chore: add new boilerplate role for homarr

2026-01-15 16:31:27 +01:00
10 changed files with 11 additions and 77 deletions
--- a/roles/garage/tasks/provision.yml
+++ b/roles/garage/tasks/provision.yml
@ -75,7 +75,7 @@
 - name: Get detailed key information for all keys
  community.docker.docker_container_exec:
    container: "{{ garage_service_name }}"
-    command: /garage key info {{ item.name }} --show-secret
+    command: /garage key info {{ item.name }}
  loop: "{{ garage_s3_keys }}"
  register: _key_details_results
  when: garage_s3_keys | length > 0
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -13,7 +13,6 @@ nextcloud_domain: "nextcloud.local.test"
 nextcloud_image: "nextcloud:fpm"
 nextcloud_redis_image: "redis:latest"
 nextcloud_port: 80
-nextcloud_extra_hosts: []

 nextcloud_postgres_image: "postgres:15"
 nextcloud_postgres_db: nextcloud
@ -46,13 +45,4 @@ nextcloud_admin_password: admin
 nextcloud_memory_limit_mb: 1024
 nextcloud_upload_limit_mb: 2048

-nextcloud_scale_factor: 2
-
-# Non-default apps to install and enable
-nextcloud_apps_to_install:
-  - groupfolders
-  - richdocuments
-  - spreed
-  - user_ldap
-  - user_oidc
-  - whiteboard
+nextcloud_scale_factor: 2
--- a/roles/nextcloud/tasks/plugins.yml
+++ b/roles/nextcloud/tasks/plugins.yml
@ -1,25 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for installing Nextcloud plugins/apps
-
- name: Install Nextcloud apps
-  ansible.builtin.shell:
-    cmd: docker compose exec -T nextcloud php /var/www/html/occ app:install {{ item }}
-    chdir: "{{ nextcloud_docker_compose_dir }}"
-  loop: "{{ nextcloud_apps_to_install }}"
-  register: app_install_result
-  changed_when: "'installed' in app_install_result.stdout"
-  failed_when:
-    - app_install_result.rc != 0
-    - "'already installed' not in app_install_result.stdout"
-
- name: Enable Nextcloud apps
-  ansible.builtin.shell:
-    cmd: docker compose exec -T nextcloud php /var/www/html/occ app:enable {{ item }}
-    chdir: "{{ nextcloud_docker_compose_dir }}"
-  loop: "{{ nextcloud_apps_to_install }}"
-  register: app_enable_result
-  changed_when: "'enabled' in app_enable_result.stdout"
-  failed_when:
-    - app_enable_result.rc != 0
-    - "'already enabled' not in app_enable_result.stdout"
--- a/roles/nextcloud/templates/docker-compose.yml.j2
+++ b/roles/nextcloud/templates/docker-compose.yml.j2
@ -102,12 +102,6 @@ services:
      - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
    networks:
      - {{ nextcloud_backend_network }}
-{% if nextcloud_extra_hosts is defined and nextcloud_extra_hosts | length > 0 %}
-    extra_hosts:
-{% for host in nextcloud_extra_hosts %}
-      - "{{ host }}"
-{% endfor %}
-{% endif %}

 {% if nextcloud_enable_collabora %}
  collabora:
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@ -41,7 +41,6 @@ selfsigned_common_name: "*.local.test"

 # Dashboard
 enable_dashboard: false
-dashboard_domain: ""  # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080

 # Access log configuration
 enable_access_logs: true
--- a/roles/traefik/meta/main.yml
+++ b/roles/traefik/meta/main.yml
@ -30,4 +30,5 @@ galaxy_info:
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.

-dependencies: []
+dependencies:
+  - digitalboard.core.base
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@ -37,6 +37,7 @@
    path: "{{ docker_volume_dir }}/config"
    state: directory
    mode: '0755'
+  when: traefik_mode == 'dmz'

 - name: Create letsencrypt directory
  file:
@ -65,21 +66,6 @@
  notify: restart traefik
  when: traefik_mode == 'dmz'

- name: Generate dashboard routing configuration
-  template:
-    src: dashboard.yml.j2
-    dest: "{{ docker_volume_dir }}/config/dashboard.yml"
-    mode: '0644'
-  notify: restart traefik
-  when: enable_dashboard | bool and dashboard_domain | length > 0
-
- name: Remove dashboard routing configuration when not needed
-  file:
-    path: "{{ docker_volume_dir }}/config/dashboard.yml"
-    state: absent
-  notify: restart traefik
-  when: not (enable_dashboard | bool) or dashboard_domain | length == 0
-
 - name: Create docker-compose file for traefik
  template:
    src: docker-compose.yml.j2
--- a/roles/traefik/templates/dashboard.yml.j2
+++ b/roles/traefik/templates/dashboard.yml.j2
@ -1,16 +0,0 @@
-{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %}
-http:
-  routers:
-    dashboard:
-      rule: "Host(`{{ dashboard_domain }}`)"
-      service: api@internal
-      entryPoints:
-        - {{ 'websecure' if dashboard_ssl else 'web' }}
-{% if dashboard_ssl %}
-      tls:
-{% if cert_mode == 'acme' %}
-        certResolver: {{ ssl_cert_resolver }}
-{% else %}
-        {}
-{% endif %}
-{% endif %}
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@ -16,15 +16,17 @@ services:
    ports:
      - "80:80"
      - "443:443"
-{% if enable_dashboard and not dashboard_domain %}
+{% if enable_dashboard %}
      - "8080:8080"
 {% endif %}
    volumes:
      - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
-      - {{ docker_volume_dir }}/config:/config:ro
 {% if cert_mode == 'acme' %}
      - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
 {% endif %}
+{% if traefik_mode == 'dmz' %}
+      - {{ docker_volume_dir }}/config:/config:ro
+{% endif %}
 {% if traefik_mode == 'backend' %}
      - /var/run/docker.sock:/var/run/docker.sock:ro
 {% endif %}
--- a/roles/traefik/templates/traefik.yml.j2
+++ b/roles/traefik/templates/traefik.yml.j2
@ -4,10 +4,8 @@ log:
 {% if enable_dashboard %}
 api:
  dashboard: true
-{% if not dashboard_domain %}
  insecure: true
 {% endif %}
-{% endif %}

 {% if enable_access_logs %}
 accessLog:
@ -28,9 +26,11 @@ entryPoints:
    address: ":443"

 providers:
+{% if traefik_mode == 'dmz' %}
  file:
    directory: /config
    watch: true
+{% endif %}
 {% if traefik_mode == 'backend' %}
  docker:
    endpoint: "unix:///var/run/docker.sock"