user_name }}/docker/nextcloud/data:/var/www/html
     networks:
       - name: nextcloud_internal
       - name: proxy

roles/nextcloud/vars/main.yml

@@ -1,20 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30616438376536663939373237376338616430333134346664313361333335623665373035363435
-3164643262636436646637393939363435643932633731650a643433643064393864336637633066
-61356166633534653035663833313133656131373762623333636134616439653962386638346533
-3037646130386130390a366136613636316135333136343334643765656136623465336533333633
-39366138656634353138303761336166653866373334383234643733633866656538376234386561
-37346666636537333966313235333239386132303637633262613965643932396165336264343164
-35393864613439623837393165316464306265663938313266343661636466666338353161323336
-30316565663034613731363061626136373565323639643162666236643734623463323132613734
-33343065616161343637656532646436613936326131303038643035663034316266313739333231
-34643637336334396338666531636562353338313934663630346335313361346439353635353462
-64393436646237393930616664343334363135373232616134646535303931393931643765383737
-65613535326665643934366363316339306564623138643734376632346337313733316336323461
-37303331316435666264383264313934333137663431313337306233613363343832313764316435
-38646433363963373236316162626431393838303065316134363233343839346236663538323233
-32636131643338343066656534373430396232616132346661303730383966316363633164303661
-34383431616464343464306631383931356430383039386331383566316238343731666438346237
-62393531363730653766373938333730636134303432396438623263323039303165366136396665
-65383062393364326533303766336362633662613539623830643064656166636330613466323064
-653261383037336130396430323934316363

roles/npm/defaults/main.yml

@@ -0,0 +1,4 @@
+npm_folder:
+ - data
+ - db
+ - letsencrypt

roles/npm/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create NPM directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/npm/{{ item }}
+    path: /home/{{ system_user_name }}/docker/npm/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ npm_folder }}'
@@ -27,9 +27,12 @@
       MYSQL_USER: "{{ NPM_MYSQL_USER | string }}"
       MYSQL_PASSWORD: "{{ NPM_MYSQL_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/npm/db:/var/lib/mysql
+      - /home/{{ system_user_name }}/docker/npm/db:/var/lib/mysql
     networks:
       - name: npm_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_NPM_MYSQL_PORT }}:{{ NPM_MYSQL_PORT }}"
+
 
 - name: Create NPM Container
   community.docker.docker_container:
@@ -49,8 +52,8 @@
       DB_MYSQL_PASSWORD: "{{ NPM_MYSQL_PASS | string }}"
       DB_MYSQL_NAME: "{{ NPM_MYSQL_DB | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/npm/data:/data
+      - /home/{{ system_user_name }}/docker/npm/data:/data
-      - /home/{{ user['name'] }}/docker/npm/letsencrypt:/etc/letsencrypt
+      - /home/{{ system_user_name }}/docker/npm/letsencrypt:/etc/letsencrypt
     networks:
       - name: npm_internal
       - name: proxy

roles/npm/vars/main.yml

@@ -1,17 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36353039646337626336396536613662656262616463663166396538343966393933363037363332
-3862643938623365386464613936336531663439356638610a313562366662303732316165383037
-62323830313737623064613337653066316139393233626234616238616531363766306239653432
-6431326162333964360a613362313033393863623939636138663936366464316262303536303066
-62316333303864656138633866653831616338303035396165323136396139366235653933633165
-31633763393731333762356364306635303935633231376637363032616636376533393065386263
-64363961623737326235333936643765643330623564383761613538313665363433393432373535
-32613733313932336431646466636135626535373633383038383933613538353635393463636335
-37366636643639643861303931363561663035353038353234393938393230306264643165363734
-33653138306663326134323238346333653066303065313930373063616532613633386339656236
-34656165326664323263303663623363323438353964616131373834646563623431333133643862
-32333333656466653162376465343432323661366462356436626138316335313035363236313662
-33383866303735376134663663666538653439653237336633366434643061353362363931393264
-64663863616232393738363835626463313236373064636466663561393663356231333930393663
-30363630343531666232633139316238323531633964393836633934303333623663356237393933
-61316637366165643330

roles/opensourcepos/defaults/main.yml

@@ -0,0 +1,4 @@
+opensourcepos_folder:
+  - uploads
+  - logs
+  - mysql

roles/opensourcepos/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Create opensourcepos directories they do not exist
+  become: False
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/opensourcepos/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ opensourcepos_folder }}'
+
+- name: Create docker network 'opensourcepos_internal'
+  community.docker.docker_network:
+    name: opensourcepos_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create SQLscript Container
+  community.docker.docker_container:
+    name: sqlscript
+    image: jekkos/opensourcepos:sqlscript
+    command: /bin/sh -c 'exit 0'
+
+- name: Create opensourcepos DB Container
+  community.docker.docker_container:
+    name: opensourcepos_db
+    image: 'mariadb:10.5'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      MYSQL_ROOT_PASSWORD: "{{ OPENSOURCEPOS_DB_ROOT_PASS | string }}"
+      MYSQL_USER: "{{ OPENSOURCEPOS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ OPENSOURCEPOS_DB_PASS | string }}"
+      MYSQL_DATABASE: "{{ OPENSOURCEPOS_DB_NAME | string }}"
+    volumes_from:
+      - sqlscript
+    volumes:
+      - /home/{{ system_user_name }}/docker/opensourcepos/mysql:/var/lib/mysql:rw
+    networks:
+      - name: opensourcepos_internal
+
+- name: Create opensourcepos Container
+  community.docker.docker_container:
+    name: opensourcepos_app
+    image: 'jekkos/opensourcepos:3.3.8'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11007:80'
+    env:
+      CI_ENV: "{{ OPENSOURCEPOS_CI_ENV | string}}"
+      FORCE_HTTPS: "{{ OPENSOURCEPOS_FORCE_HTTPS | string}}"
+      PHP_TIMEZONE: "{{ OPENSOURCEPOS_PHP_TIMEZONE | string }}"
+      MYSQL_USERNAME: "{{ OPENSOURCEPOS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ OPENSOURCEPOS_DB_PASS | string }}"
+      MYSQL_DB_NAME: "{{ OPENSOURCEPOS_DB_NAME | string }}"
+      MYSQL_HOST_NAME: "{{ OPENSOURCEPOS_DB_HOST | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/opensourcepos/uploads:/app/public/uploads
+      - /home/{{ system_user_name }}/docker/opensourcepos/logs:/app/application/logs
+    networks:
+      - name: opensourcepos_internal
+      - name: proxy

roles/paperless_ngx/defaults/main.yml

@@ -0,0 +1,7 @@
+paperless_folder:
+ - data
+ - db
+ - redisdata
+ - media
+ - ./export
+ - ./consume

roles/paperless_ngx/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+- name: Create Paperless directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/paperless/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ paperless_folder }}'
+
+- name: Create docker network 'paperless_internal'
+  community.docker.docker_network:
+    name: paperless_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create Paperless Postgres Container
+  community.docker.docker_container:
+    name: paperless_db
+    image: 'docker.io/library/postgres:16'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      POSTGRES_DB: "{{ PAPERLESS_POSTGRES_DB | string }}"
+      POSTGRES_USER: "{{ PAPERLESS_POSTGRES_USER | string }}"
+      POSTGRES_PASSWORD: "{{ PAPERLESS_POSTGRES_PASS | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/db:/var/lib/postgresql/data
+    networks:
+      - name: paperless_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_PAPERLESS_POSTGRES_PORT }}:{{ PAPERLESS_POSTGRES_PORT }}"
+
+- name: Create Paperless Redis Container
+  community.docker.docker_container:
+    name: paperless_redis
+    image: 'docker.io/library/redis:7'
+    state: started
+    restart_policy: unless-stopped
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/redisdata:/data
+    networks:
+      - name: paperless_internal
+
+- name: Create Paperless Container
+  community.docker.docker_container:
+    name: paperless_app
+    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11007:8000'
+    env:
+      PAPERLESS_URL: "{{ PAPERLESS_URL }}"
+      PAPERLESS_DBENGINE: postgresql
+      PAPERLESS_REDIS: redis://paperless_redis:6379
+      PAPERLESS_DBHOST: paperless_db
+      PAPERLESS_DBNAME: "{{ PAPERLESS_POSTGRES_DB | string }}"
+      PAPERLESS_DBUSER: "{{ PAPERLESS_POSTGRES_USER | string }}"
+      PAPERLESS_DBPASS: "{{ PAPERLESS_POSTGRES_PASS | string }}"
+
+    volumes:
+      - /home/{{ system_user_name }}/docker/paperless/data:/usr/src/paperless/data
+      - /home/{{ system_user_name }}/docker/paperless/media:/usr/src/paperless/media
+      - /home/{{ system_user_name }}/docker/paperless/./export:/usr/src/paperless/export
+      - /home/{{ system_user_name }}/docker/paperless/./consume:/usr/src/paperless/consume
+    networks:
+      - name: paperless_internal
+      - name: proxy

roles/semaphore/defaults/main.yml

@@ -0,0 +1,2 @@
+semaphore_folder:
+  - db

roles/semaphore/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: Create Semaphore directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/semaphore/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ semaphore_folder }}'
+
+- name: Create docker network 'semaphore'
+  community.docker.docker_network:
+    name: semaphore
+
+- name: Create mySQL Container
+  community.docker.docker_container:
+    name: semaphore_db
+    image: 'mysql:8.0'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '3006:30006'
+    env:
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_DATABASE: "{{ SEMAPHORE_DB_NAME }}"
+      MYSQL_USER: "{{ SEMAPHORE_DB_USER }}"
+      MYSQL_PASSWORD: "{{ SEMAPHORE_DB_PASSWORD }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/semaphore/db:/var/lib/mysql
+    networks:
+      - name: semaphore
+
+- name: Create Semaphore Container
+  community.docker.docker_container:
+    name: semaphore_app
+    image: 'semaphoreui/semaphore:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '3000:3000'
+    env:
+      SEMAPHORE_DB_USER: "{{ SEMAPHORE_DB_USER }}"
+      SEMAPHORE_DB_PASS: "{{ SEMAPHORE_DB_PASSWORD }}"
+      SEMAPHORE_DB_HOST: "semaphore_db"
+      SEMAPHORE_DB_PORT: "3306"
+      SEMAPHORE_DB_DIALECT: "mysql"
+      SEMAPHORE_DB: "{{ SEMAPHORE_DB_NAME }}"
+      SEMAPHORE_PLAYBOOK_PATH: "{{ SEMAPHORE_PLAYBOOK_DIR }}"
+      SEMAPHORE_ADMIN_PASSWORD: "{{ SEMAPHORE_ADMIN_PASSWORD }}"
+      SEMAPHORE_ADMIN_NAME: "{{ SEMAPHORE_ADMIN_USER }}"
+      SEMAPHORE_ADMIN_EMAIL: "{{ SEMAPHORE_ADMIN_MAIL }}"
+      SEMAPHORE_ADMIN: "{{ SEMAPHORE_ADMIN_USER }}"
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ SEMAPHORE_ACCESS_KEY }}"
+    networks:
+      - name: semaphore

roles/stirling_pdf/defaults/main.yml

@@ -0,0 +1,6 @@
+stirling_pdf_folder:
+  - config
+  - data
+
+stirling_pdf_locale: de_DE
+stirling_pdf_google_visibility: False

roles/stirling_pdf/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Create Stirling-PDF directories if they do not exist
+  become: false
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/stirling_pdf/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ stirling_pdf_folder }}'
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create Stirling-PDF Container
+  community.docker.docker_container:
+    name: stirling-pdf
+    image: 'frooodle/s-pdf:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11006:8080'
+    env:
+      APP_LOCALE: "{{ stirling_pdf_locale }}"
+      APP_HOME_NAME: "{{ stirling_pdf_name }}"
+      APP_HOME_DESCRIPTION: "{{ stirling_pdf_description }}"
+      APP_NAVBAR_NAME: "{{ stirling_pdf_name }}"
+      APP_ROOT_PATH: /
+      ALLOW_GOOGLE_VISIBILITY: "{{ stirling_pdf_google_visibility | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/stirling_pdf/config:/configs
+    networks:
+      - name: proxy

roles/update_system/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: Update apt cache and packages
+  ansible.builtin.apt:
+    update_cache: true
+    name: "*"
+    state: latest
+  register: updates_applied
+
+- debug: var=updates_applied
+
+- name: reboot the system
+  ansible.builtin.reboot:
+    reboot_timeout: 3600
+  when: updates_applied.changed == true
+
+- name: Autoremove no longer needed packages
+  ansible.builtin.apt:
+    autoremove: true
+
+- name: Create custom fact directorie
+  ansible.builtin.file:
+    state: directory
+    recurse: true
+    path: /etc/ansible/facts.d
+
+- name: set last_update local fact
+  ansible.builtin.template:
+    src: last_update.j2
+    dest: /etc/ansible/facts.d/last_update.fact
+  when: updates_applied.changed == true

roles/update_system/templates/last_update.j2

@@ -0,0 +1,3 @@
+{
+ "date": "{{ ansible_date_time.date }}"
+}

roles/vaultwarden/defaults/main.yml

@@ -0,0 +1,5 @@
+vaultwarden_folder:
+  - data
+
+VW_DISABLE_ADMIN_TOKEN: true
+VW_SIGNUPS_ALLOWED: false

roles/vaultwarden/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Vaultwarden directories if it does not exist
   become: false
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/vaultwarden/{{ item }}
+    path: /home/{{ system_user_name }}/docker/vaultwarden/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ vaultwarden_folder }}'
@@ -25,6 +25,6 @@
       SIGNUPS_ALLOWED: "{{ VW_SIGNUPS_ALLOWED | string }}"
 #      ADMIN_TOKEN=${ADMIN_TOKEN}: "{{ VW_ADMIN_TOKEN | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/vaultwarden/data:/data
+      - /home/{{ system_user_name }}/docker/vaultwarden/data:/data
     networks:
       - name: proxy

roles/vaultwarden/vars/main.yml

@@ -1,11 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65343463373064666531313437363764613839363861643030353164323031343431613961646463
-3966626432646464633132643638323031363262633534620a616462363832383865386430666564
-66363062303534636463643065613461383833646130306430393335353864393631386133616238
-3338373330386364630a643362376266346639323663363363356332323239353764643033376438
-30363830633036366261313862613865653139643762626362313466353864616536383236346338
-33323433643766646133376464386263306432363332626261366365306439346536396365303835
-64626231666435666539613131323430303465613534383730663738663361346635393934396332
-62613162386438333238363461396532386536666636376431346436306566326163313961306130
-38316563643763643138303464353961366466653735343162343636653831653438333631366339
-3665646432613463653331653736633533613135623561666161

roles/wiki_js/defaults/main.yml

@@ -0,0 +1,2 @@
+wiki_js_folder:
+ - db

roles/wiki_js/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create Wiki_JS directories they do not exist
   become: true
   ansible.builtin.file:
-    path: /home/{{ user['name'] }}/docker/wiki_js/{{ item }}
+    path: /home/{{ system_user_name }}/docker/wiki_js/{{ item }}
     state: directory
     mode: '0755'
   loop: '{{ wiki_js_folder }}'
@@ -26,9 +26,11 @@
       POSTGRES_USER: "{{ WIKI_JS_POSTGRES_USER | string }}"
       POSTGRES_PASSWORD: "{{ WIKI_JS_POSTGRES_PASS | string }}"
     volumes:
-      - /home/{{ user['name'] }}/docker/wiki_js/db:/var/lib/postgresql/data
+      - /home/{{ system_user_name }}/docker/wiki_js/db:/var/lib/postgresql/data
     networks:
       - name: wiki_js_internal
+    ports:
+      - "{{ BORGMATIC_BACKUP_HOST }}:{{ BORGMATIC_WIKI_JS_DB_PORT }}:{{ WIKI_JS_DB_PORT }}"
 
 - name: Create Wiki_JS Container
   community.docker.docker_container:

roles/wiki_js/vars/main.yml

@@ -1,16 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39636631353266633536373038636535366166653634353731646630343239313034616361633731
-3665653931646564356630643264666166666439633664610a303530656161313333636266613034
-62353831353634653238343261366162393230613632376566333232616162396231633038653364
-3836633962633836660a376633313439353330636664353034646235316563383463656339363630
-32383535353866306262393337643365366536313739396334633263376362333565613635393039
-35623337363535333736626366366530613034383663383961613066643463333535323331333334
-39363637353530363530653539336539656134633730663866633931653962643330363636646538
-31353433353032383736326331373236616166336363333230646136666236363961376164343765
-39343665333466363465326431616233666162663662326665386261613365303333663838383032
-38366664623861616463356230663535653236343235656566613733393237353433616137643063
-64663563353463643736613363643538613864353930643033313433633833626632346433373139
-35613338373637333931333261323634333765393037313866663534626266356264363466326436
-61333733333433623462643537373965616637636131323465353066393835356362393039663265
-32653436666565333163306333383237343432613638646336353736613262613133393566313766
-356437646238643137623836656635623538

roles/wordpress/defaults/main.yml

@@ -0,0 +1,3 @@
+wordpress_folder:
+  - data
+  - mysql

roles/wordpress/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+- name: Create wordpress directories they do not exist
+  become: False
+  ansible.builtin.file:
+    path: /home/{{ system_user_name }}/docker/wordpress/{{ item }}
+    state: directory
+    mode: '0755'
+  loop: '{{ wordpress_folder }}'
+
+- name: Create docker network 'wordpress_internal'
+  community.docker.docker_network:
+    name: wordpress_internal
+
+- name: Create docker network 'proxy'
+  community.docker.docker_network:
+    name: proxy
+
+- name: Create wordpress DB Container
+  community.docker.docker_container:
+    name: wordpress_db
+    image: 'mariadb:10.5'
+    state: started
+    restart_policy: unless-stopped
+    env:
+      MYSQL_ROOT_PASSWORD: "{{ WORDPRESS_DB_ROOT_PASS | string }}"
+      MYSQL_USER: "{{ WORDPRESS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ WORDPRESS_DB_PASS | string }}"
+      MYSQL_DATABASE: "{{ WORDPRESS_DB_NAME | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/wordpress/mysql:/var/lib/mysql:rw
+    networks:
+      - name: wordpress_internal
+
+- name: Create wordpress Container
+  community.docker.docker_container:
+    name: wordpress_app
+    image: 'wordpress:latest'
+    pull: yes
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - '11008:80'
+    env:
+      MYSQL_USERNAME: "{{ WORDPRESS_DB_USER | string }}"
+      MYSQL_PASSWORD: "{{ WORDPRESS_DB_PASS | string }}"
+      MYSQL_DB_NAME: "{{ WORDPRESS_DB_NAME | string }}"
+      MYSQL_HOST_NAME: "{{ WORDPRESS_DB_HOST | string }}"
+    volumes:
+      - /home/{{ system_user_name }}/docker/wordpress/data:/var/www/html
+    networks:
+      - name: wordpress_internal
+      - name: proxy
+
+- name: Copy Wordpress Config Template
+  ansible.builtin.template:
+    src: wp-config.php.j2
+    dest: /home/{{ system_user_name }}/docker/wordpress/data/wp-config.php
+  
+- name: Restart Wordpress Container
+  community.docker.docker_container:
+    name: wordpress_app
+    state: started
+    restart: True

roles/wordpress/templates/wp-config.php.j2

@@ -0,0 +1,110 @@
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the installation.
+ * You don't have to use the web site, you can copy this file to "wp-config.php"
+ * and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * Database settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * @link https://wordpress.org/documentation/article/editing-wp-config-php/
+ *
+ * @package WordPress
+ */
+
+// ** Database settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', '{{ WORDPRESS_DB_NAME }}' );
+
+/** Database username */
+define( 'DB_USER', '{{ WORDPRESS_DB_USER }}' );
+
+/** Database password */
+define( 'DB_PASSWORD', '{{ WORDPRESS_DB_PASS }}' );
+
+/** Database hostname */
+define( 'DB_HOST', 'wordpress_db' );
+
+/** Database charset to use in creating database tables. */
+define( 'DB_CHARSET', 'utf8mb4' );
+
+/** The database collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', '' );
+
+define('.COOKIE_DOMAIN.', '{{ WORDPRESS_SITEURL }}');
+define('.SITECOOKIEPATH.', '.');
+
+if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        $list = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);
+        $_SERVER['REMOTE_ADDR'] = $list[0];
+  }
+define( 'WP_HOME', 'https://{{ WORDPRESS_SITEURL }}' );
+define( 'WP_SITEURL', 'https://{{ WORDPRESS_SITEURL }}' );
+$_SERVER['HTTP_HOST'] = '{{ WORDPRESS_SITEURL }}';
+$_SERVER['REMOTE_ADDR'] = 'https://{{ WORDPRESS_SITEURL }}';
+$_SERVER[ 'SERVER_ADDR' ] = '{{ WORDPRESS_SITEURL }}';
+
+if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+       $_SERVER['HTTPS']='on';
+
+/**#@+
+ * Authentication unique keys and salts.
+ *
+ * Change these to different unique phrases! You can generate these using
+ * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
+ *
+ * You can change these at any point in time to invalidate all existing cookies.
+ * This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define( 'AUTH_KEY',         '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'SECURE_AUTH_KEY',  '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'LOGGED_IN_KEY',    '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'NONCE_KEY',        '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'AUTH_SALT',        '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'SECURE_AUTH_SALT', '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'LOGGED_IN_SALT',   '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+define( 'NONCE_SALT',       '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}' );
+
+/**#@-*/
+
+/**
+ * WordPress database table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix = 'wp_';
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the documentation.
+ *
+ * @link https://wordpress.org/documentation/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', false );
+
+/* Add any custom values between this line and the "stop editing" line. */
+
+/* That's all, stop editing! Happy publishing. */
+
+/** Absolute path to the WordPress directory. */
+if ( ! defined( 'ABSPATH' ) ) {
+        define( 'ABSPATH', __DIR__ . '/' );
+}
+
+/** Sets up WordPress vars and included files. */
+require_once ABSPATH . 'wp-settings.php';