History

Simon Bärlocher 3236ca332f docs(collection): document all roles and fix metadata drift Replace ansible-galaxy init placeholders across the collection and correct documentation that drifted from the code, after a multi-agent review of every role README against its defaults, tasks and templates. Collection level: - README: role table for all 16 roles, requirements and role-ordering - galaxy.yml: declare community.docker and community.general deps, real description/tags/urls; normalize license to MIT-0 - meta/runtime.yml: requires_ansible '>=2.15.0' - plugins/README: document the homarr_layout filter and garage_credentials lookup instead of scaffold boilerplate Per-role meta/main.yml and README for the placeholder roles (389ds, authentik, authentik_outpost_ldap, base, collabora, drawio, garage, homarr, httpbin, keycloak, nextcloud, opencloud, traefik). Correctness fixes found during review: - keycloak: wrong domain default, drop invented keycloak_cert_resolver, document the provisioning feature - garage: root_domain is .s3.<first-entry>, not the bare domain - opnform: jwt/front_api secrets use `openssl rand -hex 32`; align the validation fail_msg in tasks/main.yml accordingly - send: S3 example references garage_s3_domains[0] (was singular) - opencloud: document required opencloud_wopi_domain License normalized to MIT-0 across galaxy.yml, role meta and READMEs to match the SPDX headers.		2026-05-27 23:12:24 +02:00
..
defaults	feat(send): add role for self-hosted Send file-share service	2026-05-26 15:38:34 +02:00
handlers	feat(send): add role for self-hosted Send file-share service	2026-05-26 15:38:34 +02:00
meta	docs(collection): document all roles and fix metadata drift	2026-05-27 23:12:24 +02:00
tasks	fix(send): assert S3 credentials when storage backend is s3	2026-05-26 15:40:21 +02:00
templates	feat(services): multi-domain routing, split-horizon and OIDC hardening	2026-05-27 23:12:24 +02:00
vars	feat(send): add role for self-hosted Send file-share service	2026-05-26 15:38:34 +02:00
README.md	docs(collection): document all roles and fix metadata drift	2026-05-27 23:12:24 +02:00

README.md

Send

Deploys a self-hosted Send instance (timvisee fork of the discontinued Mozilla Send) with a Redis backend behind Traefik, using Docker Compose.

Requirements

Docker + docker compose plugin on the target host
Traefik (role digitalboard.core.traefik) reachable via an external Docker network named proxy (default)
DNS for each entry in send_domains pointing at the reverse proxy
Optional: a Garage S3 bucket if send_storage_backend: s3

Role Variables

Important defaults (see defaults/main.yml for the full list):

Variable	Default	Description
`send_domains`	`["send.local.test"]`	FQDNs the router accepts; first entry is the canonical BASE_URL
`send_image`	`registry.gitlab.com/timvisee/send:latest`	Send container image
`send_max_file_size`	`1073741824`	Max upload size in bytes (1 GiB)
`send_max_expire_seconds`	`604800`	Max share lifetime (7 d)
`send_storage_backend`	`local`	`local` (volume) or `s3`
`send_s3_*`	`""`	S3 endpoint/bucket/key/secret (when backend is `s3`)
`send_use_ssl`	`true`	Issue Traefik labels for the `websecure` entrypoint

Dependencies

None.

Example Playbook

- hosts: send_servers
  become: true
  roles:
    - digitalboard.core.send

With S3 (Garage) backend:

send_storage_backend: s3
send_s3_endpoint: "http://{{ hostvars['backend']['garage_s3_domains'][0] }}"
send_s3_bucket: "send"
send_s3_access_key: "{{ lookup('digitalboard.core.garage_credentials', 'send', host='backend')['key_id'] }}"
send_s3_secret_key: "{{ lookup('digitalboard.core.garage_credentials', 'send', host='backend')['secret_key'] }}"

When send_storage_backend: s3, the role asserts that send_s3_endpoint, send_s3_bucket, send_s3_access_key and send_s3_secret_key are all set, and fails early otherwise.

License

MIT-0