README.md

@@ -23,9 +23,6 @@ concise area of concern.
 - [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
   the free software media system for streaming stored media to any device.
 
-- [`keycloak`](roles/keycloak/README.md): Deploy [keycloak](https://www.keycloak.org/),
-  the open source identity and access management solution.
-
 - [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
   installation using the upstream provided docker-compose setup.
 

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: finallycoffee
 name: services
-version: 0.1.10
+version: 0.1.6
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
@@ -19,5 +19,5 @@ tags:
   - hedgedoc
   - jellyfin
   - vaultwarden
-  - snipeit
+  - snipe-it
   - docker

roles/authelia/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-authelia_version: "4.38.17"
+authelia_version: "4.38.16"
 authelia_user: authelia
 authelia_base_dir: /opt/authelia
 authelia_domain: authelia.example.org

roles/authelia/handlers/main.yml

@@ -4,7 +4,5 @@
   docker_container:
     name: "{{ authelia_container_name }}"
     state: started
-    restart: true
-    comparisons:
-      '*': ignore
+    restart: yes
   listen: restart-authelia

roles/authelia/vars/main.yml

@@ -170,12 +170,7 @@ authelia_config_access_control:
   default_policy: "{{ authelia_config_access_control_default_policy }}"
   networks: "{{ authelia_config_access_control_networks }}"
   rules: "{{ authelia_config_access_control_rules }}"
-authelia_config_session: >-2
-  {{ authelia_config_session_base
-    | combine(({'redis': authelia_config_session_redis}
-      if authelia_config_session_redis_host else {}), recursive=true)
-  }}
-authelia_config_session_base:
+authelia_config_session:
   name: "{{ authelia_config_session_name }}"
   domain: "{{ authelia_config_session_domain }}"
   same_site: "{{ authelia_config_session_same_site }}"

roles/ghost/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ghost_domain: ~
-ghost_version: "5.103.0"
+ghost_version: "5.96.0"
 ghost_user: ghost
 ghost_user_group: ghost
 ghost_base_path: /opt/ghost

roles/gitea/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-gitea_version: "1.22.4"
+gitea_version: "1.22.3"
 gitea_user: git
 gitea_run_user: "{{ gitea_user }}"
 gitea_base_path: "/opt/gitea"

roles/jellyfin/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 jellyfin_user: jellyfin
-jellyfin_version: "10.10.3"
+jellyfin_version: 10.9.11
 jellyfin_state: present
 
 jellyfin_base_path: /opt/jellyfin

roles/keycloak/README.md

@@ -1,16 +0,0 @@
-# `finallycoffee.services.keycloak` ansible role
-
-Ansible role for deploying keycloak, currently only supports docker.
-
-Migrated from `entropia.sso.keycloak`.
-
-## Required variables
-
-- `keycloak_database_password` - password for the database user
-- `keycloak_config_hostname` - public domain of the keycloak server
-
-## Database configuration
-
-- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
-- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
-- `keycloak_database_database` - name of the database to use, defaults to `keycloak`

roles/keycloak/defaults/main.yml

@@ -1,51 +0,0 @@
----
-keycloak_version: 26.0.7
-keycloak_container_name: keycloak
-
-keycloak_container_image_upstream_registry: quay.io
-keycloak_container_image_upstream_namespace: keycloak
-keycloak_container_image_upstream_name: keycloak
-keycloak_container_image_upstream: >-2
-  {{
-    ([
-      keycloak_container_image_upstream_registry | default([]),
-      keycloak_container_image_upstream_namespace | default([]),
-      keycloak_container_image_upstream_name,
-    ] | flatten | join('/'))
-  }}
-keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
-
-keycloak_container_database_vendor: postgres
-keycloak_base_path: /opt/keycloak
-keycloak_container_build_directory: "{{ keycloak_base_path }}/build"
-keycloak_container_build_jar_directory: providers
-keycloak_container_build_flags: {}
-keycloak_provider_jars_directory: "{{ keycloak_base_path }}/providers"
-keycloak_build_provider_jars_directory: "{{ keycloak_container_build_directory }}/{{ keycloak_container_build_jar_directory }}"
-
-keycloak_database_hostname: localhost
-keycloak_database_port: 5432
-keycloak_database_username: keycloak
-keycloak_database_password: ~
-keycloak_database_database: keycloak
-
-keycloak_container_env: {}
-keycloak_container_labels: ~
-keycloak_container_volumes: ~
-keycloak_container_restart_policy: unless-stopped
-keycloak_container_command: >-2
-  start
-  --db-username {{ keycloak_database_username }}
-  --db-password {{ keycloak_database_password }}
-  --db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
-  {{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
-  --proxy-headers=xforwarded
-  --hostname {{ keycloak_config_hostname }}
-  --optimized
-
-keycloak_config_health_enabled: true
-keycloak_config_metrics_enabled: true
-
-keycloak_config_hostname: localhost
-keycloak_config_admin_username: admin
-keycloak_config_admin_password: ~

roles/keycloak/meta/main.yml

@@ -1,13 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: keycloak
-  description: Deploy keycloak, the opensource identity and access management solution
-  galaxy_tags:
-    - keycloak
-    - sso
-    - oidc
-    - oauth2
-    - iam
-    - docker

roles/keycloak/tasks/main.yml

@@ -1,72 +0,0 @@
----
-
-- name: Ensure build directory exists
-  ansible.builtin.file:
-    name: "{{ keycloak_container_build_directory }}"
-    state: directory
-    recurse: yes
-    mode: 0700
-  tags:
-    - keycloak-build-container
-
-- name: Ensure provider jars directory exists
-  ansible.builtin.file:
-    name: "{{ keycloak_provider_jars_directory }}"
-    state: directory
-    mode: 0775
-  tags:
-    - keycloak-build-container
-
-- name: Ensure Dockerfile is templated
-  ansible.builtin.template:
-    src: Dockerfile.j2
-    dest: "{{ keycloak_container_build_directory }}/Dockerfile"
-    mode: 0700
-  register: keycloak_buildfile_info
-  tags:
-    - keycloak-container
-    - keycloak-build-container
-
-- name: Ensure upstream Keycloak container image '{{ keycloak_container_image_upstream }}:{{ keycloak_version }}' is present
-  community.docker.docker_image:
-    name: "{{ keycloak_container_image_upstream }}:{{ keycloak_version }}"
-    source: pull
-    state: present
-  register: keycloak_container_image_upstream_status
-  tags:
-    - keycloak-container
-    - keycloak-build-container
-
-- name: Ensure custom keycloak container image '{{ keycloak_container_image_name }}' is built
-  community.docker.docker_image:
-    name: "{{ keycloak_container_image_name }}"
-    build:
-      args:
-        DB_VENDOR: "{{ keycloak_container_database_vendor }}"
-        KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
-      dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
-      path: "{{ keycloak_container_build_directory }}"
-    source: build
-    state: present
-    force_source: "{{ keycloak_buildfile_info.changed or keycloak_container_image_upstream_status.changed or (keycloak_force_rebuild_container | default(false))}}"
-  register: keycloak_container_image_status
-  tags:
-    - keycloak-container
-    - keycloak-build-container
-
-- name: Ensure keycloak container is running
-  community.docker.docker_container:
-    name: "{{ keycloak_container_name }}"
-    image: "{{ keycloak_container_image_name }}"
-    env: "{{ keycloak_container_env | default(omit, true) }}"
-    ports: "{{ keycloak_container_ports | default(omit, true) }}"
-    hostname: "{{ keycloak_container_hostname | default(omit) }}"
-    labels: "{{ keycloak_container_labels | default(omit, true) }}"
-    volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
-    restart_policy: "{{ keycloak_container_restart_policy }}"
-    recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
-    etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
-    state: started
-    command: "{{ keycloak_container_command }}"
-  tags:
-    - keycloak-container

roles/keycloak/templates/Dockerfile.j2

@@ -1,41 +0,0 @@
-FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }} as builder
-
-# Enable health and metrics support
-ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
-ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
-
-# Configure a database vendor
-ARG DB_VENDOR
-ENV KC_DB=$DB_VENDOR
-
-WORKDIR {{ keycloak_container_working_directory }}
-
-ADD ./providers/* providers/
-# Workaround to set correct mode on jar files
-USER root
-RUN chmod -R 0770 providers/*
-USER keycloak
-
-RUN {{ keycloak_container_working_directory }}/bin/kc.sh --verbose \
-{% for argument in keycloak_container_build_flags | dict2items(key_name='flag', value_name='value') %}
-  --{{- argument['flag'] -}}{{- argument['value'] | default(false, true) | ternary('=' + argument['value'], '') }} \
-{% endfor%}
-  build{% if keycloak_container_build_features | default([]) | length > 0 %} \
-{% endif %}
-{% if keycloak_container_build_features | default([]) | length > 0 %}
-  --features="{{ keycloak_container_build_features | join(',') }}"
-{% endif %}
-
-
-FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }}
-COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
-
-ENV KC_HOSTNAME={{ keycloak_config_hostname }}
-ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
-ARG KC_ADMIN_PASSWORD
-{% if keycloak_version | split('.') | first | int > 21 %}
-ENV KEYCLOAK_ADMIN_PASSWORD=$KC_ADMIN_PASSWORD
-{% else %}
-ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
-{% endif %}
-ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]

roles/keycloak/vars/main.yml

@@ -1,3 +0,0 @@
----
-
-keycloak_container_working_directory: /opt/keycloak

roles/openproject/defaults/main.yml

@@ -2,9 +2,9 @@
 openproject_base_path: "/opt/openproject"
 
 openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
-openproject_upstream_git_branch: "stable/14"
+openproject_upstream_git_branch: "stable/13"
 
-openproject_compose_project_path: "{{ openproject_base_path }}"
+openproject_compose_project_path: "{{ openproject_base_path }}/compose"
 openproject_compose_project_name: "openproject"
 openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
 openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"

roles/openproject/tasks/main.yml

@@ -26,13 +26,14 @@
     content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
 
 - name: Ensure containers are pulled
-  community.docker.docker_compose_v2:
+  community.docker.docker_compose:
     project_src: "{{ openproject_compose_project_path }}"
     project_name: "{{ openproject_compose_project_name }}"
-    pull: "missing"
+    pull: true
 
 - name: Ensure services are running
-  community.docker.docker_compose_v2:
+  community.docker.docker_compose:
     project_src: "{{ openproject_compose_project_path }}"
     project_name: "{{ openproject_compose_project_name }}"
     state: "present"
+    build: false

roles/snipe_it/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 snipe_it_user: snipeit
-snipe_it_version: "7.1.15"
+snipe_it_version: "7.0.13"
 snipe_it_domain: ~
 snipe_it_state: present
 snipe_it_deployment_method: docker

roles/vaultwarden/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
 vaultwarden_user: vaultwarden
-vaultwarden_version: "1.32.7"
+vaultwarden_version: "1.32.2"
 
 vaultwarden_config_file: "/etc/vaultwarden/config.json"
 vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"