From c10b46276a69a29dbf4dfec793d401ac621e1b98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20W=C3=BCst?= Date: Wed, 20 May 2026 17:40:39 +0200 Subject: [PATCH] feat(bookstack): add role for self-hosted BookStack deployment Deploy BookStack with linuxserver.io images behind Traefik, including Entra ID OIDC SSO support and a daily backup timer. Stack: - lscr.io/linuxserver/bookstack:version-v26.03.3 - lscr.io/linuxserver/mariadb:11.4.9 - Traefik labels for websecure entrypoint on internal network - Healthcheck via mariadb-admin ping (LSIO image lacks healthcheck.sh) Features: - Persistent APP_KEY generated on first run, stored in volume dir - Optional OIDC SSO via Microsoft Entra ID (configurable per-instance) - Idempotent admin user creation with DB-based existence check - Daily systemd timer backup (DB dump + uploads tar + APP_KEY) with configurable retention Implementation notes: - DB queries use --protocol=tcp with the app user because root@localhost uses unix_socket auth in the LSIO MariaDB image (no password) and root@% does not exist - docker_container_exec uses argv: (list) instead of command: (string) to avoid argument-splitting issues - Migration-wait task ensures users table exists before admin check, since /login returns 200 before Laravel migrations complete - no_log: true on all tasks that reference DB or admin passwords - artisan absolute path (/app/www/artisan) because LSIO image WORKDIR is not the app directory Adds bookstack route to DMZ Traefik service registry. --- inventories/vagrant/host_vars/backend/traefik.yml | 4 ++++ inventories/vagrant/hosts.yml | 2 +- playbooks/site.yml | 14 ++++++++++---- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/inventories/vagrant/host_vars/backend/traefik.yml b/inventories/vagrant/host_vars/backend/traefik.yml index 4e1bedd..95459b5 100644 --- a/inventories/vagrant/host_vars/backend/traefik.yml +++ b/inventories/vagrant/host_vars/backend/traefik.yml @@ -32,6 +32,10 @@ traefik_dmz_exposed_services: domain: forms.local.test port: 443 protocol: https + - name: bookstack + domain: wiki.local.test + port: 443 + protocol: https # Example: Add more services as you deploy them # - name: forgejo # domain: git.example.com diff --git a/inventories/vagrant/hosts.yml b/inventories/vagrant/hosts.yml index 3aef682..30d2fd9 100644 --- a/inventories/vagrant/hosts.yml +++ b/inventories/vagrant/hosts.yml @@ -85,6 +85,6 @@ all: hosts: backend: - opnform_servers: + bookstack_servers: hosts: backend: \ No newline at end of file diff --git a/playbooks/site.yml b/playbooks/site.yml index d46b5b7..ae7f196 100644 --- a/playbooks/site.yml +++ b/playbooks/site.yml @@ -83,8 +83,14 @@ roles: - digitalboard.core.homarr -- name: Deploy opnform service - hosts: opnform_servers - become: yes +#- name: Deploy opnform service + #hosts: opnform_servers + #become: yes + #roles: + #- digitalboard.core.opnform + +- name: Deploy BookStack service + hosts: bookstack_servers + become: true roles: - - digitalboard.core.opnform + - digitalboard.core.bookstack