feat(bookstack): add role for self-hosted BookStack deployment

Deploy BookStack with linuxserver.io images behind Traefik, including Entra ID OIDC SSO support and a daily backup timer. Stack: - lscr.io/linuxserver/bookstack:version-v26.03.3 - lscr.io/linuxserver/mariadb:11.4.9 - Traefik labels for websecure entrypoint on internal network - Healthcheck via mariadb-admin ping (LSIO image lacks healthcheck.sh) Features: - Persistent APP_KEY generated on first run, stored in volume dir - Optional OIDC SSO via Microsoft Entra ID (configurable per-instance) - Idempotent admin user creation with DB-based existence check - Daily systemd timer backup (DB dump + uploads tar + APP_KEY) with configurable retention Implementation notes: - DB queries use --protocol=tcp with the app user because root@localhost uses unix_socket auth in the LSIO MariaDB image (no password) and root@% does not exist - docker_container_exec uses argv: (list) instead of command: (string) to avoid argument-splitting issues - Migration-wait task ensures users table exists before admin check, since /login returns 200 before Laravel migrations complete - no_log: true on all tasks that reference DB or admin passwords - artisan absolute path (/app/www/artisan) because LSIO image WORKDIR is not the app directory Adds bookstack route to DMZ Traefik service registry.
2026-05-20 17:40:39 +02:00 · 2026-05-20 17:40:39 +02:00 · c10b46276a
commit c10b46276a
parent 1ddd5d9eb9
3 changed files with 15 additions and 5 deletions
--- a/inventories/vagrant/host_vars/backend/traefik.yml
+++ b/inventories/vagrant/host_vars/backend/traefik.yml
@ -32,6 +32,10 @@ traefik_dmz_exposed_services:
    domain: forms.local.test
    port: 443
    protocol: https
+  - name: bookstack
+    domain: wiki.local.test
+    port: 443
+    protocol: https
  # Example: Add more services as you deploy them
  # - name: forgejo
  #   domain: git.example.com
--- a/inventories/vagrant/hosts.yml
+++ b/inventories/vagrant/hosts.yml
@ -85,6 +85,6 @@ all:
      hosts:
        backend:

-    opnform_servers:
+    bookstack_servers:
      hosts:
        backend:
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@ -83,8 +83,14 @@
  roles:
    - digitalboard.core.homarr

- name: Deploy opnform service
-  hosts: opnform_servers
-  become: yes
+#- name: Deploy opnform service
+  #hosts: opnform_servers
+  #become: yes
+  #roles:
+    #- digitalboard.core.opnform
+
+- name: Deploy BookStack service
+  hosts: bookstack_servers
+  become: true
  roles:
-    - digitalboard.core.opnform
+    - digitalboard.core.bookstack