Compare commits

..

1 Commits

Author SHA1 Message Date
Jef Roosens f281c3d341
atuin-server: add config 2024-08-08 17:06:51 +02:00
38 changed files with 30 additions and 699 deletions

View File

@ -22,8 +22,3 @@ woodpecker_secret: "{{ vault_woodpecker_secret }}"
restic_version: '0.16.2' restic_version: '0.16.2'
ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}" ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}"
gitea_lfs_jwt_secret: "{{ vault_gitea_lfs_jwt_secret }}"
gitea_secret_key: "{{ vault_gitea_secret_key }}"
gitea_internal_token: "{{ vault_gitea_internal_token }}"
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"

View File

@ -1,32 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62316366343931626135336332623963643864616164386132363565303565303165326238303132 35353730613932643733343565323332383038383461626535616166616338653066306533366164
3266623662613739333637393937373137313161306136310a613335346362346333323461336130 6261353438653937326264623632363336633039383361620a333239333937663561613162376161
61386264346464376539303733393961306664376663613034316337313963343761636634636131 30393966656236656634633035643336626538373733643863613864373439363564376563613361
3231633934646130630a303038383563346539383561386362613935376634306561643964626334 3666616235623631370a373439393839313336323466306461373534626661616231333436326663
35333166623531383236623535636362323039613136346534343232306163393436366135373634 37616638353830323865356236363937313033643563646466366432623762393539386334623938
31303338303939613433326633373838353431653231646430333333323665643130306436663539 63303331363165313437383061353037313536333132393439653538316264376362336466313231
35393266346232366161653332303264623733343262636363613630323366376130646264333739 66313530313937373232613534343065626534666136326233626137353631386161653133643933
34396139303130613631646535363831623463333565396134376234356132336236373366313830 37356237643362643161383131623035373037653139643331663435623162323566643635353731
61386661303966313862653732653338386466643838636263393766366139373237316165643764 62663165383465656432613339353466313437323365393766313865323565623138363537356561
66336465613838316465316166653064343066623339616530303038356238303832373135663665 31623565353362356464376637386633373133333365336662346331633236383934623638366662
35383938333362643038326635316538666536613137663633363434336138306135316665353734 31326264306434633532373131303839613735343364613232306164316661313933636235633161
63633439366664613633353465643466663564663832396435663931643538636238643233373039 37346630333565313636333435323635663962376636366437383938663763366433366230376636
35623438333139353632383263343538626561343035613239366266623033636335633536643431 3431
30663139353634663662373062363937393838393266343264386134306333326164656334316364
39343662313464383362646237383337393664623632653235623165666636363635383636363430
35306365383536356265363733396165303765316638366331376230306630393735393334653362
65313332646434323831313764306230616236383963376634623437346635653937623830653064
62396162396165643563373239373264396137666334646238616262663464623363373565626539
64373936346166356134306431616638346633376366336136383939666665373565383633336431
33346431353639643063616630313630653038616430316366323137303034336539643161383734
35346430643433653866663636333639343364363831343531363937313330343865323535353533
32666566343736653135363966643665396234636437316438636530366231653963356237613065
30623338323733666365613631666361306666613364393261623732623963613731613933383138
65656565396435643833613764346139343365663766623535626166346330633938626135326230
63356535633834633763363666333662646633366537623732623835653332316239646135373933
30333339396237386538343434653764613036396463333263333061316136323336356663666664
36363235643334363666336364333336366439646537306235333532343832653531356430353730
34303830343734653631313936383962343131643965303464343031633030613635356231633566
63366531663361386461333532383638636662633261343365633361346535366132303339346664
33626638643233333766356534393039393962343630303137653733393532633264616664363235
343465376233356362383334663334633033

View File

@ -21,23 +21,8 @@
[ntfyserver] [ntfyserver]
192.168.0.3 static_ip=192.168.0.3 192.168.0.3 static_ip=192.168.0.3
[nefarious]
192.168.0.3 static_ip=192.168.0.3
[matrix] [matrix]
192.168.0.2 static_ip=192.168.0.2 192.168.0.2 static_ip=192.168.0.2
[atuin-server] [atuin-server]
192.168.0.2 static_ip=192.168.0.2 192.168.0.2 static_ip=192.168.0.2
[gitea]
192.168.0.2 static_ip=192.168.0.2
[kanboard]
192.168.0.2 static_ip=192.168.0.2
[baikal]
192.168.0.2 static_ip=192.168.0.2
[photoview]
192.168.0.3 static_ip=192.168.0.3

24
nas.yml
View File

@ -56,12 +56,12 @@
- woodpecker - woodpecker
tags: woodpecker tags: woodpecker
- name: Install Restic - name: Install Lander
hosts: nas hosts: nas
become: yes become: yes
roles: roles:
- restic - lander
tags: restic tags: lander
- name: Install Restic REST server - name: Install Restic REST server
hosts: nas hosts: nas
@ -70,21 +70,21 @@
- restic-rest - restic-rest
tags: restic-rest tags: restic-rest
- name: Install Lander - name: Install Restic
hosts: nas hosts: nas
become: yes become: yes
roles: roles:
- lander - restic
tags: lander tags: restic
- hosts: nas
become: yes
roles:
- matrix
tags: matrix
- hosts: nas - hosts: nas
become: yes become: yes
roles: roles:
- nefarious - nefarious
tags: nefarious tags: nefarious
- hosts: nas
become: yes
roles:
- photoview
tags: photoview

View File

@ -17,7 +17,7 @@ services:
condition: service_healthy condition: service_healthy
db: db:
image: 'postgres:17.0-alpine' image: 'postgres:16.4-alpine'
restart: 'always' restart: 'always'
healthcheck: healthcheck:
@ -30,4 +30,4 @@ services:
- POSTGRES_PASSWORD=atuin - POSTGRES_PASSWORD=atuin
- POSTGRES_DB=atuin - POSTGRES_DB=atuin
volumes: volumes:
- '/mnt/data1/atuin-server/postgres:/var/lib/postgresql/data' - /mnt/data1/atuin-server/postgres:/var/lib/postgresql/data

View File

@ -10,7 +10,7 @@
- name: Ensure data subvolumes are present - name: Ensure data subvolumes are present
community.general.btrfs_subvolume: community.general.btrfs_subvolume:
name: '/atuin-server/{{ item }}' name: '/atuin-server/{{ item }}'
loop: with_items:
- 'postgres' - 'postgres'
- name: Ensure configuration directory is present - name: Ensure configuration directory is present
@ -39,8 +39,8 @@
- name: Ensure backup script is present - name: Ensure backup script is present
ansible.builtin.copy: ansible.builtin.copy:
src: 'atuin-server.postgres.backup.sh' src: 'atuin-server.backup.sh'
dest: '/etc/backups/atuin-server.postgres.backup.sh' dest: '/etc/backups/atuin-server.backup.sh'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
mode: '0644' mode: '0644'

View File

@ -1,3 +0,0 @@
---
dependencies:
- role: caddy

View File

@ -1,9 +0,0 @@
---
- name: Ensure Caddyfile is present
template:
src: 'gitea.Caddyfile.j2'
dest: '/etc/caddy/gitea.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -1,3 +0,0 @@
git.rustybever.be {
reverse_proxy {{ hostvars[groups['gitea'][0]].static_ip }}:8010
}

View File

@ -1,40 +0,0 @@
version: '3'
services:
app:
# Latest contains a development version
image: 'gitea/gitea:1.20.1'
restart: 'always'
ports:
- '22:22'
- '8010:3000'
volumes:
- '/etc/gitea/app.ini:/data/gitea/conf/app.ini'
- '/mnt/data1/gitea/data:/data'
- '/mnt/data1/gitea/repositories:/data/git/repositories'
- '/mnt/data1/gitea/lfs:/data/git/lfs'
- '/etc/timezone:/etc/timezone:ro'
- '/etc/localtime:/etc/localtime:ro'
depends_on:
db:
condition: service_healthy
db:
image: 'postgres:14.8-alpine'
restart: 'always'
healthcheck:
test: ["CMD", "pg_isready", "-U", "gitea"]
interval: 30s
start_period: 30s
timeout: 5s
retries: 3
environment:
- 'POSTGRES_USER=gitea'
- 'POSTGRES_PASSWORD=gitea'
- 'POSTGRES_DB=gitea'
volumes:
- '/mnt/data1/gitea/postgres:/var/lib/postgresql/data'

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/data'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/lfs'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -1,7 +0,0 @@
#!/usr/bin/env bash
cd /etc/gitea
/usr/bin/docker compose exec -T db pg_dump -U gitea gitea |
/usr/bin/gzip --rsyncable |
/usr/local/bin/restic backup --stdin --stdin-filename gitea-postgres.sql.gz

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/repositories'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -1,15 +0,0 @@
[Unit]
Description=Private, Fast, Reliable DevOps Platform
After=docker.target
Requires=docker.target
[Service]
Type=exec
User=gitea
Group=gitea
WorkingDirectory=/etc/gitea
ExecStart=/usr/bin/docker compose up
ExecStop=/usr/bin/docker compose down
[Install]
WantedBy=multi-user.target

View File

@ -1,5 +0,0 @@
---
- name: 'restart gitea'
ansible.builtin.service:
name: 'gitea'
state: 'restarted'

View File

@ -1,73 +0,0 @@
---
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/gitea'
state: directory
mode: '0755'
owner: 'root'
group: 'root'
- name: Ensure data subvolumes are present
community.general.btrfs_subvolume:
name: '/gitea/{{ item }}'
loop:
- 'data'
- 'lfs'
- 'repositories'
- 'postgres'
- name: Ensure configuration directory is present
ansible.builtin.file:
path: '/etc/gitea'
state: directory
mode: '0755'
- name: Ensure compose file is present
ansible.builtin.copy:
src: 'compose.yml'
dest: '/etc/gitea/compose.yml'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart gitea'
- name: Ensure config file is present
ansible.builtin.template:
src: 'app.ini.j2'
dest: '/etc/gitea/app.ini'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart gitea'
- name: Ensure backup scripts are present
ansible.builtin.copy:
src: "gitea.{{ item }}.backup.sh"
dest: "/etc/backups/gitea.{{ item }}.backup.sh"
owner: 'root'
group: 'root'
mode: '0644'
loop:
- 'postgres'
- 'data'
- 'lfs'
- 'repositories'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'gitea.service'
dest: '/lib/systemd/system/gitea.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure gitea service is enabled
ansible.builtin.service:
name: 'gitea'
enabled: true

View File

@ -1,112 +0,0 @@
APP_NAME = The Rusty Bever
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
; Makes public the default option when creating a repo
DEFAULT_PRIVATE = public
; Disables releases, projects & wiki by default for new repos (but can be enabled when needed)
DEFAULT_REPO_UNITS = repo.code,repo.issues,repo.pulls
; Might as well be compatible with
DEFAULT_BRANCH = main
[repository.pull-request]
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]:,Draft:,[Draft]:
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[ui]
; Always show the full name of a user when possible
DEFAULT_SHOW_FULL_NAME = true
THEMES = auto,gitea,arc-green,gitea-modern
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.rustybever.be
SSH_DOMAIN = git.rustybever.be
HTTP_PORT = 3000
ROOT_URL = https://git.rustybever.be/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
OFFLINE_MODE = false
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
[lfs]
PATH = /data/git/lfs
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = db:5432
NAME = gitea
USER = gitea
PASSWD = gitea
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
REDIRECT_MACARON_LOG = true
MACARON = console
ROUTER = console
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = true
MIN_PASSWORD_LENGTH = 12
PASSWORD_COMPLEXITY = lower,upper,digit
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[oauth2]
JWT_SECRET = {{ gitea_jwt_secret }}
[other]
SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

View File

@ -1,3 +0,0 @@
---
dependencies:
- role: caddy

View File

@ -1,9 +0,0 @@
---
- name: Ensure Caddyfile is present
template:
src: 'kanboard.Caddyfile.j2'
dest: '/etc/caddy/kanboard.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -1,3 +0,0 @@
kanban.roosens.me {
reverse_proxy {{ hostvars[groups['kanboard'][0]].static_ip }}:8011
}

View File

@ -1,10 +0,0 @@
services:
kanboard:
image: 'kanboard/kanboard:v1.2.39'
restart: 'always'
ports:
- '8011:80'
volumes:
- '/mnt/data1/kanboard/data:/var/www/app/data'
- '/mnt/data1/kanboard/plugins:/var/www/app/plugins'

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/kanboard/data'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/kanboard/plugins'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -1,13 +0,0 @@
[Unit]
Description=Project management software that focuses on the Kanban methodology
After=docker.service
Requires=docker.service
[Service]
Type=exec
WorkingDirectory=/etc/kanboard
ExecStart=/usr/bin/docker compose up
ExecStop=/usr/bin/docker compose down
[Install]
WantedBy=multi-user.target

View File

@ -1,5 +0,0 @@
---
- name: 'restart kanboard'
ansible.builtin.service:
name: 'kanboard'
state: 'restarted'

View File

@ -1,71 +0,0 @@
---
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/kanboard'
state: directory
mode: '0755'
owner: 'root'
group: 'root'
- name: Ensure data subvolumes are present
community.general.btrfs_subvolume:
name: '/kanboard/{{ item }}'
loop:
- 'data'
- 'plugins'
- name: Ensure subvolume permissions are correct
ansible.builtin.file:
path: "/mnt/data1/kanboard/{{ item }}"
state: directory
mode: '0755'
owner: '100'
group: '101'
loop:
- 'data'
- 'plugins'
- name: Ensure configuration directory is present
ansible.builtin.file:
path: '/etc/kanboard'
state: directory
mode: '0755'
- name: Ensure compose file is present
ansible.builtin.copy:
src: 'compose.yml'
dest: '/etc/kanboard/compose.yml'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart kanboard'
- name: Ensure backup scripts are present
ansible.builtin.copy:
src: "kanboard.{{ item }}.backup.sh"
dest: "/etc/backups/kanboard.{{ item }}.backup.sh"
owner: 'root'
group: 'root'
mode: '0644'
loop:
- 'data'
- 'plugins'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'kanboard.service'
dest: '/lib/systemd/system/kanboard.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure kanboard service is enabled
ansible.builtin.service:
name: 'kanboard'
enabled: true

View File

@ -1,3 +0,0 @@
---
dependencies:
- role: caddy

View File

@ -1,9 +0,0 @@
---
- name: Ensure Caddyfile is present
template:
src: 'photoview.Caddyfile.j2'
dest: '/etc/caddy/photoview.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

View File

@ -1,3 +0,0 @@
photos.roosens.me {
reverse_proxy {{ hostvars[groups['photoview'][0]].static_ip }}:8012
}

View File

@ -1,35 +0,0 @@
services:
app:
image: 'viktorstrate/photoview:2.4.0'
restart: 'always'
depends_on:
db:
condition: service_healthy
environment:
PHOTOVIEW_DATABASE_DRIVER: 'postgres'
PHOTOVIEW_POSTGRES_URL: 'postgres://photoview:photoview@db/photoview?sslmode=disable'
ports:
- '8012:80'
volumes:
- '/etc/localtime:/etc/localtime:ro'
- '/etc/timezone:/etc/timezone:ro'
- '/mnt/data1/photoview/cache:/home/photoview/media-cache'
- '/mnt/data1/photos:/photos:ro'
db:
image: 'postgres:17.0-alpine'
restart: 'always'
healthcheck:
test: ["CMD", "pg_isready", "-U", "photoview"]
interval: 10s
start_period: 30s
environment:
POSTGRES_USER: 'photoview'
POSTGRES_PASSWORD: 'photoview'
POSTGRES_DB: 'photoview'
volumes:
- '/mnt/data1/photoview/postgres:/var/lib/postgresql/data'

View File

@ -1,5 +0,0 @@
cd /etc/photoview
/usr/bin/docker compose exec -T db pg_dump -U photoview photoview |
/usr/bin/gzip --rsyncable |
/usr/local/bin/restic backup --stdin --stdin-filename photoview-postgres.sql.gz

View File

@ -1,13 +0,0 @@
[Unit]
Description=Photo gallery for self-hosted personal servers
After=docker.service
Requires=docker.service
[Service]
Type=exec
WorkingDirectory=/etc/photoview
ExecStart=/usr/bin/docker compose up
ExecStop=/usr/bin/docker compose down
[Install]
WantedBy=multi-user.target

View File

@ -1,5 +0,0 @@
---
- name: 'restart photoview'
ansible.builtin.service:
name: 'photoview'
state: 'restarted'

View File

@ -1,69 +0,0 @@
---
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/photoview'
state: directory
mode: '0755'
owner: 'root'
group: 'root'
- name: Ensure data subvolumes are present
community.general.btrfs_subvolume:
name: '/photoview/{{ item }}'
loop:
- 'postgres'
- 'cache'
- name: Ensure subvolume permissions are correct
ansible.builtin.file:
path: "/mnt/data1/photoview/{{ item }}"
state: directory
mode: '0755'
owner: '999'
group: '999'
loop:
- 'cache'
- name: Ensure configuration directory is present
ansible.builtin.file:
path: '/etc/photoview'
state: directory
mode: '0755'
- name: Ensure compose file is present
ansible.builtin.copy:
src: 'compose.yml'
dest: '/etc/photoview/compose.yml'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart photoview'
- name: Ensure backup scripts are present
ansible.builtin.copy:
src: "photoview.{{ item }}.backup.sh"
dest: "/etc/backups/photoview.{{ item }}.backup.sh"
owner: 'root'
group: 'root'
mode: '0644'
loop:
- 'postgres'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'photoview.service'
dest: '/lib/systemd/system/photoview.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure photoview service is enabled
ansible.builtin.service:
name: 'photoview'
enabled: true

View File

@ -51,27 +51,3 @@
roles: roles:
- baikal - baikal
tags: baikal tags: baikal
- hosts: ruby
become: yes
roles:
- atuin-server
tags: atuin
- hosts: ruby
become: yes
roles:
- gitea
tags: gitea
- hosts: ruby
become: yes
roles:
- kanboard
tags: kanboard
- hosts: nas
become: yes
roles:
- matrix
tags: matrix

24
web.yml
View File

@ -40,27 +40,3 @@
roles: roles:
- nefarious-web - nefarious-web
tags: nefarious tags: nefarious
- hosts: web
become: yes
roles:
- atuin-server-web
tags: atuin
- hosts: web
become: yes
roles:
- gitea-web
tags: gitea
- hosts: web
become: yes
roles:
- kanboard-web
tags: kanboard
- hosts: web
become: yes
roles:
- photoview-web
tags: photoview