Tobias Wüst
951b1822fe
Deploy BookStack with linuxserver.io images behind Traefik, including Entra ID OIDC SSO support and a daily backup timer. Stack: - lscr.io/linuxserver/bookstack:version-v26.03.3 - lscr.io/linuxserver/mariadb:11.4.9 - Traefik labels for websecure entrypoint on internal network - Healthcheck via mariadb-admin ping (LSIO image lacks healthcheck.sh) Features: - Persistent APP_KEY generated on first run, stored in volume dir - Optional OIDC SSO via Microsoft Entra ID (configurable per-instance) - Idempotent admin user creation with DB-based existence check - Daily systemd timer backup (DB dump + uploads tar + APP_KEY) with configurable retention Implementation notes: - DB queries use --protocol=tcp with the app user because root@localhost uses unix_socket auth in the LSIO MariaDB image (no password) and root@% does not exist - docker_container_exec uses argv: (list) instead of command: (string) to avoid argument-splitting issues - Migration-wait task ensures users table exists before admin check, since /login returns 200 before Laravel migrations complete - no_log: true on all tasks that reference DB or admin passwords - artisan absolute path (/app/www/artisan) because LSIO image WORKDIR is not the app directory Adds bookstack route to DMZ Traefik service registry.
25 lines
442 B
YAML
25 lines
442 B
YAML
galaxy_info:
|
|
author: digitalboard
|
|
description: Deploy BookStack as a self-contained Docker Compose stack behind Traefik
|
|
company: digitalboard
|
|
license: MIT
|
|
|
|
min_ansible_version: "2.14"
|
|
|
|
platforms:
|
|
- name: Debian
|
|
versions:
|
|
- bookworm
|
|
- name: Ubuntu
|
|
versions:
|
|
- jammy
|
|
- noble
|
|
|
|
galaxy_tags:
|
|
- docker
|
|
- bookstack
|
|
- wiki
|
|
- documentation
|
|
- digitalboard
|
|
|
|
dependencies: []
|