playbooks/heyer.systems/docker1.yml

@@ -17,6 +17,11 @@
         - syslog
         - system
 
+    - role: server_install_cronjobs
+      tags:
+        - cronjobs
+        - system
+
     - role: deploy_container_traefik
       tags:
         - traefik
@@ -26,3 +31,23 @@
       tags:
         - homepage
         - docker-container
+
+    - role: deploy_container_wishlist
+      tags:
+        - wishlist
+        - docker-container
+
+    - role: deploy_container_excalidraw
+      tags:
+        - excalidraw
+        - docker-container
+
+    - role: deploy_container_lldap
+      tags:
+        - lldap
+        - docker-container
+
+    - role: deploy_container_booklore
+      tags:
+        - booklore
+        - docker-container

requirements.yml

@@ -1,3 +1,6 @@
 ---
 collections:
-  - name: community.docker
+  - name: community.general
+    version: ">=6.0.0"
+  - name: community.docker
+    version: ">=3.0.0"

roles/deploy_container_booklore/defaults/main.yml

@@ -0,0 +1,6 @@
+container_booklore_version: latest
+container_booklore_domain: booklore.example.com
+container_booklore_directory: /opt/docker/booklore
+container_booklore_db_root_password: super_duper_secret_root_password
+container_booklore_db_user: db_user
+container_booklore_db_password: super_secret_password

roles/deploy_container_booklore/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_booklore_directory }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "app"
+    - "books"
+    - "db"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_booklore_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_booklore_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

roles/deploy_container_booklore/templates/.env.j2

@@ -0,0 +1,10 @@
+# Booklore Version (Standard: latest)                                                                                         # Excalidraw Version (Standard: latest)
+BOOKLORE_VERSION={{ container_booklore_version }}
+
+# Booklore Domain
+BOOKLORE_DOMAIN={{ container_booklore_domain }}
+
+# Booklore DB
+BOOKLORE_DB_ROOT_PASSWORD={{ container_booklore_db_root_password }}
+BOOKLORE_DB_USER={{ container_booklore_db_user }}
+BOOKLORE_DB_PASSWORD={{ container_booklore_db_password }}

roles/deploy_container_booklore/templates/docker-compose.yml.j2

@@ -0,0 +1,63 @@
+---
+services:
+  booklore:
+    image: ghcr.io/adityachandelgit/booklore-app:${BOOKLORE_VERSION:-latest}
+    container_name: booklore
+    restart: unless-stopped
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    networks:
+      - traefik
+      - booklore
+    volumes:
+      - ./data/app:/app/data
+      - ./data/books:/books
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - DATABASE_URL=jdbc:mariadb://mariadb:3306/booklore
+      - DATABASE_USERNAME=${BOOKLORE_DB_USER:-booklore}
+      - DATABASE_PASSWORD=${BOOKLORE_DB_PASSWORD}
+      - SWAGGER_ENABLED=false
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.booklore.entrypoints=http"
+      - "traefik.http.routers.booklore.rule=Host(`${BOOKLORE_DOMAIN:?error}`)"
+      - "traefik.http.middlewares.booklore-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.booklore.middlewares=booklore-https-redirect"
+      - "traefik.http.routers.booklore-secure.entrypoints=https"
+      - "traefik.http.routers.booklore-secure.rule=Host(`${BOOKLORE_DOMAIN:?error}`)"
+      - "traefik.http.routers.booklore-secure.tls=true"
+      - "traefik.http.routers.booklore-secure.service=booklore"
+      - "traefik.http.services.booklore.loadbalancer.server.port=6060"
+
+  mariadb:
+    image: lscr.io/linuxserver/mariadb:11.4.5
+    container_name: mariadb
+    networks:
+      - booklore
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - MYSQL_ROOT_PASSWORD=${BOOKLORE_DB_ROOT_PASSWORD}
+      - MYSQL_DATABASE=booklore
+      - MYSQL_USER=${BOOKLORE_DB_USER:-booklore}
+      - MYSQL_PASSWORD=${BOOKLORE_DB_PASSWORD}
+    volumes:
+      - ./data/db:/config
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "mariadb-admin", "ping", "-h", "localhost"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+networks:
+  traefik:
+    external: true
+  booklore:
+    driver: bridge

roles/deploy_container_excalidraw/defaults/main.yml

@@ -0,0 +1,3 @@
+container_excalidraw_version: latest
+container_excalidraw_domain: excalidraw.example.com
+container_excalidraw_directory: /opt/docker/excalidraw

roles/deploy_container_excalidraw/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_excalidraw_directory }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "app"
+    - "node_modules"
+  become: false
+
+- name: Create neccessary Files
+  ansible.builtin.file:
+    path: "{{ traefik_container_dir }}/data/{{ item }}"
+    state: touch
+    mode: '0644'
+  loop:
+    - "package.json"
+    - "yarn.lock"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_excalidraw_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_excalidraw_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

roles/deploy_container_excalidraw/templates/.env.j2

@@ -0,0 +1,5 @@
+# Excalidraw Version (Standard: latest)                                                                                         # Excalidraw Version (Standard: latest)
+EXCALIDRAW_VERSION={{ container_excalidraw_version }}
+
+# Excalidraw Domain
+EXCALIDRAW_DOMAIN={{ container_excalidraw_domain }}

roles/deploy_container_excalidraw/templates/docker-compose.yml.j2

@@ -0,0 +1,34 @@
+---
+services:
+  excalidraw:
+    image: excalidraw/excalidraw:${EXCALIDRAW_VERSION:-latest}
+    container_name: excalidraw
+    restart: on-failure
+    stdin_open: true
+    healthcheck:
+      disable: true
+    environment:
+      - NODE_ENV=development
+    networks:
+      - traefik
+    volumes:
+      - ./data/app:/opt/node_app/app:delegated
+      - ./data/package.json:/opt/node_app/package.json
+      - ./data/yarn.lock:/opt/node_app/yarn.lock
+      - ./data/node_modules:/opt/node_app/app/node_modules
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.excalidraw.entrypoints=http"
+      - "traefik.http.routers.excalidraw.rule=Host(`${EXCALIDRAW_DOMAIN:?error}`)"
+      - "traefik.http.middlewares.excalidraw-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.excalidraw.middlewares=excalidraw-https-redirect"
+      - "traefik.http.routers.excalidraw-secure.entrypoints=https"
+      - "traefik.http.routers.excalidraw-secure.rule=Host(`${EXCALIDRAW_DOMAIN:?error}`)"
+      - "traefik.http.routers.excalidraw-secure.tls=true"
+      - "traefik.http.routers.excalidraw-secure.service=excalidraw"
+      - "traefik.http.services.excalidraw.loadbalancer.server.port=80"
+
+networks:
+  traefik:
+    external: true

roles/deploy_container_koito/defaults/main.yml

@@ -0,0 +1,4 @@
+container_koito_version: latest
+container_koito_domain: music.heyer.systems
+container_koito_directory: /opt/docker/koito
+container_koito_db_password: "super_secret_db_password"

roles/deploy_container_koito/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_koito_directory }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "db"
+    - "koito"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_koito_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_koito_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

roles/deploy_container_koito/templates/.env.j2

@@ -0,0 +1,3 @@
+KOITO_VERSION={{ container_koito_version }}
+KOITO_DOMAIN={{ container_koito_domain }}
+KOITO_DB_PASSWORD={{ container_koito_db_password}}

roles/deploy_container_koito/templates/docker-compose.yml.j2

@@ -0,0 +1,47 @@
+---
+services:
+  koito:
+    image: gabehf/koito:${KOITO_VERSION}
+    container_name: koito
+    depends_on:
+      - db
+    networks:
+      - traefik
+      - koito
+    environment:
+      - KOITO_DATABASE_URL=postgres://postgres:${KOITO_DB_PASSWORD}@db:5432/koitodb?sslmode=disable
+      - KOITO_ALLOWED_HOSTS=${KOITO_DOMAIN}
+    volumes:
+      - ./data/koito:/etc/koito
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.koito.entrypoints=http"
+      - "traefik.http.routers.koito.rule=Host(`${KOITO_DOMAIN}`)"
+      - "traefik.http.middlewares.koito-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.koito.middlewares=koito-https-redirect"
+      - "traefik.http.routers.koito-secure.entrypoints=https"
+      - "traefik.http.routers.koito-secure.rule=Host(`${KOITO_DOMAIN}`)"
+      - "traefik.http.routers.koito-secure.tls=true"
+      - "traefik.http.routers.koito-secure.service=koito"
+      - "traefik.http.services.koito.loadbalancer.server.port=4110"
+    restart: unless-stopped
+
+  db:
+    image: postgres:16
+    container_name: koito-db
+    restart: unless-stopped
+    networks:
+      - koito
+    environment:
+      POSTGRES_DB: koitodb
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: ${KOITO_DB_PASSWORD}
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+
+networks:
+  traefik:
+    external: true
+  koito:
+    driver: bridge

roles/deploy_container_lldap/defaults/main.yml

@@ -0,0 +1,15 @@
+# Version of the LLDAP container image
+container_lldap_version: "stable"                   # e.g., "latest" or a specific version
+
+# LDAP Base DN components
+container_lldap_ldap_base_domain: "example"          # First part of the LDAP Base DN (dc=example)
+container_lldap_ldap_base_tld: "com"                 # Top-level domain part of the LDAP Base DN (dc=com)
+
+# Domain for Traefik / external access
+container_lldap_domain: "ldap.example.com"           # Fully qualified domain name for LLDAP service
+
+# LDAP admin user password
+container_lldap_ldap_user_pass: "adminPas$word"      # Admin password (can be replaced by secret file)
+
+# Base directory for container data (e.g., for volumes, secrets)
+container_lldap_directory: "/opt/docker/lldap"  # Base directory on the host for LLDAP data

roles/deploy_container_lldap/meta/main.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - community.general
+  - community.docker

roles/deploy_container_lldap/tasks/main.yml

@@ -0,0 +1,71 @@
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_lldap_directory }}/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "data"
+    - "secrets"
+  become: false
+
+- name: Check if jwt_secret file exists
+  ansible.builtin.stat:
+    path: "{{ container_lldap_directory }}/secrets/jwt_secret"
+  register: jwt_secret_stat
+
+- name: Check if key_seed file exists
+  ansible.builtin.stat:
+    path: "{{ container_lldap_directory }}/secrets/key_seed"
+  register: key_seed_stat
+
+- name: Generate JWT secret if not exists
+  set_fact:
+    jwt_secret: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}"
+  when: not jwt_secret_stat.stat.exists
+  run_once: true
+
+- name: Generate Key Seed if not exists
+  set_fact:
+    key_seed: "{{ lookup('community.general.random_string', 'length=32 upper=true lower=true digits=true special=true override_special=!#%&()*+,-./:;<=>?@[]^_{|}~') }}"
+  when: not key_seed_stat.stat.exists
+  run_once: true
+
+- name: Copy JWT secret to host if generated
+  ansible.builtin.copy:
+    content: "{{ jwt_secret }}"
+    dest: "{{ container_lldap_directory }}/secrets/jwt_secret"
+    mode: '0644'
+  when: jwt_secret is defined
+  become: false
+
+- name: Copy Key Seed to host if generated
+  ansible.builtin.copy:
+    content: "{{ key_seed }}"
+    dest: "{{ container_lldap_directory }}/secrets/key_seed"
+    mode: '0644'
+  when: key_seed is defined
+  become: false
+
+- name: Write LDAP admin user password to file if not exists
+  ansible.builtin.copy:
+    content: "{{ container_lldap_ldap_user_pass }}"
+    dest: "{{ container_lldap_directory }}/secrets/ldap_user_pass"
+    mode: '0644'
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_lldap_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_lldap_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

roles/deploy_container_lldap/templates/.env.j2

@@ -0,0 +1,4 @@
+LLDAP_VERSION={{ container_lldap_version }}
+LDAP_BASE_DOMAIN={{ container_lldap_ldap_base_domain }}
+LDAP_BASE_TLD={{ container_lldap_ldap_base_tld }}
+LLDAP_DOMAIN={{ container_lldap_domain }}

roles/deploy_container_lldap/templates/docker-compose.yml.j2

@@ -0,0 +1,37 @@
+---
+services:
+  lldap:
+    image: lldap/lldap:${LLDAP_VERSION:-stable}
+    container_name: lldap
+    restart: always
+    volumes:
+      - "lldap_data:/data"
+      - "./secrets:/secrets:ro"
+    networks:
+      - traefik
+    environment:
+      - TZ=Europe/Berlin
+      - LLDAP_JWT_SECRET_FILE=/secrets/jwt_secret
+      - LLDAP_KEY_SEED_FILE=/secrets/key_seed
+      - LLDAP_LDAP_BASE_DN=dc=${LDAP_BASE_DOMAIN},dc=${LDAP_BASE_TLD}
+      - LLDAP_LDAP_USER_PASS_FILE=/secrets/ldap_user_pass
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.lldap.entrypoints=http"
+      - "traefik.http.routers.lldap.rule=Host(`${LLDAP_DOMAIN}`)"
+      - "traefik.http.middlewares.lldap-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.lldap.middlewares=lldap-https-redirect"
+      - "traefik.http.routers.lldap-secure.entrypoints=https"
+      - "traefik.http.routers.lldap-secure.rule=Host(`${LLDAP_DOMAIN}`)"
+      - "traefik.http.routers.lldap-secure.tls=true"
+      - "traefik.http.routers.lldap-secure.service=lldap"
+      - "traefik.http.services.lldap.loadbalancer.server.port=17170"
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  lldap_data:
+    driver: local

roles/deploy_container_wishlist/defaults/main.yml

@@ -0,0 +1,41 @@
+container_wishlist_url: "wishlist.example.com"
+container_wishlist_version: "latest"
+container_wishlist_directory: "/opt/docker/wishlist"
+
+container_wishlist_db_prefix: "dbs/"
+container_wishlist_db_log_file: "/dev/null"
+container_wishlist_default_failure_redirect: "/login"
+container_wishlist_port: 80
+container_wishlist_db_expose_port: ""
+container_wishlist_proxy_server: ""
+container_wishlist_secret: ""
+container_wishlist_session_max_age: 604800000
+container_wishlist_site_title: "Christmas Community"
+container_wishlist_short_title: "Christmas"
+container_wishlist_root_url: "/"
+container_wishlist_trust_proxy: "loopback"
+container_wishlist_bulmaswatch: "default"
+container_wishlist_update_check: "true"
+container_wishlist_pfp: "true"
+container_wishlist_language: "de-DE"
+
+container_wishlist_single_list: "false"
+container_wishlist_lists_public: "false"
+container_wishlist_table: "true"
+container_wishlist_markdown: "false"
+
+container_wishlist_custom_html_login: ""
+container_wishlist_custom_html_wishlists: ""
+container_wishlist_custom_css: ""
+
+container_wishlist_google_client_id: ""
+container_wishlist_google_client_secret: ""
+
+container_wishlist_oidc_client_id: ""
+container_wishlist_oidc_client_secret: ""
+container_wishlist_oidc_authorization_url: "https://accounts.google.com/o/oauth2/auth"
+container_wishlist_oidc_token_url: "https://oauth2.googleapis.com/token"
+container_wishlist_oidc_issuer: "https://accounts.google.com"
+container_wishlist_oidc_provider_name: "Google"
+
+container_wishlist_upload_pfp_max_size: 5

roles/deploy_container_wishlist/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_wishlist_directory }}/data"
+    state: directory
+    mode: '0755'
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_wishlist_directory }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_wishlist_directory }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

roles/deploy_container_wishlist/templates/.env.j2

@@ -0,0 +1,49 @@
+## Traefik and Docker Options
+WISHLIST_URL={{ container_wishlist_url }}
+WISHLIST_VERSION={{ container_wishlist_version }}
+
+## Core Settings
+DB_PREFIX={{ container_wishlist_db_prefix }}
+DB_LOG_FILE={{ container_wishlist_db_log_file }}
+DEFAULT_FAILURE_REDIRECT={{ container_wishlist_default_failure_redirect }}
+PORT={{ container_wishlist_port }}
+DB_EXPOSE_PORT={{ container_wishlist_db_expose_port }}
+PROXY_SERVER={{ container_wishlist_proxy_server }}
+SECRET={{ container_wishlist_secret }}
+SESSION_MAX_AGE={{ container_wishlist_session_max_age }}
+SITE_TITLE={{ container_wishlist_site_title }}
+SHORT_TITLE={{ container_wishlist_short_title }}
+ROOT_URL={{ container_wishlist_root_url }}
+TRUST_PROXY={{ container_wishlist_trust_proxy }}
+BULMASWATCH={{ container_wishlist_bulmaswatch }}
+UPDATE_CHECK={{ container_wishlist_update_check }}
+PFP={{ container_wishlist_pfp }}
+LANGUAGE={{ container_wishlist_language }}
+
+## Wishlist Settings
+SINGLE_LIST={{ container_wishlist_single_list }}
+LISTS_PUBLIC={{ container_wishlist_lists_public }}
+TABLE={{ container_wishlist_table }}
+MARKDOWN={{ container_wishlist_markdown }}
+
+## Custom HTML Snippets
+CUSTOM_HTML_LOGIN={{ container_wishlist_custom_html_login | default('') }}
+CUSTOM_HTML_WISHLISTS={{ container_wishlist_custom_html_wishlists | default('') }}
+
+## Custom CSS
+CUSTOM_CSS={{ container_wishlist_custom_css | default('') }}
+
+## Google Client Details
+GOOGLE_CLIENT_ID={{ container_wishlist_google_client_id | default('') }}
+GOOGLE_CLIENT_SECRET={{ container_wishlist_google_client_secret | default('') }}
+
+## OIDC Provider Details
+OIDC_CLIENT_ID={{ container_wishlist_oidc_client_id | default('') }}
+OIDC_CLIENT_SECRET={{ container_wishlist_oidc_client_secret | default('') }}
+OIDC_AUTHORIZATION_URL={{ container_wishlist_oidc_authorization_url | default('') }}
+OIDC_TOKEN_URL={{ container_wishlist_oidc_token_url | default('') }}
+OIDC_ISSUER={{ container_wishlist_oidc_issuer | default('') }}
+OIDC_PROVIDER_NAME={{ container_wishlist_oidc_provider_name | default('') }}
+
+## Profile picture upload max size in MB
+UPLOAD_PFP_MAX_SIZE={{ container_wishlist_upload_pfp_max_size }}

roles/deploy_container_wishlist/templates/docker-compose.yml.j2

@@ -0,0 +1,38 @@
+---
+services:
+  christmas-community:
+    image: wingysam/christmas-community:latest
+    container_name: wishlist
+    restart: always
+    volumes:
+      - ./data:/data
+    networks:
+      - traefik
+    environment:
+      SMILE: 'true'
+      # Table mode, set to 'false' to revert to box mode
+      TABLE: 'true'
+      # Single list mode
+      # (for weddings, birthdays, etc. only the admin account's list is accessible)
+      # Set to 'true' to enable
+      SINGLE_LIST: 'false'
+      # Some websites (like walmart) send headers that are larger than 8MB in
+      # length. If issues are encountered, set the node.js limit to a higher
+      # number than 8192
+      #NODE_OPTIONS: "--max-http-header-size=32768"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wishlist.entrypoints=http"
+      - "traefik.http.routers.wishlist.rule=Host(`${WISHLIST_URL}`)"
+      - "traefik.http.middlewares.wishlist-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.wishlist.middlewares=wishlist-https-redirect"
+      - "traefik.http.routers.wishlist-secure.entrypoints=https"
+      - "traefik.http.routers.wishlist-secure.rule=Host(`${WISHLIST_URL}`)"
+      - "traefik.http.routers.wishlist-secure.tls=true"
+      - "traefik.http.routers.wishlist-secure.service=wishlist"
+      - "traefik.http.services.wishlist.loadbalancer.server.port=80"
+      - "traefik.docker.network=traefik"
+
+networks:
+  traefik:
+    external: true

roles/server_install_cronjobs/defaults/main.yml

@@ -0,0 +1,4 @@
+server_install_cronjobs_directory: /etc/cron.d
+server_install_cronjobs_files:
+  - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/server_install_cronjobs_files/your_cronjob"
+    dest: "your_cronjob"

roles/server_install_cronjobs/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Update cache
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install Cron
+  ansible.builtin.apt:
+    name: cron
+    state: present
+
+- name: Activate Cron
+  ansible.builtin.service:
+    name: cron
+    enabled: true
+    state: started
+
+- name: Copy Cronjob-Files to Host 
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ server_install_cronjobs_directory }}/{{ item.dest }}"
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ server_install_cronjobs_files }}"

roles/server_install_ssh/tasks/main.yml

@@ -4,6 +4,11 @@
     update_cache: true
     cache_valid_time: 3600
 
+- name: Detect if system is Proxmox (by checking /etc/pve)
+  stat:
+    path: /etc/pve
+  register: pve_check
+
 - name: OpenSSH Server installieren
   ansible.builtin.apt:
     name: openssh-server
@@ -39,3 +44,5 @@
     group: root
     mode: '0644'
   notify: Restart SSH
+  vars:
+    is_proxmox: "{{ pve_check.stat.exists }}"

roles/server_install_ssh/templates/sshd_config.j2

@@ -1,7 +1,14 @@
 # OpenSSH server configuration (managed by Ansible)
 Port {{ ssh_port }}
 Protocol 2
+
+{% if is_proxmox %}
+PermitRootLogin prohibit-password
+AcceptEnv LANG LC_*
+{% else %}
 PermitRootLogin no
+{% endif %}
+
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM yes
@@ -14,4 +21,5 @@ AllowTcpForwarding no
 PermitEmptyPasswords no
 PrintMotd no
 UseDNS no
-Compression no
+Compression no
+Subsystem sftp /usr/lib/openssh/sftp-server