chore(deps-major): Update mcr.microsoft.com/mssql/server Docker tag to v2025

| datasource | package | from | to | | ---------- | ------------------------------ | ---- | ---- | | docker | mcr.microsoft.com/mssql/server | 2022 | 2025 |
2025-09-20 02:06:54 +00:00
72 changed files with 1819 additions and 934 deletions
--- a/.gitea/ISSUE_TEMPLATE/adding.yml
+++ b/.gitea/ISSUE_TEMPLATE/adding.yml
@@ -0,0 +1,74 @@
+name: 'Add Application'
+description: 'Track the process of adding a new application'
+title: 'Add Application: [Application Name]'
+labels: 
+  - addition
+assignees: ''
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Application Details                        
+
+  - type: input
+    id: application-name
+    attributes:
+      label: Application Name
+      description: Name of the application to be added
+      placeholder: Name of the application
+
+  - type: textarea
+    id: application-description
+    attributes:
+      label: Application Description
+      description: Provide a brief description of the application and its purpose
+      placeholder: Description of the application
+
+  - type: checkboxes
+    id: application-reason
+    attributes:
+      label: Reason for Addition
+      description: Please select one or more reasons for adding the application
+      options:
+        - label: New functionality
+        - label: Performance improvement
+        - label: Security enhancement
+        - label: Replacing another application
+          description: Provide the name of the application being replaced, if applicable
+        - label: Other (please specify)
+          description: Provide additional details
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Steps to Add                        
+
+  - type: checkboxes
+    id: steps-to-add
+    attributes:
+      label: Steps to Add
+      description: Please check off each step as it is completed
+      options:
+        - label: Add Configuration Files
+          description: Create and add configuration files for the new application
+        - label: Update Wiki
+          description: Create or update the Wiki page for the new application and update any relevant architecture diagrams or flowcharts
+        - label: Update README(s)
+          description: Add the new application to the main table and any other relevant sections
+        - label: Add to CD Platform Logic
+          description: Add necessary logic to the CD platform for the new application
+        - label: Testing and Validation
+          description: Ensure the application is tested and validated in the environment
+
+  - type: markdown
+    attributes:
+      value: |
+        ## Commit IDs for Completed Steps                
+
+  - type: textarea
+    id: commit-ids
+    attributes:
+      label: Commit IDs
+      description: Enter the commit IDs for the completed steps above
+      placeholder: Enter commit IDs separated by commas
--- a/.gitea/ISSUE_TEMPLATE/feature-request.yml
+++ b/.gitea/ISSUE_TEMPLATE/feature-request.yml
@@ -0,0 +1,50 @@
+name: 'Feature Request'
+description: 'Suggest a new feature for the project'
+title: 'Feature Request: [Summary]'
+labels: 
+  - enhancement
+assignees: ''
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Feature Request
+
+        **Please fill out this template with the requested information.**                
+
+  - type: input
+    id: summary
+    attributes:
+      label: Summary
+      description: A concise description of the feature you'd like to see added.
+      placeholder: Brief summary of the feature request
+
+  - type: textarea
+    id: motivation
+    attributes:
+      label: Motivation
+      description: Explain why this feature would be beneficial to the project. What problem does it solve or what value does it bring?
+      placeholder: Describe the motivation behind the feature request
+
+  - type: textarea
+    id: detailed-description
+    attributes:
+      label: Detailed Description
+      description: |
+        Provide a detailed explanation of the proposed feature. Include:
+        - How would this feature be used?
+        - What are the expected benefits of this feature?
+        - Are there any potential drawbacks or limitations to consider?                
+      placeholder: Provide a detailed description of the feature
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: |
+        Include any relevant information such as:
+        - Links to external resources (e.g., documentation, articles)
+        - Screenshots or mockups to illustrate the feature
+        - Use cases and examples of how the feature would be used                
+      placeholder: Add any other context or screenshots about the feature request here
--- a/.gitea/workflows/deploy-containers.yml
+++ b/.gitea/workflows/deploy-containers.yml
@@ -26,5 +26,5 @@ jobs:
          echo "StrictHostKeyChecking no" >> ~/.ssh/config
          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.vault_password.txt
          echo "nameserver 10.10.10.1" > /etc/resolv.conf
-          ansible-galaxy install -r requirements.yml
-          ansible-playbook main.yml --vault-password-file ~/.vault_password.txt
+          ansible-galaxy install oefenweb.fail2ban
+          ./.gitea/workflows/deploy.sh "${{ github.event.before }}" "${{ github.sha }}"
--- a/.gitea/workflows/deploy.sh
+++ b/.gitea/workflows/deploy.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+changed_tasks=($(git diff --name-only $1 $2 | grep '\.yml$'))
+if [ ! -z "$changed_tasks" ]; then
+    for task in "${changed_tasks[@]}"; do
+        tag=$(echo "$task" | awk -F/ '{print $2}')
+        if [[ "$tag" != "deploy-homelab.yml" && "$tag" != "main.yml" && "$tag" != "all.yml" && "$tag" != "all.example.yml" && "$tag" != "ISSUE_TEMPLATE" && "$tag" != "workflows"   ]] ; then
+           tag=${tag%.*}_install
+           ansible-playbook main.yml --tags "$tag" --vault-password-file ~/.vault_password.txt          
+        fi
+    done
+else
+    echo "No changes detected in task files. Skipping Ansible playbook execution."
+fi
--- a/all.yml
+++ b/all.yml
@@ -1,27 +0,0 @@
---
- hosts: all
-  become: yes
-  name: Configure all servers
-  pre_tasks:
-    - name: Create directories
-      file:
-        path: "/data"
-        state: directory
-        
-    - name: Setup base system
-      import_tasks: tasks/base.yml
-
-  roles:
-    - role: geerlingguy.docker
-      docker_users:
-        - administrator
-  tasks:
-    - name: Gather facts (always, even with tags)
-      ansible.builtin.setup:
-      tags: always
-
-    
-
-  
-
-    
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-inventory=hosts.ini
+inventory=hosts
 deprecation_warnings=False
 host_key_checking=False
 interpreter_python=auto_silent
--- a/build-debian-promox-template.yml
+++ b/build-debian-promox-template.yml
@@ -0,0 +1,70 @@
+---
+- hosts: proxmox
+  become: yes
+
+  tasks:
+    - name: Delete existing template
+      community.general.proxmox_kvm:
+        api_host: "{{ api_host }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        node: "{{ node_target }}"
+        name: "debian-12-generic-amd64"
+        state: absent
+
+    - name: Download cloud-init image
+      register: image
+      ansible.builtin.get_url:
+        url: "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2"
+        dest: /tmp
+        mode: "0644"
+        force: true
+
+    - name: Install Tools
+      ansible.builtin.apt:
+        name:
+          - libguestfs-tools
+          - python3
+          - python3-pip
+          - python3-proxmoxer
+        update_cache: true
+        install_recommends: false
+        state: present
+
+    - name: Install Tools to cloud-init image
+      ansible.builtin.shell: |
+        virt-customize -a {{ image.dest }} --run-command 'sed -i "s|primary.*|primary: https://deb.debian.org/debian|g" /etc/cloud/cloud.cfg'
+        virt-customize -a {{ image.dest }} --run-command 'apt update'
+        virt-customize -a {{ image.dest }} --install qemu-guest-agent
+
+    - name: Create new VM template from cloud-init image
+      community.general.proxmox_kvm:
+        api_host: "{{ api_host }}"
+        api_user: "{{ api_user }}"
+        # api_password: "{{ api_password }}"
+        api_token_id: "{{ api_token_id }}"
+        api_token_secret: "{{ api_token_secret }}"
+        api_port: "8006"
+        node: "{{ node_target }}"
+        name: "debian-12-generic-amd64"
+        agent: "enabled=1"
+        bios: ovmf
+        boot: "order=scsi0"
+        cores: 4
+        sockets: 1
+        machine: q35
+        memory: 4096
+        ostype: "l26"
+        vga: std
+        scsihw: "virtio-scsi-single"
+        net:
+          net0: "virtio,bridge=vmbr0,firewall=1,tag=10"
+        ipconfig:
+          ipconfig0: "ip=dhcp"
+        template: true
+        timeout: 600
+        vmid: 10000
+
+    - name: Import HDD to Template
+      command:
+        cmd: "qm set 10000 --scsi0 {{ storage_target }}:0,iothread=1,discard=on,import-from=/tmp/debian-13-generic-amd64.qcow2,format=raw"
--- a/cloud.yml
+++ b/cloud.yml
@@ -1,24 +0,0 @@
---
- hosts: cloud
-  become: yes
-  vars:
-    traefik_host: "vps02.comprofix.com"
-
-  tasks:
-    - name: Deploy traefik
-      import_tasks: tasks/traefik.yml
-
-    - name: Deploy postgres
-      import_tasks: tasks/postgres.yml
-
-    - name: Deploy Vaultwarden
-      import_tasks: tasks/vaultwarden.yml
-      tags: vaultwarden_install
-
-    - name: Deploy gitea
-      import_tasks: tasks/gitea.yml
-      tags: gitea_install
-
-    - name: Gotify
-      import_tasks: tasks/gotify.yml
-      tags: gotify_install
--- a/docker.yml
+++ b/docker.yml
@@ -1,96 +0,0 @@
---
- hosts: docker
-  become: yes
-  vars_files:
-    - vars/gitea-images.yml
-  vars:
-    traefik_host: "traefik.comprofix.xyz"
-
-  pre_tasks:
-    - name: Connect iscsi
-      import_tasks: tasks/iscsi.yml
-      vars:
-        iscsi_targets:
-          - iqn: iqn.2005-10.org.freenas.ctl:iscsi-docker
-            portal: 10.10.10.2
-            mount_point: /data
-      tags: iscsi_connect
-
-    - name: Connect NFS
-      import_tasks: tasks/nfs.yml
-      vars:
-        mounts:
-          - name: Data share
-            path: /mnt/nfs/data
-            src: truenas.comprofix.xyz:/mnt/datapool/docker
-
-  tasks:
-    - name: Deploy traefik website
-      import_tasks: tasks/traefik.yml
-    
-    - name: Deploy iDrac Fan Controller
-      import_tasks: tasks/idrac.yml
-      tags: idrac_install
-    
-    - name: Deploy Planka
-      import_tasks: tasks/planka.yml
-
-    - name: Deploy MariaDB
-      import_tasks: tasks/mariadb.yml
-      tags: mariadb_install
-
-    - name: Deploy InvoiceNinja
-      import_tasks: tasks/invoiceninja.yml
-      tags: invoiceninja_install
-
-    - name: Deploy Homepage
-      import_tasks: tasks/homepage.yml
-      tags: homepage_install
-
-    - name: Deploy speedtest-tracker
-      import_tasks: tasks/speedtest.yml
-      tags: speedtest_install
-
-    - name: Deploy dozzle
-      import_tasks: tasks/dozzle.yml
-      tags: dozzle_install
-
-    - name: Deploy jellyseerr
-      import_tasks: tasks/jellyseerr.yml
-      tags: jellyseerr_install
-
-    - name: Deploy lidarr
-      import_tasks: tasks/lidarr.yml
-      tags: lidarr_install
-
-    - name: Deploy prowlarr
-      import_tasks: tasks/prowlarr.yml
-      tags: prowlarr_install
-
-    - name: Deploy radarr
-      import_tasks: tasks/radarr.yml
-      tags: radarr_install
-
-    - name: Deploy sonarr
-      import_tasks: tasks/sonarr.yml
-      tags: sonarr_install
-
-    - name: Deploy sabnzbd
-      import_tasks: tasks/sabnzbd.yml
-      tags: sabnzbd_install
-
-    - name: Deploy mealie
-      import_tasks: tasks/mealie.yml
-      tags: mealie_install
-
-    - name: Deploy pyKMS
-      import_tasks: tasks/pykms.yml
-      tags: pykms_install
-
-    - name: Deploy mediawiki
-      import_tasks: tasks/mediawiki.yml
-      tags: mediawiki_install
-
-
-
-  tags: dockerserver_install
--- a/frigate.yml
+++ b/frigate.yml
@@ -0,0 +1,10 @@
+---
+- hosts: frigate
+  become: yes
+  pre_tasks:
+    - name: Base Install
+      include_tasks: tasks/base.yml
+  roles:
+    - role: docker
+      tags: docker_install
+  tags: frigate_install
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,102 +1,77 @@
 $ANSIBLE_VAULT;1.1;AES256
-32383865376334343361663231366634376235663132356263663163303333323835363637396139
-3238343638613366373865323665306331383931383837320a316436376266383337396666333464
-62633665646137356563316639643139376463396135343362326637616339303762333861633862
-3961353538363235660a646231666237333730313536356561353837353564313133663336303862
-32366366613362643938316439353835633963376463353239373533643330306630386639353432
-37373736613262646635643833646261356432393463323237623865616464616264303638633662
-39623233646138353036353237303766656466376138316633366239396238313734306364393330
-32346161376262393862376638616464383963646362366432656437653363393430326263316666
-34383732613461346266313061363231626561346363653932613166613031633435666130376337
-37643963356262613862646639386263306238383364336635613461333166366261613335363132
-34393062353363313637626165313932646335616461326463646534386132663564366564633761
-31363033633533366562306236303338336165646564353861356664613539373864353938396561
-66316265306161616136303231383034636366313133363061656534313332653261626566623462
-64353230316136393764346265666663636134313035613962363831643730643738346132376338
-63386136626637646634393563356633383734666138333936303965396432393766643435363832
-61383766333937623036393064633934663438643536333939383335613338653934353462626462
-37306538666438666137666230346332633966613565653634343437626336343463356337353635
-37383334323765346263303039353734313635663164393065393738343037303238386465313634
-63613931666164303631323136623039633166373530303734393936633661633266366164333365
-38623762326136613761636361326632376534653133653836393362663564336532616334663765
-34306237353437303064666431393732333335373264326466333033326664343737333262623261
-63303662616536323730636333306133666636373838386630626262393734626337346430646432
-39373937313439356362353135303834366334386438623936346332383032613431356264376464
-35323232386136303532343965366232376632303665623539656263323761343032336664303031
-32323035663661633063653162653132343130366431363431666333613739616161313561323931
-30366236343939616463616137653131633864323335373362646266313266326530653766373865
-66306364643234643762636665353364393065396637633161386635383466326532613137626634
-35373565326431653233653832393039363231383632316638303262666338633462626533373333
-63333832613134666636303434663663623264303766393662616632393961393037306365373332
-32333135363661653136333062643564303362623739636634363664303765336432353332633366
-62356663623832656366373766353839376339306661303731306231386238396331386630623931
-62336336346163663032356163626366626236303563653061303439326364333362363237343439
-65353236306237363237303936663161363631373064303635346463636363636634363533363035
-63313338663438376635653933613933613437376135393339393636346236633039393661333366
-38616331646663386662333765633162376366333236396138653533613861363063623734386234
-62386238396135386632626135643731346430393038633231333032393265633235336330626139
-30633464383638666235323032666433636662653936626237336135363331663330383231376265
-34343436366363653030333336376430343266303530373335636438336164393330326665376566
-30636164316266336534633363633833616231626138373962333435393064383538343861626434
-34306161393965363566623964366262313034656638303330363034303934393731323163666533
-30303136656230306337373835303531623339383666646332336135613930383637623765393861
-37366366376630343662346266613064303031363437323863646336376333323864393132313135
-62396466313637613263626138323038343463386231646136656662636262333665393564633161
-61636532663435653834333438393936663433626137313236396531323638633330343132613762
-35346433323135626163646362306663366161393766626637326335353434636138363266373838
-66353839323635316365663438343566336230373539643762366637653163616630616666623361
-66373035393930303530633130643130653231623463346430383233366336373761333739633863
-37316462326133326136323461363037663264616138393039616439613966383132343365373762
-66666263373165336239353966373432366362336333333539663831313265366361383830383638
-63353534643535323362616662646362363163373537353635343534626131666666396134303836
-31623731343361343637626436636566323064626334383834633232653135353237343238313932
-66353439363838393030643639356636313536343866313231366536376634363738323666643230
-31663333633438343634396563373665376333333066353030616462356535623436613238303236
-66643737376664323862306639303536326261313830383931306539653863353636636233313238
-63316163393638643561356136653735643835633532396366323735393839376230373431613336
-38316439616532363838663130653062643336653431663031656530353830373164383161343733
-32633133626633323237343831383031396234373361653639306134303234363561636265636135
-33636563303466326536353635666165616130383063316661386432633562383161633731396161
-37613539633139396636653932316161633461366138613066373633633430633532623662346561
-38613930316662363735333038616261353733353931623266663334303233613265623638383330
-31613139303631353139386139656661343266616138366630626364356431396435666639376636
-31306632363236666133323532356435653331373561323633316466626632373233663961663834
-64613238613631393439353638346333656239343562643362366364346338643366353335626239
-30336539343333626364313764356233366631626530633834613730646135353332366133646433
-35373563333139353439353866633639343864326332346432613936356236373937363936613936
-32373464393530376537616264316134383437383735383030393534343262666639636237303534
-38643432323036306566316434663063643462623938383532353137613436333930626664376237
-64643334633731343266656361323837313461376333313964626361613365376563333866663632
-61373734313235656364393763373330313263333765613363636539336133396137666336373839
-37623966303964316364366562323335323765393365663433386233373038356634646464396238
-37326234373461343036303236623237333863313665303161646437353836323234653331383366
-37343436656135356465656134653831346233376134313535306538653333376337653039313835
-36383165336463613835396633663937653232366264616161666339373133326362613662313364
-66613764363634646430333039643863616631666666323364646231343266653235636661653961
-63626161613933316465313965303435626266366230393634353062353832643261353961393131
-32373839613936333233636331323530663965386430663763623065616433386166313130383863
-36376433653236343364393231666236303731333134353738656138343036313237316362613964
-39636137303661343462313033363466663335343566383939643961613539633231373264386165
-35373636363834333231333666656333303836663139623161373338643234626233393635326638
-34323639346135666331643239326261633836323861646338336161313961396665383438306238
-64613938333863303161613665353063613434336438613361336434653963306632323063613932
-66623837373831613063633739633466373534663762663565356137393834636332613464643932
-32626433623630333236363536656162386333653365303238633237376163336131643065636261
-62366531373664343739303661623637666261656538346663306261353630346563623635633535
-35353665356535386435653961343435623563613930393566323165326562656561353831313639
-31646333303838303133626566383139636433346338626464303261373963343933333162393236
-64366466303137663366303434326438346533346437626162313464653064643861613433353861
-36643664366364396364333933646531656239646564666139323936313936623733363939393932
-61346330356237393532373961616134656563383338386239363961363432386331306465363330
-65616433366132656230373833623065333166383862656162393138366439393563643261326336
-36383034323932306431653231316236663466613035303335623731346466373230646461396437
-64343930383435393936646666633163373034323564306238343263346166306332343537663934
-34623961333036323038623635623661313635616334353137653633333038353361316130633565
-32663631643366356434346639363666613639643730313337653839343532343735323265313135
-33303736363465613335323234373465383937396330383463376262313637393132663631333239
-66643532663134623465383133363738646636346631353739393433333436626662343864623233
-66643538303165306538626130313834323461653036643932313630363533323065636230356438
-65393738336638623163363063346638646139646663346537306630616239633662663335386437
-62303832643766396262353836363338356566663930303861396563323133646366623262303863
-34383934313666636431663765666334643137613439336334653339316539306562373365373637
-3664
+33613135343463616362333364303264636562323732393265303635313966333764333163336330
+6632343863346536323631343266316633306263376635360a343161373933336662663435643534
+34613462346233363062313832653439383436646464653433376230616231656132363536333734
+3338333735623434390a653032333164313434663665653132326430663761316230373138383734
+64626535303261663432356664306666303438643834613935636436353963376462613230626431
+35306166303936373363363735623061623135646533636135343564646361636438646364323963
+33333563366536616461346239306461303033363638333265616162303734653234313433653865
+64663166393965333161353665313537663334323137633263303032376231623534353362653862
+38613832316239656535613430663635333963303863663562373862366235353430303965323263
+33653765613734353166336663353365383264373466636262346235363261353732616432326461
+61383264663131326231376564393736383838353265393136613164633930653765353738326133
+31663265373265383264346536633462383731653732326433653732356239376331356235663232
+62626233653136346330373462373530323537353937656331346463343437366662626166323664
+39303439356630336237663437626565333331303566303263396632363839393863646233396437
+65663736306261643435326366346665653532666437396462363139313364663162393539383330
+39333633383561396362303432376536386232646335393833306338616564303432373939363338
+36383736643638623330303036363034663532393465346132663432366530386561613663373934
+66333037623637623761633063633664633961616331383835363031333833373232326436396264
+61653065646565636139626130363439636630313565656266613262373665363863613138313538
+32613663373837376465353935653561393837306634356230363531393433393966653130366363
+37646364336362636532313034653733386263353962393561313334646335633666646132653766
+37376364643461663537393637333261656165653536653933326439653963663431663265323339
+34613035313765363763343363343565663234333637336262353032323662346331363734383666
+36623833636132653064336565333336306132373566306563666662636464373134356339383861
+34633361353562313134393931613330343863336339363234646432343035363365653761303763
+66316635373835383165633037663365383931353630376231616361653334396232343938363565
+35386636356363663238383237303238613339346665306535626330353364666266316266616534
+32336137613931383263666231373231353462666131303161626236613431366163393431343031
+37343236633736626336656536653236366330666561353939623336356263343732636237393962
+36303535646538653437313930316135383637376631353532383064616234343064353434383865
+32633430313336653665343330663730333465653133636630316132326564343737303733613961
+65643331663264346237326235323665393533393736343666633432323430376665326139643735
+33396331636432313537326437333335333763313437626231386633366635333332653130333434
+36303930326264636161373433386532646662323933396431326564386330663637663439633139
+64333835333862653932356464666263623466623238613133356434626661613162666534343831
+37313630306336313730363133323865633838623436326463346538316533336433633961663337
+30636532626364323565323033316139633965336135643132653230326533323233653334656166
+30386432336236333463346233653832393335353036303836393739346365643133653361623866
+30666639343836316565316530623536316465313164373830323635306364336161343361663763
+37653639326333326232336462623362323666656134323238613533326438633639343065626262
+64666436386139646230653631666163386430663865366565323266383030336239373561616332
+39343835653638613632373561343962373261613161303738616261633462333130363364306330
+66366233323633366632336531343232386139656365626138316439323638306331346363343237
+30343764666337656662323463353236393038663632373064623132313466626363386439616135
+63336361653431323663306433343930386235396137363235623135643465313064636433623463
+62646433616266643838373031616562316566623666366233653164386435356337653364623933
+35616465393830316236376230376635653763336639633235653533643166306639623237633130
+62356335346230666661303964306332623765616465373331663037633735626337626533346430
+32396235616138373962323039323566356533646130386462326230393833303539323764333934
+33656636323230623139643837633334326338326165353462393963306135643739353537353830
+64666664393238363832633135633836396661396235663732623166616635346661666537623438
+65663134363839323739393166366466623466353462623234393635633130386261626361616539
+39373137303636653865383839353437363635303338343339656630363135616432343634646438
+61636236343866343462353534386163323730343637346466313630366331623132376661653565
+38383034366137356331633663343831376561356137363232386266616466633963613766616439
+33333331616663333439386666326430633139396330626666363837326330316266643063313939
+37373335376632303138653935383065393465636631663737376236616665363230383131396433
+32383838336431623131633133393033343034376633343733656634396133313331386138313730
+66363131343463653235643862333666353138316166363961303366313230386439306665653731
+37663436393564383335326635343361323937333734303639383663313164636165353035633732
+37653836323039383934313538353661646332653365393731633066643161373764346435623464
+64663132333033656239393137383435666236376633633066376564643461376630333836363133
+62343531626165323834656434613065623437306139643265313334633830633661373161326339
+34396432386363346664356230373634383038653763636261386439613261613062356235333739
+64663661336135343834623035306266373266656362613764393730623232323566363036333536
+30653133653763666261313335666332653062366561376333633162333534306236393864326465
+31386561353335393032643535333438613366633164336365643263353330376461643739396333
+37323263633062623266303261353164613162313032353964353135373161333430316338636337
+64616134656533316236663437373836373637613534633262396531626430663937316630306566
+39363061333734643539396337396564666234353930663365326263653663666230363434653030
+63383230383131663537666337643162366634633430393862333664353766326133633438383666
+39376435313734613832366338643136383264313665386161643838346533623531396230633761
+36636665633731616466653034363232396637626235663662376434353962373730323831613131
+64316363396432333236306265346632303961336132666162336666373132383532613238633661
+36363032306431653163303734353638326437653462343562396436346130333634333234643835
+32653562613733643363
--- a/hosts.ini
+++ b/hosts.ini
@@ -1,6 +1,5 @@
-[all:vars]
-ansible_shell_type = sh
-ansible_shell_executable = /bin/bash
+[proxmox]
+pve2.comprofix.xyz ansible_user=root

 [cloud] 
 vps02.comprofix.com
@@ -14,6 +13,13 @@ omada-lxc.comprofix.xyz ansible_user=root
 [vps]
 vps01.comprofix.com

-[internetfacing]
+[jellyfin]
+jellyfin.comprofix.xyz
+
+[base]
 vps01.comprofix.com
-vps02.comprofix.com
+vps02.comprofix.com
+omada-lxc.comprofix.xyz
+jellyfin.comprofix.xyz
+
+
--- a/internetfacing.yml
+++ b/internetfacing.yml
@@ -1,35 +0,0 @@
---
- name: Install fail2ban on internet facing servers
-  hosts: internetfacing
-  become: true
-  roles:
-    - role: grzegorzfranus.fail2ban
-      vars:
-        fail2ban_ignoreip:
-          - 127.0.0.1/8 # loopback
-          - 10.0.0.0/8 # Private
-          - 172.16.0.0/12 # Private
-          - 192.168.0.0/16 # Private
-          - 169.254.0.0/16 # link-local / APIPA
-          - 100.64.0.0/10 # CGNAT
-          - 203.0.113.0/24 # TEST-NETs
-          - 192.0.2.0/24 # TEST-NETs
-          - 198.51.100.0/24 # TEST-NETs
-          - ::1 # ULA - fc00::/7 # Private
-          - fe80::/10 # Private
-        fail2ban_bantime: "1h"
-        fail2ban_findtime: "30m"
-        fail2ban_maxretry: 3
-        fail2ban_custom_jail_files:
-          - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
-            content: |
-              [sshd-strict]
-              enabled = true
-              filter = sshd
-              port = ssh
-              logpath = journal
-              backend = systemd
-              maxretry = 3
-              bantime = 3600
-              findtime = 300
-  
--- a/main.yml
+++ b/main.yml
@@ -1,7 +1,189 @@
 ---
- import_playbook: all.yml
- import_playbook: internetfacing.yml
- import_playbook: cloud.yml
- import_playbook: docker.yml
- import_playbook: omada.yml
+- hosts: base
+  name: Configure all servers
+  become: yes
+  gather_facts: yes

+  roles:
+    - role: base
+      tags: base_install
+
+- hosts: cloud
+  become: yes
+  roles:
+    - role: oefenweb.fail2ban
+      vars:
+        fail2ban_services:
+          - name: sshd
+            port: 22
+            maxretry: 3
+            bantime: -1
+      tags: fail2ban
+
+    - role: docker
+      tags: docker_install
+
+    - name: traefik
+      vars:
+        traefik_host: traefik01.comprofix.com
+      tags: traefik_install
+
+  tasks:
+    - name: Deploy Vaultwarden
+      import_tasks: tasks/vaultwarden.yml
+      tags: vaultwarden_install
+
+    - name: Deploy gitea
+      import_tasks: tasks/gitea.yml
+      tags: gitea_install
+
+    - name: Gotify
+      import_tasks: tasks/gotify.yml
+      tags: gotify_install
+  tags: cloud_install
+
+- hosts: docker
+  become: yes
+  vars_files:
+    - vars/gitea-images.yml
+
+  pre_tasks:
+    - name: Connect iscsi
+      import_tasks: tasks/iscsi.yml
+      tags: iscsi_connect
+
+  roles:
+    - role: oefenweb.fail2ban
+      vars:
+        fail2ban_services:
+          - name: sshd
+            port: 22
+            maxretry: 3
+            bantime: -1
+      tags: fail2ban
+
+    - role: docker
+      tags: docker_install
+    - role: nfs
+      mounts:
+        - name: Data share
+          path: /mnt/nfs/data
+          src: truenas.comprofix.xyz:/mnt/datapool/data
+      tags: nfs_install
+
+    - role: traefik
+      vars:
+        traefik_host: traefik02.comprofix.xyz
+      tags: traefik_install
+
+  tasks:
+    - name: Deploy comprofix.com website
+      import_tasks: tasks/comprofix.com.yml
+      tags: comprofix_install
+
+    - name: Deploy iDrac Fan Controller
+      import_tasks: tasks/idrac.yml
+      tags: idrac_install
+
+    - name: Deploy MariaDB
+      import_tasks: tasks/mariadb.yml
+      tags: mariadb_install
+
+    - name: Deploy InvoiceNinja
+      import_tasks: tasks/invoiceninja.yml
+      tags: invoiceninja_install
+
+    - name: Deploy Homepage
+      import_tasks: tasks/homepage.yml
+      tags: homepage_install
+
+    - name: Deploy speedtest-tracker
+      import_tasks: tasks/speedtest.yml
+      tags: speedtest_install
+
+    - name: Deploy dozzle
+      import_tasks: tasks/dozzle.yml
+      tags: dozzle_install
+
+    - name: Deploy jellyseerr
+      import_tasks: tasks/jellyseerr.yml
+      tags: jellyseerr_install
+
+    - name: Deploy lidarr
+      import_tasks: tasks/lidarr.yml
+      tags: lidarr_install
+
+    - name: Deploy prowlarr
+      import_tasks: tasks/prowlarr.yml
+      tags: prowlarr_install
+
+    - name: Deploy radarr
+      import_tasks: tasks/radarr.yml
+      tags: radarr_install
+
+    - name: Deploy sonarr
+      import_tasks: tasks/sonarr.yml
+      tags: sonarr_install
+
+    - name: Deploy sabnzbd
+      import_tasks: tasks/sabnzbd.yml
+      tags: sabnzbd_install
+
+    - name: Deploy mealie
+      import_tasks: tasks/mealie.yml
+      tags: mealie_install
+
+    - name: Deploy pyKMS
+      import_tasks: tasks/pykms.yml
+      tags: pykms_install
+
+    - name: Deploy mediawiki
+      import_tasks: tasks/mediawiki.yml
+      tags: mediawiki_install
+
+    - name: Deploy traggo
+      import_tasks: tasks/traggo.yml
+      tags: traggo_install
+
+    - name: Deploy gitea-runner-homelab
+      import_tasks: tasks/gitea-runner-homelab.yml
+      tags: gitea-runner-homelab_install
+    
+    - name: Deploy mssql
+      import_tasks: tasks/mssql.yml
+      tags: mssql_install
+
+  tags: dockerserver_install
+
+- hosts: omada
+  become: yes
+  pre_tasks:
+    - name: Run base role to update packages
+      import_role:
+        name: base
+      tags: base_install
+
+    - name: Create directories
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "/data"
+  roles:
+    - role: docker
+      tags: docker_install
+    - role: nfs
+      mounts:
+        - name: Data share
+          path: /data
+          src: truenas.comprofix.xyz:/mnt/datapool/docker
+      tags: nfs_install
+  tasks:
+    - name: Deploy Dozzle Agent
+      import_tasks: tasks/dozzle-agent.yml
+      tags: dozzle-agent_install
+
+    - name: Deploy Omada
+      import_tasks: tasks/omada.yml
+      tags: omada_install
+  tags: omada_lxc_install
--- a/omada.yml
+++ b/omada.yml
@@ -1,8 +0,0 @@
---
- name: Setup the omada
-  hosts: omada
-  become: true
-  tasks:
-    - name: Deploy omada controller
-      import_tasks: tasks/omada.yml
-   
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,7 +0,0 @@
-roles:
-  - name: grzegorzfranus.fail2ban
-    src: git+https://github.com/grzegorzfranus/ansible-role-fail2ban
-    version: main
-  - name: geerlingguy.docker
-    src: git+https://github.com/geerlingguy/ansible-role-docker
-    version: master
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -0,0 +1,26 @@
+---
+install_packages: # Add addition packages here
+  - rsyslog
+  - htop
+  - vim-nox
+  - git
+  - zsh
+  - curl
+  - wget
+  - apt-transport-https
+  - ca-certificates
+  - gnupg2
+  - python3
+  - python3-pip
+  - nfs-common
+  - cron
+  - jq
+  - sudo
+  - logwatch
+  - sendemail
+  - libio-socket-ssl-perl
+  - libnet-ssleay-perl
+  - iptables-persistent
+  - rclone
+  - parted
+  - open-iscsi
--- a/roles/base/tasks/bookworm_to_trixie.yml
+++ b/roles/base/tasks/bookworm_to_trixie.yml
@@ -0,0 +1,26 @@
+---
+- name: Replace sources.list entries for Trixie
+  lineinfile:
+    path: /etc/apt/sources.list
+    regexp: "^deb "
+    line: "deb https://deb.debian.org/debian trixie main"
+  become: yes
+
+- name: Update cache for Trixie
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+
+- name: Dist-upgrade to Trixie
+  apt:
+    upgrade: dist
+    force_apt_get: yes
+  register: trixie_upgrade
+
+- name: Reboot after Trixie upgrade
+  reboot:
+    reboot_timeout: 600
+    test_command: whoami
+  when:
+    - ansible_virtualization_type != "lxc"
+    - trixie_upgrade.changed
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+# Gather initial facts
+- name: Gather facts
+  ansible.builtin.setup:
+
+# Update system and install packages
+- import_tasks: system_update.yml
+
+# Upgrade Bookworm -> Trixie if applicable
+- import_tasks: bookworm_to_trixie.yml
+  when: ansible_distribution_release == "bookworm"
+
+# Move to Trixie sources.list.d layout
+- import_tasks: sources_list.yml
+
+# Remove EXTERNALLY-MANAGED files
+- import_tasks: python_cleanup.yml
--- a/roles/base/tasks/python_cleanup.yml
+++ b/roles/base/tasks/python_cleanup.yml
@@ -0,0 +1,17 @@
+---
+- name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
+  find:
+    paths: /usr/lib
+    patterns: "EXTERNALLY-MANAGED"
+    file_type: file
+    recurse: yes
+  register: externally_managed_files
+  become: yes
+
+- name: Delete EXTERNALLY-MANAGED files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ externally_managed_files.files }}"
+  when: externally_managed_files.matched > 0
+  become: yes
--- a/roles/base/tasks/sources_list.yml
+++ b/roles/base/tasks/sources_list.yml
@@ -0,0 +1,42 @@
+---
+- name: Remove old sources.list and sources.list.d
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/apt/sources.list
+    - /etc/apt/sources.list.d
+  become: yes
+
+- name: Ensure sources.list.d directory exists
+  file:
+    path: /etc/apt/sources.list.d
+    state: directory
+    mode: 0755
+  become: yes
+
+- name: Create Trixie sources.list.d
+  copy:
+    dest: /etc/apt/sources.list.d/debian.sources
+    content: |
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian
+      Suites: trixie trixie-updates trixie-backports
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian-security
+      Suites: trixie-security
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: Update APT cache after sources.list.d
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  become: yes
--- a/roles/base/tasks/system_update.yml
+++ b/roles/base/tasks/system_update.yml
@@ -0,0 +1,48 @@
+---
+- name: Ensure debian-archive-keyring is installed
+  apt:
+    name: debian-archive-keyring
+    state: present
+    update_cache: yes
+  become: yes
+
+- name: Update APT cache
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+
+- name: Upgrade all packages to latest
+  apt:
+    name: "*"
+    state: latest
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: upgrade_result
+
+- name: Dist-upgrade packages
+  apt:
+    upgrade: dist
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: dist_upgrade_result
+
+- name: Install required packages
+  apt:
+    name: "{{ install_packages }}"
+    state: present
+  become: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: install_result
+
+- name: Reboot if required after updates
+  reboot:
+    reboot_timeout: 600
+    test_command: whoami
+  when:
+    - upgrade_result.changed or dist_upgrade_result.changed or install_result.changed
+    - ansible_virtualization_type != "lxc"
+  become: yes
+
+- name: Gather facts after reboot
+  setup:
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for docker
--- a/roles/docker/meta/main.yml
+++ b/roles/docker/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Mounting NFS filesystem
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+- name: Add Docker apt key.
+  ansible.builtin.get_url:
+    url: "{{ docker_apt_gpg_key }}"
+    dest: /etc/apt/trusted.gpg.d/docker.asc
+    mode: "0644"
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
+  ignore_errors: true
+
+- name: Add Docker repository.
+  apt_repository:
+    repo: "{{ docker_apt_repository }}"
+    state: present
+    filename: "{{ docker_apt_filename }}"
+    update_cache: true
+
+- name: Install Docker packages.
+  package:
+    name: "{{ docker_packages }}"
+    state: "present"
+
+- name: Install Docker Module for Python
+  pip:
+    name:
+      - PyYAML==5.3.1
+      - docker
+      - docker-compose
+      - pymysql
+      - passlib
+    state: "present"
+
+- name: Ensure docker users are added to the docker group.
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  with_items: "{{ docker_users }}"
+
+- name: Reset ssh connection to apply user changes.
+  meta: reset_connection
+
+- name: Setup cron job for backup
+  cron:
+    name: Docker Prune
+    weekday: 0
+    minute: 0
+    hour: 5
+    job: "docker system prune -af && docker image prune -af && docker system prune -af --volumes"
--- a/roles/docker/vars/main.yml
+++ b/roles/docker/vars/main.yml
@@ -0,0 +1,51 @@
+$ANSIBLE_VAULT;1.1;AES256
+64333366376565666537636661386563333435346363643732356565376136386339653636306664
+3835643634363033653339633164353735343066323164320a306338353435306164646461633634
+30373663383263643435373039353430353362326635386636656362396463383937313937336136
+6564643234353836340a326563656466626466363662323234613539353234613763666533323261
+65656565336664303562616262316161623231633531643034366635386562623332323038643062
+39663137373761373936373136353632323532363233616533343432663566323331343638366165
+31333236633232646266633236356538343732663034613037353037356538326566616238396334
+62356263616632333231383430303934613962313463666338396431346263653862616337626338
+61373334386133343938386236303761643538633638316239646565386162393663666534643363
+30326634383835643766623266656361666238636239646135376633616532663233323062383739
+31623661636263633131356461643835303363653538646130393239376362633166343463396439
+39636631643165643836613933396437356532636538626161343438626238306464623566633835
+64386333353864393933333332313438373438643133393330613938336434353831643635396531
+37303264383464663166313965623634303532383530383037623766313866346563376166653465
+31616633623533393363373536353730626135633261333761346139656533383734613461656338
+30666562383039393762306361623139656464363666353337623936646166653436643061303938
+64303765326530366530353063376434623162626438333764636534613033633330386262653232
+39666266393161326562616436303131623866383362326564653463383166623161326633353433
+37333963623966363239336263333261313066323137633634343762626133356132386332383633
+64316537313232616264333334666361636539613839343339613531356265643761353833396230
+61303535313531363234353234333631393639333837313735393137396237633833396531653732
+34323737346637353764336136623231383066363436313736343761363763353534363662623961
+39633264616136643239303361316139633033633035333564623939633165623162623237616534
+32366363333736333837336634306633626562633138646131303665336139663365366633653336
+62343831303865323166623733346237363261333864323965353565343362623234613031306533
+61633336383465316433356230626465636239366266323032663665663233336330653364316466
+38393565636434393136396264386464316265326365666334363832313963326532353734333361
+62663438623237356265616232353136623139623162366339666635393530346536356664663534
+36353931656263306434366339636333626335356230383638323830383632653239303535366136
+34336637653863663362383336623130376533346265366234376562653234356435333830303863
+64326430336165393939393838346532353236656438376562383930393665343466356535666566
+30623932643831656261313439653664653736623234336136616539633966643762663362333734
+33656664636336333832613738333163633662353838633730393031363032383839383032633964
+30623065376666343538353262306266353834613066633664383636386135353963303738633933
+65376131363237336636323862643832356662396166383132346431326435383161613236653332
+37346635623465333263386534333738346235633236643363393461323364313661616436666237
+63633039336666363533643732623563306663353263633664666561343937313735653061336138
+38313237663739313463396531336138653233646339356539366139356261303338623239363039
+37396535653532383664663231643533393162396433393137663430333634646464333332396665
+63623938393939666535663963363561366366633263373132383235373132326530613061646437
+65326134656163663061316666393963633434393836323566366536313764623964653538386432
+34386639383565396366316266323638666433383765666335336439313562373066643632316530
+62323762633038353833396437343935643766386161663564306165663739663763623330396630
+39376135366365663533663666646336333034613366623538666332383631656338666533643939
+32663365663930313363613035363530376661363561626532663532373938383139656234626436
+31396366356230646435333933613632343638316465326438336333623963303136323866363635
+65643161663338363165323433336264333539663063633230323039336531623938336537303864
+30663131663231356537323636306330353062383034363238633439386434313232633264306263
+34633632623664343931343630333863323239346236356231333935636564356138666364303738
+6265653661366161656362613066343966393933396264633934
--- a/roles/docker/vars/main.yml-template
+++ b/roles/docker/vars/main.yml-template
@@ -0,0 +1,21 @@
+---
+# vars file for docker
+docker_edition: 'ce'
+docker_packages:
+  - "docker-{{ docker_edition }}"
+  - "docker-{{ docker_edition }}-cli"
+  - "docker-{{ docker_edition }}-rootless-extras"
+  - "containerd.io"
+  - "docker"
+  - "docker-compose-plugin"
+# Docker repo URL.
+docker_url: https://download.docker.com/linux
+docker_apt_repository: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{docker_url}}/{{ ansible_distribution | lower}} {{ansible_distribution_release}} stable"
+docker_apt_ignore_key_error: true
+docker_apt_gpg_key: "{{ docker_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
+docker_apt_filename: "docker"
+# A list of users who will be added to the docker group.
+docker_users: [administrator] # CHANGE_ME!!! - Add addition users.
+# Docker daemon options as a dict
+docker_daemon_options: {} 
--- a/roles/nfs/defaults/main.yml
+++ b/roles/nfs/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# defaults file for roles/nfs-mount
+
+# List of NFS shares
+nfs_share_mounts: []
+
+# Default NFS4 mount options
+nfs_mount_opts: "rw,sync,hard"
--- a/roles/nfs/meta/main.yml
+++ b/roles/nfs/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Mounting NFS filesystem
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/roles/nfs/tasks/main.yml
+++ b/roles/nfs/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
+  
 - name: Install NFS mount utility
  ansible.builtin.apt:
    update_cache: true
@@ -10,7 +11,10 @@
  ansible.posix.mount:
    src: "{{ item.src }}"
    path: "{{ item.path }}"
-    opts: "{{ item.opts | default('rw,sync,hard') }}"
+    opts: "{{ item.opts | default(nfs_mount_opts) }}"
    state: "{{ item.state | default( 'mounted' ) }}"
    fstype: nfs
  with_items: "{{ mounts }}"
+    
+
+
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for common
--- a/roles/traefik/meta/main.yml
+++ b/roles/traefik/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Matthew McKinnon
+  description: Traefik Proxy
+  company: support@comprofix.com
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -4,33 +4,56 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/traefik"
-    - "/data/traefik/config"
-    - "/data/traefik/log"
+    - "{{ data_folder }}/traefik"
+    - "{{ data_folder }}/traefik/data"
+    - "{{ data_folder }}/traefik/data/log"

- name: Ensure 'proxy' network exists
+
+- name: Create a network
  docker_network:
    name: proxy
+  register: network

- name: Copy Traefik main configuration
+- name: Copy Traefik config
  template:
-    src: ../templates/traefik.yml.j2
-    dest: "/data/traefik/config/traefik.yml"
+    src: templates/traefik.yml.j2
+    dest: "{{ data_folder }}/traefik/data/traefik.yml"
    mode: "0600"

- name: Copy Traefik extra config
+- name: Copy Traefik config
  template:
-    src: ../templates/config.yml.j2
-    dest: "/data/traefik/config/config.yml"
+    src: templates/config.yml.j2
+    dest: "{{ data_folder }}/traefik/data/config.yml"
    mode: "0600"
+  when: traefik_host == "traefik02.comprofix.xyz"

- name: Ensure acme.json exists
-  file:
-    path: "/data/traefik/config/acme.json"
+- name: Check if {{ data_folder }}/traefik/data/acme.json exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/acme.json"
+  register: file_status
+
+- name: Creates {{ data_folder }}/traefik/data/acme.json if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/acme.json"
    state: touch
-    owner: root # UID Traefik runs as
-    group: root # GID Traefik runs as
+    owner: root
+    group: root
    mode: "0600"
+  when: not file_status.stat.exists
+
+- name: Check if traefik.json.log exists
+  ansible.builtin.stat:
+    path: "{{ data_folder }}/traefik/data/log/traefik.json.log"
+  register: file_status
+
+- name: Creates traefik.json.log if it doesn't exists
+  ansible.builtin.file:
+    path: "{{ data_folder }}/traefik/data/log/traefik.json.log"
+    state: touch
+    owner: root
+    group: root
+    mode: "0600"
+  when: not file_status.stat.exists

 - name: Create traefik Container
  docker_container:
@@ -48,15 +71,15 @@
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - "/data/traefik/config/traefik.yml:/traefik.yml:ro"
-      - "/data/traefik/config/acme.json:/acme.json"
-      - "/data/traefik/log:/var/log/traefik"
-      - "/data/traefik/config/config.yml:/config.yml:ro"
+      - "{{ data_folder }}/traefik/data/traefik.yml:/traefik.yml:ro"
+      - "{{ data_folder }}/traefik/data/acme.json:/acme.json"
+      - "{{ data_folder }}/traefik/data/log:/var/log/traefik"
+      - "{{ data_folder }}/traefik/data/config.yml:/config.yml:ro"
    labels:
      traefik.enable: "true"
      traefik.http.routers.traefik.entrypoints: "http"
      traefik.http.routers.traefik.rule: "Host(`{{traefik_host}}`)"
-      traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_password }}"
+      traefik.http.middlewares.traefik-auth.basicauth.users: "{{ traefik_api_user }}:{{ traefik_api_password | password_hash('blowfish','1234567890123456789012') }}"
      traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme: "https"
      traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: "https"
      traefik.http.routers.traefik.middlewares: "traefik-https-redirect"
@@ -70,6 +93,3 @@
      traefik.http.routers.traefik-secure.tls.domains[1].main: "comprofix.xyz"
      traefik.http.routers.traefik-secure.tls.domains[1].sans: "*.comprofix.xyz"
      traefik.http.routers.traefik-secure.service: "api@internal"
-    pull: true
-    recreate: true
-    
--- a/roles/traefik/templates/config.yml.j2
+++ b/roles/traefik/templates/config.yml.j2
--- a/roles/traefik/templates/traefik.yml.j2
+++ b/roles/traefik/templates/traefik.yml.j2
--- a/roles/traefik/vars/main.yml
+++ b/roles/traefik/vars/main.yml
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+30383964326461633635663931626663613439303937636462313365666131643236663765393635
+6361373462653766303137356639616339326537356239370a643636353132663030623633346134
+34336365376337643034633737356132623135353963316336643161353864313933326331656661
+3639313130373266370a643539366233656263613238616231383937333761336236316365353431
+36303637393133316536353863396562643661386365353539353039636461396131633566386631
+63383965646662646233613833323964316661343435323533623832353364636639336434633362
+37653666316438376164626663383165633937313833396164313930366261326463656264333236
+35633361353764393537333637633762393661616265353639376330346133373730346565383435
+66663165333863323234376361393763636662363833613965336663363666393033643331656332
+38366561353933356461656139353061666161383039663038633037343839343362613863343962
+62623834643237636562663932383963323438653731306430333536373663323263326666383164
+64376535353130313130356239636131306165376134313863386266616335636564663039633461
+3366
--- a/roles/traefik/vars/main.yml-template
+++ b/roles/traefik/vars/main.yml-template
@@ -0,0 +1,5 @@
+---
+CF_API_EMAIL: CF_EMAIL
+CF_DNS_API_TOKEN: "CF_API_TOKEN"
+traefik_api_user: "admin"
+traefik_api_password: "password"
--- a/scripts/notify.sh.j2
+++ b/scripts/notify.sh.j2
@@ -0,0 +1,2 @@
+#!/bin/bash
+curl -H "Content-Type: application/json" -d '{"text": "Cloud-init provisioning has been completed on '"$(hostname)"'!"}' "{{ TEAMS }}"
--- a/scripts/rclone.conf
+++ b/scripts/rclone.conf
@@ -1,214 +1,196 @@
 $ANSIBLE_VAULT;1.1;AES256
-64356532666364343635653938353232643234626263333936623235616536633061663161633735
-3837356130323434383461356266396537613332303665380a323937633664653238333931623939
-62646562663031626138343963306431656530376562663861613435386435386338366230336461
-6533353135303538390a373334353036343436366233663763626336343932646136656136346134
-63383931386233623935373631303336366433653734336638633037313331383936386564323530
-34636363336236646638353137373836373937336438383637643438373862623031353364306165
-36333562343533303032366430323330653830613632306332666232616339386264376236326430
-37643763336632613530333339653266633562643531313230656537396161386365346139326138
-64653234383664613262373863666130656431316236326463313265336365653435616561333665
-61313935613034313732353833343439666436366439613533333536326230373161386530356232
-35326661343463643134306165353832316536383839653233613332393761396466316137633837
-64393264653933653564366566343461343938303265383064373132316634343536303937613037
-63343535666535303434303533373537663563666164303764396532613865353763663934326634
-66623739653032663464663062326339303938316231376431663739373938363432666135373035
-64313463393735323833376532393839376438643238373664373164366662366233333833363861
-62386266373361373536326231356436646161636664383631386331653961613664383237336264
-39343238633639333761613363343565633131333430313366623566633039353437323338393538
-38653635663461356639383364643164613134323435646566303065613131396234373030303437
-32326661613236336462613566393664636364343766306161343264356533333239366534363766
-31636662396633656633383732313236643539666335383038623566636666313138386663613361
-33386666366136393231303264393263613131313365656663326138623434313863646463636536
-35316133616232656330656363343063656531663366333533306461336233313562333831343434
-34333939356430356436306563356637656338653738333039396530306334323833333433383037
-62353863646466306662616139323937333339376232383430326337313034666364393563626232
-37366164393336343666646432613930353166396430636434326634336262666537316433633334
-63383265356139356165313336386336396236643831663337356362363161326231393237366335
-63316565336536363134393736306239363863376439396337373431666564623964353239303566
-65663435633835666161333063386134373366626636656431326361613565653665343734383830
-63396632636533303130316162616162306464363338353636303134613965373031383234616162
-30613038656163306439613630316539303639373931636361343235326636303265323162393561
-38366166376435336565326161306632393065653038643836303464386163343832623637323636
-39323839356532353337363432653863666562316139326266633836323837646339396132623365
-61356538666261656365656632663830323136663439656336653039633664306164613639633434
-66666132336166643237363930646638333131376638653930613266393836323834343833356633
-61393138376161336430316531623939646334303435646534316363363466363535353861343363
-64303134316566616330613236666266333861383132353861373337613539353035626262626565
-33303037666566626531393732623734393964333232646161346261623737323665653964353031
-64643530366464303636353238386634633063336563393337663361646636343835643037616536
-61333739616166336162613133356334306531613963633439333635373362616461373635653939
-63363064646263386266623362313962633335306566336136346663363330323763323537633766
-35633336313037393937306237663032383939356636353232643066643131396135343931656331
-31373639663637326534663766633363646237393865373230616262653134656135336234653138
-31663163643331386432303737356262646139626138383162613964346161353563303335643066
-66303966363666376131363264663430623939376530343632663433643161643130376161653762
-31396630363630646138373964613732653230326637653336626531316633343262353836303734
-65373130373763373537646136386531633936303737643936633464383231643565303061303836
-31353536306264663164346661643063316137613935306136363935653535316464376233396439
-33663365643639613438643135633033656164313266373232643137313337386666383538636331
-63656336343837663831313634326463666632626135666664396637303861326563666566356132
-38626331333334326537363661336633626532623138323332356433303037356637663737343537
-64373234383439353639383061356235333435326433636538346134353532393861336439373938
-35303538356161383636306234646137343837396363366161306634316131353334306435646662
-38326666316332323261623434306130386461316239653135343330656535643861623665343561
-31636634376533333836626436306536346136386439643865336466643836383032346565363230
-65323234333365313738653161363264613135656533653861323832323630623966383662373465
-37376362653661353835313664353266633932623532653633363364333063643762373366376463
-32396339303961356531343464633130306439356466343431343330643965633438623337623131
-35363665346161336434363135653166366337376132656361353964636435323131643562636338
-34333439643832316531643163393962626237656337373930366462373032666237363461316138
-61376638663038616361306664316361353630666434386431653233383435366665646161353530
-31316537643237373666383861323832396237363966623665313062383530643734666437643837
-63386163383435336261363738333163613735343261356330396434376632386135343739623265
-39386136353430303961313934363933306634623232646232346630363763663062313934633165
-34653963303938303966353835336230616633373263383166333135666137313138393439646331
-39646130336131353966616530653536353330313336353936623764623538343030386664656661
-36316235306661393532343633613563373433643061326436643730633631363539363039653164
-65373235613333356265616136626133383437643164623462613331636163333437383534633764
-66633336306363323933323336333232346530643166663733386431393230613163353665383165
-63346365366161646465343932393161313538366333666236613463383034323064323837376332
-63356639363232633864643731373031623331363962316362356530323938396665316164363565
-66656435653463303431303333346330346230366533313937393062633433306264366337323731
-33343930653330343662316161623936303931623236363266643565366434373964356330366438
-32383462303132383930363233326535643730363766343162613738323933663662633435393339
-36396637643061633265633737623333386465326166383436383833313262393662343231343636
-34323737353565383732633634636461326665666232663736313362313037333430346666346630
-33373839326639336564386632303038363539356431633363303736666234393139643965363363
-39633530393462663561383961323861393232333834656537326238343066336666396234333766
-33616635393538316536336531323030393338643864313034623334616335363930623564386232
-31646533643535656664323230363132666234386131336331323930336561326531313465626539
-30363035383238353564333937353139633664343334633566353461623834623537646238306236
-37326232633866656533343135363936353030336338353033623430326338303235353339363263
-61313662336261303264663238653834333566626134373563376331653134366634336232666230
-32323839666337636331326164353139333639643665636535343664376531666261346366396264
-32366137326265363361396531366364626630623431326631383138626535373133386465373831
-32343335343963326461396163646366386163313461313033613339336238646665363361313331
-33353166343764613032346232383232373832396632646138343566386464616632643838306161
-61656166306239333234666664353930396333623037646634633035386335633537623365373366
-33343537346232643131306438353834303866663935306539346234333862396332326363653364
-37376636386636306530656332656439393736373263303333666666336631343561346561353333
-63343833656562333737346237303838613166343938383532623437663263643563313837666233
-61316365343565666631656434643136356663613966373237346638646461373436306566303839
-61393561613564393533633832643638393366653564376162393261653031653731393131646436
-33656630626537326662613335663166383030373339333734656638323162653534346434666338
-64386263386663636133633366326434633536643938623864316336323630653263316633653034
-34386463356536316338623264353563336264333537656638316636316633313537663863333132
-61616562353531623131646230653636383138346663633738336261626438303732613433386662
-35666462346336336332346637363330396334643962633863363564633661376239343135316638
-37386166313633333761646363343736303938333061313835653031373738356133306134623330
-32663034663364633836393266663630303633303332626365306235396462396138306637386165
-62373861363763636434663039663966313132356262666639373437333232656237346133346236
-63363533613833366133653237643930303831356263313166333362326130336238343862363161
-66346464373030353038396230313263656163656565666363613765643861363439333435343361
-30633431653738616239363733353136313130313139373466393037336235643061306431656434
-30333865326337653266313765323037623863396135336161396235613331323134316435653331
-39643966646537363633666161366332393837373666316537666136616463333739396233333233
-32353038663366323235353138353930646262343966653430383432326634636262313738313337
-34323931646430643837303637343366356161306334363839613766643766323863626431653838
-63333335383537633232323136383161343134383064383064613431386231383165373565663766
-64373362383639373532356135363565373635333331346561626566663635393839623936396230
-38623430633762616561303532623237316161623237373234343437343963626464323865373232
-63363661343238656239333466303732663432306136613963363766353139363464363365366131
-64656331643365373266613439316262623161353632353734333963313962333262653466633235
-37336436346437663264623337383538383465656432666639396165366661326435623538343230
-30636261343638653664613838383936343463636134646331363864643138353766313235626130
-64343936316130303736356233623338343166613738636363666563633663356364366539366231
-64626430373731313861383762653638316533383636383963353234613636393333636530646336
-62656666616261363166623335303330306638663461316236363531363936353761303361346463
-38326165656365333563636666343130366236386537663165653266353064326461346665663536
-39316639306566623461316634343261623830636239336533373362393034353437316132303239
-31613965623566323363613031663466633230373833353234663636626564303538316535643831
-30613163396538373835366163356666333137303261386235643433326132336462393734313137
-30613533346238356466363661326562646631323266663861633237303461653830396363303764
-37373937396163653230336530653661383834363964323233616135303934303230373334323230
-36326366653039343863613234383832316135303164336662313630333039656332623532386333
-61356132303063636438323833353538303962346434613635383632346333376530633835643737
-61326632326132336239303537663563356366623536376464653935643462356639386232336231
-39343566646639396362363331393931636461313761643038363063636261636337666336666434
-33656637383666336464376361653432633665363335346338643833626663343733383964646632
-62386662383138336262363538656531383564646164396561336233373965643837616138333165
-35306435393866303138623435303565313561343361613263616530363664323633623739363264
-62363737326235623138336236373435336333343232343031386265383266346633613464366266
-64633061656336393937623261663834336133306239356133633865373532356564616439633238
-61653333353162346536663433646437386434393333666535633137326239343233353363643734
-32643164366336653331353038386363313962303135346334343536656662373730306430303438
-35373637303539353337613733356561383930333361373233323630356161646537303637333263
-31353036323462303138353164633739373361646631343639363766373662346465343765613833
-38346434303030623531613437333331656137636565336130326536376539373133663763373638
-35616331653364323236346166316336306664373634633563653336343834346231303634343762
-34623437313966313039363561393062636334326166396261643661363434323766646665386232
-32613633653136663461393365623635636236393735343462613437336133653732373165613530
-66623564633638643635353436663632613962613338363739366566616662613062366138646339
-32323036393565326134363437306632666463623565356461643166323037343139623530323537
-35636333323032343531333136373131336434646238633437643830666532373361336335323461
-34363134636639353732336533633135643332346138373338336566336334613931393064393963
-34313734376630663064363565653539353132623339343133666561346236613664663732383530
-62396263303035313938333665323866376530316634313232633939646564336530666633363633
-38333232623763366630363536313663393964313635616339323033323332356230346139646136
-64623632633139336435643435363732386438313261626632666466366637333038623961333831
-62643465306662313233313033386461343661633039303736396164306433393961333463393464
-64353631396163373862363634363839383331313264666362313330393132383536656464323362
-31313738303864376339646538616632393433303639356666363164343035643962356161363638
-61393633613136353838613564313232373037656136366238393537353831383537623265646566
-31343766663166313961316532653338653933363432306133616236653164646562373063373063
-32356235626461623162643931663732396435316139613837356330303465636633386337646366
-32353736643664336334333931313039326538393262623664393438326236613932343438383962
-30623830623832316563643565643532366339343131616366326438646138326334306535653961
-63623165373339393334323462613631636235326464343036313265393930626436316637396332
-38386362643637383732353939336532623531373037313063616663373639623735353765323531
-39343265643737656334333361316333626665373262633963663562656336633565643931383164
-65663562326461383838376466666566386563303163616461646435353766393233383366303330
-38393566643132366664383030366433336265303434666465383861356230373362333739353831
-66333436666261306337373430316636633632383933393732663135316666623334316632393534
-36303436323733366138613136616331626135616635343064323937336266643364633764343961
-63616636633839373730666236626138653430386466373035323665373064613364656130343033
-35633133653263653862646163396261613162383233346462323431373932373134613966326165
-65346132653132643666323666626338393132633665623133366661303436666165333633613238
-65303363373035376362393335383836663064393332653031323737323036383166363836373138
-62636461393638306138396230376463383832373033646562363739386261383538623631643931
-65316539623336383961306331663132613461346432353438383439383266323538646436333337
-63363663386135353230623535636531326132336135636366353164383766363239646639316232
-30323461333839643564633631366364303834613333316133323936363239396138633064323632
-62316262363531346633383062303264366537363936326163646665396463613838356138353038
-30633564646166653438363061616438373238303266643136323864316464626631656666626635
-39623865346332636265666330303161623737623664366664363065636331646437333537356265
-34396337646263303966343230306639313836643938623563663036303937373936343838636363
-61376430623839363631303736373465626132353061636161653236336532393333376263613430
-62653262326133666638643531663437623732643330356462303536623533336564346433653366
-37343165653864393835666639316139626434343136376439393931633631633931363937316463
-37613038643332346637336565383037333935313735383562633964343264663762303939336132
-33303361353465316630636230616562346161383333303935316333336661653665636536636131
-38363165366338653335303262396166633563373735626263323764353637356565643433616462
-36386463323239633535626561653932343665313133356139313330616132396532386465376635
-39353763613633343337626465323831656231623033343562643636626634633663396230656137
-66323338343836623938383834346231313638323931336365633063636639623538353935666664
-33336435626331356363316361393665346638323737383662303638343738333233366135386535
-61333963333432393938376633613138633031653162343233646432616465653466653261306534
-39633763356561386636306639663463396133376366383663633735666337333135393138383764
-65313761613039303039336239343632663437633464386666336466373562376235313565616336
-61643638663466636561373831316132326631643263396133623532353464336231616532396266
-64383163356164383134363438666231386566323133326636636234356331636165623835653162
-64626166353165666464383531356164613932666230646364663762306266346265616533626262
-35396262346338303461376134653864356137346439663965363463376439383166333162633835
-36623339636162633038666135613037373533333665346636353439333166336665366139323830
-33643231316136643132373539613861623837656439343131646635633630383236626135303332
-30353436653732613762336265366134383166623264326466313730313763313466346263373935
-61356334336238663666613731616239393030616665643665313266623761303531306664383631
-63613039633331303837666333613333303331343163363035383539386337323162623736633539
-34616231366137326636623265346636376138333836366234333064616237643638653033646338
-66306564343436616661396133653931396638393061303961356334303734383736636663613164
-66373863616137323861663061343231386565346133636266323462393531663134343534623434
-66396463623865656563626139356564373331366337613332386663306465316165663566323864
-64343632653931366238383162336636376261336665386635653564306466316435616331633362
-66636537386537643839613662366639303865323332646436346566666465663966393032366465
-61643339306133333738343162323266376631643264363762343436656365376565393561613332
-32643064616138353631616166343739633733396564383836356166666364393234323063663237
-61636665313666656162316463353032663139396332356139313362383163663231613831386662
-33663763363563363665336266373134633338376333613237383866313933353031653732636463
-64363632656338313064343236623539613339363730373530653666326138303632396435303336
-66343463353638323737303963343139393661353832656133623939653266633031653035303338
-32663437656538646561616362656162386436326534613630623661306261393134656163663166
-35373362396535353835646566646439326331373131373932366163396234633464373862356633
-66386331333866363331336238633161393764303337326565653338613835376531626136303761
-6136
+39376333333830636365383165396539636633343433336531613131616266633461356436663139
+6139363262613333393939623163633433396466343431300a643437393730373531613364626566
+66643739346530326335633665376132323134353035383362646232663230343435316430643161
+3138356564343738360a306336333138333764663138333133653761663139363538653136303930
+61623162356366643539653833636539623663353138643362623665643135356162653964386230
+37303766663033363565333466356262376534646265303261303464353339346430623734373031
+62316232353935326233623634313936616566333061643336363963373662663665366535376165
+66663739363866303934663830383038346665373736376661643834313363633765633332623335
+38613931393366316632386332663031343764303032343464396234356364313733336632643033
+65393738653366303931643361656662383631363334616265306565343961353033323932666665
+39333862626162383631303639373933623337633863616635663030373532363161303937303134
+36616634653637633933363466643665626530303232343965303562303132336132653662346264
+37313137393537356466393633323534396338633064613237353061343031616132353335393531
+33663364373138336432663430656632303364643937616366633236356466383238633832363237
+63356231353763646338343065643634356537383534353439376430663631343836633463396437
+31363731613837323231646235356633323261623366343334656432323361363231333231656665
+34373862346530303363343166303866636561613638323864363564343161386262646361653038
+39316335303331313134363433316138646339616561356265383131363662323765323531346661
+38303764303031323434656164343164376633356232313832313466643262366137376664353066
+31343564343230623934663036646565356563643165336433333530313734646230356335333030
+38343063333834303464666436333366643536656531623961623033396466653464653239333662
+35353034393337323935363765343939333164316232313732363030623030633535376533616235
+33326232306364636634343461343739663064303663346161363531333236363034326636366133
+61636239323237313135366334643063356634343132376633643134346565376536643764356430
+34373130353461336431383332323632626232383838353836336231653562353362383138353561
+61393137363766373135626630653130653237646563386362666339363130313963346165303032
+32656261336465636536666261656131313165663961303031393962646665353264393562636461
+32343865383937343932376565623566646236353336383539656437663162396136353865393932
+35636463336364623336386530666635393338393238393336306438373536326430343834616335
+37313336363534663062316235663032306338383731656161373638323134663162643832393531
+38653464343565356239346162393430333865643338376662666339646466613665613863313063
+65613437633462653734666337393861653636373536323139326239613662653866326264376264
+62663330666534303636393231326131616631383239623438386132363232393835316263303561
+38363333396333343666346464323832383639333531363539383733613934643035343066646237
+32613832353937623934653063653266303831636530326537376235653036336239313831333464
+63373561336165313162643363613666356463343632323061323733393336396464666334633464
+65623565306232393365333831363734663565313135653331323637663864383664376537373530
+62623530376639373739343263623434363833346139353664643665623238613861376362346633
+38326532663236336630633234613539643066356264613733356639323030323436353931626134
+33383735376533333930346238663739386364666362353231316430306538636564393730386534
+37353166383337623665666632643966633734333538343465343533323862646265303362356361
+64393765666430646139313931613735386162643062663136326366653663613437353339333832
+39643364326137326131626362363637613730666466633735616464623261313530376235313262
+62336461613438373636326634653032626665653135396439386638643531336261363430313633
+62393564363164613830656634346462343365306365343565646236663531356332366638353066
+36646134333937363539653934666635656634633339323464393365646635623337646636373737
+37343439623161313236346538646562653433376231353335373861333166393039663461623066
+66316638663839336665353030663365313039666231303030376530343562393230643037356535
+38636662396166613263396336393636643835333830346136623938343462323566646438323032
+36306634363532653535373163383336613437666339393631636530373132383562616536313034
+61323532333938393936623933343465653930393839323934656633636435646631366464316436
+30386331306264303733626533653837366635383531373936383238663632393064616366646437
+65326231373465306332656234313132333332666438303461323930323739333836303436663133
+35336534376632653062616631303931653164343762393136383961373531383461356364626234
+35396662366630383439663536383436396539363966633462333335383137333861366239646130
+66316335363934633031616434393463313866666438633364303261353966666563333835366539
+34303430323130636431303432363032333439316334626635386362353232386331613364363862
+64343939313664343836636232303665396238653563636338626661303233333432613734646534
+31366162326161656437383735396337613635346265316231653230356331363535306263323330
+63363166356236636663313562626630376334626435353566303461316364303165613935366331
+36376634356461363566386432346564323661396361626266366439643765356131633661343333
+61633136616264346565366438326137643439346137366336313431326434396532663766396163
+33653837313832643837363661323332323737646266656665643137396663363238313436373766
+62656163343065656639383766623864633839656635316533636436323934356364363336353866
+64393533663161326630343966373562663133323537353539363435633036666366343661633731
+34333236306265383261333631623038623962396637333236653834663864626263343366623235
+35343232353964626537323837643438343838376630656233303130353161336136646561303661
+36343132396463663466616330643532363239303232393939613138613935613030383061303665
+31343335656333346664666530353861643435633932633330333630373136643837303830373235
+35326636343731346663326465373964323966313530353264336437376539356437633534323931
+37353935376664666433626662323766343736316635323437616461626263336538633762396434
+33313063323864373363386561313965396436316134376335336565313964653962373231306534
+34656636346232323463346164366365383362643031633935653137383461323062303132356563
+35646138343636303332633738663130383834396365356466663438396165666235333533623039
+32373836323466346166386335366533356637303864326563653738356162636663343235613433
+63363735333638353732663561336435373439356562343566326435653561333662303862333037
+32343932366163386435323264613932653939626565396234303465633735393837623062653965
+34396564346533643731633361643163663433383234366634393962633339633536663632316230
+36623539396536633265376565316164643162653836366231313064343166373439663765393636
+38346138346638326531343631343331336366636237646433643036376639656166326238623933
+63303031353161396534336564373530666135303735623937363635303762396638356264343662
+33303962346161323635313334383539653466336331373733656262663963643861386133316531
+62316232353566666333303663313236656263383837323631623264353435353661333435666136
+61373562373564303161316230363861633162653034623136643031373262613539303637303437
+30353765613737616263346138333432373165653730666561306531663732393332343837613261
+39303061633232663233623066666139353937306435626538653336616134373133333738363065
+38633864393432616331616431616136346262323863356362323836643961386632643766363930
+34323732363437303337346162306166613761333031336339373130353537663535376333323431
+35623565373365343266346436396665653537333464393762363561313130373635643830656234
+39393864326563326133656665326236323265666263386163366135663835373839386461386138
+37636531393161323737643066353863613334303638366332616461386138353533376339336234
+36333864626136383964643636346136663932303665333864666438396265623662653261646463
+31356135363265316166306533343265363934366133636566326334313165626439343665386133
+63666134353661633065356238663935393063366638333434626538333434323131393861666264
+38626462663031656261326361396331376133623534356431313535383736633432386631626564
+33313436333938333630366132326637383866383938626166353431343033393931666666313134
+36306535643361386261636264613437353861393437366235663031373330373862333562306436
+33356339366330343132306562626231663933373662386334613161363139353235396364386261
+35643131386439383839386237356161326164313834313732323637653232623637643362313764
+63323231616439646265336464313938633866343364323463646631396363623161313365633264
+35396136363764386439663961313232376161633730646235363864333437396535316134376231
+31613539306131333537333264353164616131616366636136643637343461343336623462643631
+35636366663863343933626664633938626464663266376337323430643835333038336566623931
+63613533313533303330633833383330316539346130353738343637336130636161623735643666
+64633961373032643631323665323333316363643030663033636431396166313133336239633139
+32636361353330323738643539313132643437666666326538633238613862643536393631396664
+32393361343630323363666161363636383739336265393638383730316665396466616137393037
+38636533356662376661616462336234323035376538323366366630396336636530343838633337
+66626237376237643930626363336538323232303038343066313066303363346162376662326233
+63656630303539343738383965636131656131333033343833386662346239343438333939343938
+37633339653662643530356330313831323562326665616564323436626436383836356230643162
+65333932353937393166626664336166666337356131396638393230393363623738633335353765
+61666638303733353939396538353166643937643737316132326564666531323930613931303436
+31373064613633616538666237616132363265326637623863633839343437643634316638366535
+37613761323066363830336632613530303462643732656135303766323364303839653330646562
+36613165316237353934363831656339376134376166613531626331383731336237316538646464
+36343533316239363162326231366661666536396537373035613266316136313066336263356563
+66346262333735393065643537363136356634663834613730323461343661633862633439386633
+61623936653561363837393938623434633030643136666633396233323536303466353564666233
+37653132663830323032623838373665643332363365353932353939653830633032303561356638
+63363563653434343734373733333735326462643061303830393063653263376261613533613466
+31316234653234343537623137313531613865646630653335656538336466363433666137636366
+33383437353935616631383464653232306535333432666437633431616464626362643335613964
+36363361613564646461323764643466636533383464666538393165613333396234323665663935
+30353934396334643834626465313962323935353362323665346334396531303336313832333330
+66326631363234613963653361666362623034373563313264306531333166613665376363613164
+30313963306532323763393234613161303565666238633563333335356161643734643862303363
+31306137643432636539333561623062623430313239336161393766633461656666326664333262
+64626266643233636533376261306637383634353934373064633265643036623764376232323766
+66613964313634663238316239623230623166353566363661656665393961643533626633653964
+37663836633738633331323463636165343661326464623230396335366639393139663366616165
+35386530643433356534376433343431326362303061663663346430643937396338343937303139
+63666433616136633839613565363533353533356461353637323037366539363863383065313164
+31323565346332303231383735316235396435653666376661373963366133326436633034663132
+37353832316364373063316132336366346263616663643434626637653833646163663066356535
+63626662326235653132363438306134343461386234653761396230663265343661643665336630
+31613639653936353938376361313831363266393230363865376431343830653061613831396463
+66626331643764653835626465613638653030626664323036353138313830636565636336323462
+36353764336662396361376632333832386561633736343139643233343737353965333431633064
+32313764333962613966313339326236373330653933396434343330353165653432623433303030
+36323462306332643838636665373533326163356332613764303565663431646564386564373864
+30623635623232643832333864393736643430663263343038653332363064623466653132656538
+30643738663733613262666366396131383763643832366135653339313638613666346565356361
+32313337643034386137336261656635396630386161343137353639653234356533623465386235
+38636436386635396238373664333564333630313132303338333634326233313663616366373861
+37636264626237643935363134373239646231663937373137386630353562396565363565326236
+63336466643164663633303063303266636434663266313164313230393136623233306536316336
+63636632306462636564663731316364663232623563616663313833363561653461643732653963
+39643630623832613031613463636534323033383236363038306630366264336436383863653839
+38356363366336353363656336313937396438373739376663306438663939386439326162346131
+34323231313363306139623433396666643364336165343864623666373461306563333362373338
+66343561623635613839303936656366303131393135396664616263653362336530653037373535
+39376164636230356130383032393866656132303034353365656531363636383663336364373534
+30363563663736643164666365613431336562363639326636303830323936613236633838643764
+66663938626262646537666335646661666237343263366531393234643834396463623836633034
+65323931613863383064313566613534376534626438353036636235633334623561636365653630
+64336333313064663239666565303837636139366661646562643638613233353634303137613539
+64393365616565613435653836326535626162326335623631656434333937383039336234393036
+38343663666566353265396230363461316264666630383563333838623237383665643930326632
+36663437386231353661383563643434323338666130623862656564363133313866643664333038
+63663235333539363762376139613039613230663365363130343162636235636339613263396539
+39643363343966383161346533326632623962386235366566356133616432303637393535623039
+37363739303838303634326162383961396662636566646238323465633061353435393233306330
+62373864626336666662656235376431373133666164363562663933353430303032396238396465
+33383530653536316162306237663331643533313530356131613666636539353438333664626462
+37636131643363333435663238636263353265613966626339633631343837646630343234363838
+31656561333366366336356664633634396337383765316130336163346666306436623633383237
+63653366376164663235376365323738633238393835343238333564303636323235613733306130
+65633566636165663939663764383364633830643563646561373363316135373331306231383530
+35356666633965613931613631316331636236343332616537383366326538376332613266656436
+37653661346234646365656466303565313962356230663438373732393731393033316237303965
+62356639303230373661633765376433656433643432303138643566656537356363373934303866
+61633432663837393434653164373232306436373036373738613061326139643166643139636165
+38386561643066613137353865653038666436333566636565643134326433313436326164666430
+39393831623433646234303034396331646231336239343639336165396639313132633336653661
+38643861646538376437643630333664393034393361353434643765666335393334383631323965
+33326366366364623438633439613666346232326465613436646464303264646438633165613439
+64313030353231346262333939303632356636623236356661306566643433653636326237373162
+34653038623466326534666361343435616261373239363238623465633037356563316231313033
+33623865393839386162643563373961373237353563333630373066353262383334613530653162
+62306230386466616431613665326236356336346163633138646432373731633633336666303265
+61613533336632646335313264376637316466653564333365383336306237393630303362343162
+31623962346161323931316532623461373764636231316363343136306639663664333334636263
+63303734326164303839356363623961643432353232393838346138646365333136666137633465
+35666463343962353332343561313330386264653030396230653438396464366237313130643662
+65386533336135376565663962393430643839646362333732656463396430353230316663636530
+65646331336530656339343237353936323332333438653765623466376661633234366230326237
+30336665613131656462343038643830636666646439346531373337653738633739323035306535
+64643533346637666138643664343233306366653939303531356266653936393730393436636264
+64623961396361333462306636363933636563346565663831386662646266376338633436313161
+37383732383661633534613437653234356463333561396535663032373862346135653333353138
+30663538666639376535646664613430393366383933313261306662633064353831343434306163
+38376235663639323630663033626237303863313234623664353930343866373465323730633838
+61303738306534343333663763373765633461633634626339646636623230633163323430333036
+646438336536383231333235633832333434
--- a/tasks/OLDmssql.yml
+++ b/tasks/OLDmssql.yml
@@ -1,38 +0,0 @@
---
- name: Create directories
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items:
-    - "/data/mssql"
-    - "/data/mssql/data"
-    - "/data/mssql/log"
-    - "/data/mssql/secrets"
-
- name: Pull docker image
-  community.docker.docker_image:
-    name: mcr.microsoft.com/mssql/server
-    tag: 2025-latest@sha256:2c80e548ef65fb65a8ca23c3a74ed60e0964ea709f46d07c97ccaf7c437e2cc6
-    source: pull
-  register: docker_image
-
- name: Create the mssql container
-  docker_container:
-    name: mssql
-    image: "{{ docker_image.image.RepoTags[0] }}"
-    user: root
-    restart_policy: unless-stopped
-    ports:
-      - 1433:1433
-    env:
-      PUID: "0"
-      PGID: "0"
-      ACCEPT_EULA: "Y"
-      MSSQL_PID: "Express"
-      SA_PASSWORD: "{{ SA_PASSWORD }}"
-    volumes:
-      - "/data/mssql/data:/var/opt/mssql/data"
-      - "/data/mssql/log:/var/opt/mssql/log"
-      - "/data/mssql/secrets:/var/opt/mssql/secrets"
-  when: docker_image.changed
-  register: container_mssql
--- a/tasks/base.yml
+++ b/tasks/base.yml
@@ -1,4 +1,7 @@
 ---
+- name: Ensure facts are gathered
+  setup:
+
 - name: Ensure debian-archive-keyring is installed
  apt:
    name: debian-archive-keyring
@@ -6,34 +9,124 @@
    update_cache: yes
  become: yes

- name: Update APT cache
+- name: Update cache
  apt:
-    update_cache: yes
    force_apt_get: yes
+    update_cache: yes
  when: ansible_distribution in ['Debian', 'Ubuntu']

- name: Upgrade all installed packages to latest
+- name: Update all packages to their latest version
  apt:
    name: "*"
-    state: latest
    force_apt_get: yes
-  become: yes
+    state: latest
  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: upgrade_result

- name: Dist-upgrade packages (handle removals and replacements)
+- name: Upgrade all packages on servers
  apt:
    upgrade: dist
    force_apt_get: yes
-  become: yes
  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: dist_upgrade_result

 - name: Install required packages
-  apt:
+  package:
    name: "{{ install_packages }}"
    state: present
  become: yes
+  register: install_result
  when: ansible_distribution in ['Debian', 'Ubuntu']
-  register: apt_result
+
+- name: Reboot if required after updates
+  reboot:
+    reboot_timeout: 600
+    test_command: whoami
+  when:
+    - upgrade_result.changed or dist_upgrade_result.changed or install_result.changed
+    - ansible_virtualization_type != "lxc"
+  become: yes
+
+- name: Gather facts after reboot
+  setup:
+
+# --- Upgrade Bookworm to Trixie ---
+- name: Upgrade Bookworm -> Trixie
+  block:
+    - name: Replace sources.list entries for Trixie
+      lineinfile:
+        path: /etc/apt/sources.list
+        regexp: "^deb "
+        line: "deb https://deb.debian.org/debian trixie main"
+      become: yes
+
+    - name: Update cache for Trixie
+      apt:
+        update_cache: yes
+        force_apt_get: yes
+
+    - name: Dist-upgrade to Trixie
+      apt:
+        upgrade: dist
+        force_apt_get: yes
+      register: trixie_upgrade
+
+    - name: Reboot to apply Trixie
+      reboot:
+        reboot_timeout: 600
+        test_command: whoami
+      when:
+        - trixie_upgrade.changed
+        - ansible_virtualization_type != "lxc"
+  when: ansible_distribution_release == "bookworm"
+
+  become: yes
+
+# --- Move to Trixie sources.list.d layout ---
+- name: Remove old sources.list.d
+  file:
+    path: /etc/apt/sources.list.d
+    state: absent
+  become: yes
+
+- name: Remove old sources.list
+  file:
+    path: /etc/apt/sources.list
+    state: absent
+  become: yes
+
+- name: Ensure sources.list.d directory exists
+  file:
+    path: /etc/apt/sources.list.d
+    state: directory
+    mode: 0755
+  become: yes
+
+- name: Create Trixie sources.list.d
+  copy:
+    dest: /etc/apt/sources.list.d/debian.sources
+    content: |
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian
+      Suites: trixie trixie-updates trixie-backports
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian-security
+      Suites: trixie-security
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: Update APT cache after moving to sources.list.d layout
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  become: yes

 - name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
  find:
@@ -51,3 +144,81 @@
  loop: "{{ externally_managed_files.files }}"
  when: externally_managed_files.matched > 0
  become: yes
+# - name: Download Oh My Zsh installation script
+#   get_url:
+#     url: https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
+#     dest: /tmp/install_ohmyzsh.sh
+
+# - name: Run Oh My Zsh installation script
+#   become: no
+#   command: sh /tmp/install_ohmyzsh.sh --unattended
+#   register: ohmyzsh_result
+#   failed_when: "'FAILED' in ohmyzsh_result.stderr"
+
+# - name: Download zsh Dracula Theme
+#   become: no
+#   unarchive:
+#     src: https://github.com/dracula/zsh/archive/refs/heads/master.zip
+#     dest: "/tmp"
+#     remote_src: yes
+
+# - name: Download moe theme for zsh
+#   become: no
+#   get_url:
+#     url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/oh-my-zsh/moe.zsh-theme
+#     dest: "/home/{{ ansible_user }}/.oh-my-zsh/themes"
+#     force: true
+
+# - name: Move zsh theme to correct folder
+#   become: no
+#   copy:
+#     src: /tmp/zsh-master/
+#     dest: /home/{{ ansible_user }}/.oh-my-zsh/themes
+#     remote_src: yes
+
+# - name: Create vim config paths
+#   become: no
+#   file:
+#     path: "/home/{{ ansible_user }}/.vim/pack/themes/start/dracula"
+#     state: directory
+
+# - name: Download vim Dracula Theme
+#   become: no
+#   unarchive:
+#     src: https://github.com/dracula/vim/archive/refs/heads/master.zip
+#     dest: "/tmp"
+#     remote_src: yes
+
+# - name: Move vim theme to correct folder
+#   become: no
+#   copy:
+#     src: /tmp/vim-master/
+#     dest: /home/{{ ansible_user }}/.vim/pack/themes/start/dracula
+#     remote_src: yes
+
+# - name: Get zsh config
+#   become: no
+#   get_url:
+#     url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/zsh/zshrc
+#     dest: "/home/{{ ansible_user }}/.zshrc"
+#     force: true
+
+# - name: Get vim config
+#   become: no
+#   get_url:
+#     url: https://git.comprofix.com/mmckinnon/dotfiles/raw/branch/master/vim/vimrc
+#     dest: "/home/{{ ansible_user }}/.vimrc"
+#     force: true
+
+# - name: Set shell zsh
+#   user:
+#     name: "{{ ansible_user }}"
+#     shell: /bin/zsh
+
+# - name: Set moe theme for zsh
+#   become: no
+#   ansible.builtin.lineinfile:
+#     path: "/home/{{ansible_user}}/.zshrc"
+#     regexp: '^ZSH_THEME="dracula"'
+#     line: 'ZSH_THEME="moe"'
+
--- a/tasks/comprofix.com.yml
+++ b/tasks/comprofix.com.yml
@@ -0,0 +1,14 @@
+- name: Create the comprofix.com container
+  docker_container:
+    name: comprofix.com
+    image: git.comprofix.com/mmckinnon/comprofix.com:latest
+    restart_policy: unless-stopped
+    recreate: true
+    networks:
+      - name: proxy
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.comprofix.rule: "Host(`comprofix.com`)"
+      traefik.http.routers.comprofix.entrypoints: "https"
+      traefik.http.routers.comprofix.tls: "true"
+      traefik.http.services.comprofix.loadbalancer.server.port: "80"
--- a/tasks/OLDdozzle-agent.yml
+++ b/tasks/OLDdozzle-agent.yml
@@ -2,9 +2,10 @@
 - name: Create the dozzle container
  docker_container:
    name: dozzle_agent
-    image: amir20/dozzle:v8.14.6
+    image: amir20/dozzle:v8.13.14
    restart_policy: unless-stopped
    command: agent
+    recreate: true
    ports:
      - 7007:7007
    volumes:
--- a/tasks/dozzle.yml
+++ b/tasks/dozzle.yml
@@ -1,24 +1,29 @@
 ---
- name: Create/Update the dozzle container
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/dozzle"
+    - "{{ data_folder }}/dozzle/config"
+
+- name: Create the dozzle container
  docker_container:
    name: dozzle
-    image: amir20/dozzle:v8.14.6
+    image: amir20/dozzle:v8.13.14
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-    # env:
-    #   DOZZLE_LEVEL: "trace"
-    #   DOZZLE_REMOTE_AGENT: "omada-lxc.comprofix.xyz:7007"
+    env:
+      DOZZLE_LEVEL: "trace"
+      DOZZLE_REMOTE_AGENT: "omada-lxc.comprofix.xyz:7007"
    labels:
      traefik.enable: "true"
-      traefik.http.routers.dozzle.rule: "Host(`devdozzle.comprofix.xyz`)"
+      traefik.http.routers.dozzle.rule: "Host(`dozzle.comprofix.xyz`)"
      traefik.http.routers.dozzle.entrypoints: "https"
      traefik.http.routers.dozzle.tls: "true"
      traefik.http.services.dozzle.loadbalancer.server.port: "8080"
      traefik.http.services.dozzle.loadbalancer.server.scheme: "http"
-    pull: true
-    recreate: true
-
-
--- a/tasks/gitea-runner-homelab.yml
+++ b/tasks/gitea-runner-homelab.yml
@@ -0,0 +1,45 @@
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/gitea-runner"
+    - "{{ data_folder }}/gitea-runner/config"
+
+- name: Check that config.yaml exists
+  stat:
+    path: "{{ data_folder }}/gitea-runner/config/config.yaml"
+  register: configyaml
+
+- name: Create config.yaml file
+  file:
+    path: "{{ data_folder }}/gitea-runner/config/config.yaml"
+    state: touch
+    mode: "0600"
+    access_time: preserve
+    modification_time: preserve
+  when: configyaml.stat.exists == False
+
+- name: Create the gitea-runner container
+  docker_container:
+    name: gitea-runner
+    image: gitea/act_runner:0.2.13
+    restart_policy: unless-stopped
+    recreate: true
+    # dns_servers:a
+    #   - 10.10.10.1
+    #   - 127.0.0.11
+    volumes:
+      - "/etc/resolv.conf:/etc/resolv.conf:ro"
+      - /var/run/docker.sock:/var/run/docker.sock
+      - "{{ data_folder }}/gitea-runner/config/config.yaml:/config.yaml"
+      - "/etc/hosts:/etc/hosts:ro"
+    env:
+      CONFIG_FILE: "/config.yaml"
+      GITEA_INSTANCE_URL: "https://git.comprofix.com"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "{{ GITEA_RUNNER_TOKEN }}"
+      GITEA_RUNNER_NAME: "homelab-runner"
+      GITEA_RUNNER_LABELS: >
+        alpine-latest:docker://{{ alpine_latest_image }},
+        ubuntu-latest:docker://{{ ubuntu_latest_image }},
+        homelab-latest:docker://{{ debian_latest_image }}
--- a/tasks/gitea.yml
+++ b/tasks/gitea.yml
@@ -4,9 +4,9 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/gitea"
-    - "/data/gitea/data"
-    - "/data/gitea/db"
+    - "{{ data_folder }}/gitea"
+    - "{{ data_folder }}/gitea/data"
+    - "{{ data_folder }}/gitea/db"

 - name: Create MySQL DB for Gitea
  docker_container:
@@ -21,15 +21,17 @@
      MYSQL_PASSWORD: "{{ gitea_db_password }}"
      MYSQL_DATABASE: gitea
    volumes:
-      - "/data/gitea/db:/var/lib/mysql"
-    pull: true
-    recreate: true
+      - "{{ data_folder }}/gitea/db:/var/lib/mysql"

 - name: Create the Gitea container
  docker_container:
    name: gitea
    image: gitea/gitea:1.24
    restart_policy: unless-stopped
+    recreate: true
+    # dns_servers:
+    #   - 10.10.10.1
+    #   - 127.0.0.11
    networks:
      - name: proxy
    ports:
@@ -39,7 +41,7 @@
      PGID: "1001"
      TZ: "Australia/Brisbane"
    volumes:
-      - "/data/gitea/data:/data"
+      - "{{ data_folder }}/gitea/data:/data"
      - "/etc/timezone:/etc/timezone:ro"
      - "/etc/localtime:/etc/localtime:ro"
    labels:
@@ -49,25 +51,74 @@
      traefik.http.routers.gitea.tls: "true"
      traefik.http.routers.gitea.service: "gitea"
      traefik.http.services.gitea.loadbalancer.server.port: "3000"
-    pull: true
-    recreate: true
+  register: container_gitea

 - name: Create directories
  file:
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/opengist"
+    - "{{ data_folder }}/gitea-runner"
+    - "{{ data_folder }}/gitea-runner/config"
+
+- name: Check that config.yaml exists
+  stat:
+    path: "{{ data_folder }}/gitea-runner/config/config.yaml"
+  register: configyaml
+
+- name: Create config.yaml file
+  file:
+    path: "{{ data_folder }}/gitea-runner/config/config.yaml"
+    state: touch
+    mode: "0600"
+    access_time: preserve
+    modification_time: preserve
+  when: configyaml.stat.exists == False
+
+- name: Create the gitea-runner container
+  docker_container:
+    name: gitea-runner
+    image: gitea/act_runner:0.2.13
+    restart_policy: unless-stopped
+    recreate: true
+    # dns_servers:
+    #   - 10.10.10.1
+    #   - 127.0.0.11
+    volumes:
+      - "/etc/resolv.conf:/etc/resolv.conf:ro"
+      - /var/run/docker.sock:/var/run/docker.sock
+      - "{{ data_folder }}/gitea-runner/config/config.yaml:/config.yaml"
+      - "/etc/hosts:/etc/hosts:ro"
+    env:
+      CONFIG_FILE: "/config.yaml"
+      GITEA_INSTANCE_URL: "https://git.comprofix.com"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "{{ GITEA_RUNNER_TOKEN }}"
+      GITEA_RUNNER_NAME: "gitea-runner"
+      GITEA_RUNNER_LABELS: >
+        alpine-latest:docker://{{ alpine_latest_image }},
+        ubuntu-latest:docker://{{ ubuntu_latest_image }},
+        vps-latest:docker://{{ debian_latest_image }}
+
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/opengist"

 - name: Create the opengist container
  docker_container:
    name: opengist
-    image: ghcr.io/thomiceli/opengist:1.11
+    image: ghcr.io/thomiceli/opengist:1.10
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
+    # dns_servers:
+    #   - 10.10.10.1
+    #   - 127.0.0.11
    volumes:
-      - "/data/opengist:/opengist"
+      - "{{ data_folder }}/opengist:/opengist"
    env:
      OG_GITEA_CLIENT_KEY: "{{ OG_GITEA_KEY }}"
      OG_GITEA_SECRET: "{{ OG_GITEA_SECRET }}"
@@ -83,6 +134,4 @@
      traefik.http.routers.opengist.tls: "true"
      traefik.http.routers.opengist.service: "opengist"
      traefik.http.services.opengist.loadbalancer.server.port: "6157"
-    pull: true
-    recreate: true
-    
+  register: container
--- a/tasks/gotify.yml
+++ b/tasks/gotify.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/gotify"
-    - "/data/gotify/data"
+    - "{{ data_folder }}/gotify"
+    - "{{ data_folder }}/gotify/data"

 - name: Create the gotify container
  docker_container:
    name: gotify
-    image: gotify/server:2.7.3
+    image: gotify/server:2.7.2
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    volumes:
@@ -23,6 +24,3 @@
      traefik.http.routers.gotify.tls: "true"
      traefik.http.routers.gotify.service: "gotify"
      traefik.http.services.gotify.loadbalancer.server.port: "80"
-    pull: true
-    recreate: true
-    
--- a/tasks/homepage.yml
+++ b/tasks/homepage.yml
@@ -4,8 +4,8 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/homepage"
-    - "/data/homepage/config"
+    - "{{ data_folder }}/homepage"
+    - "{{ data_folder }}/homepage/config"

 - name: Get dashboard-icons
  git:
@@ -16,16 +16,19 @@
 - name: Create the homepage container
  docker_container:
    name: homepage
-    image: ghcr.io/gethomepage/homepage:v1.5.0
+    image: ghcr.io/gethomepage/homepage:v1.4.6
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
+    dns_servers:
+      - 10.10.10.1
    env:
      LOG_LEVEL: debug
      HOMEPAGE_ALLOWED_HOSTS: homepage.comprofix.xyz
    volumes:
-      - "/data/homepage/config:/app/config"
-      - "/data/dashboard-icons:/app/public/icons"
+      - "{{ data_folder }}/homepage/config:/app/config"
+      - "{{ data_folder }}/dashboard-icons:/app/public/icons"
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      traefik.enable: "true"
@@ -34,6 +37,4 @@
      traefik.http.routers.homepage.tls: "true"
      traefik.http.routers.homepage.service: "homepage"
      traefik.http.services.homepage.loadbalancer.server.port: "3000"
-    pull: true
-    recreate: true
-    
+  register: container_homepage
--- a/tasks/idrac.yml
+++ b/tasks/idrac.yml
@@ -1,25 +1,15 @@
 ---
- name: Pull docker image
-  community.docker.docker_image:
-    name: ghcr.io/tigerblue77/dell_idrac_fan_controller
-    tag: latest
-    source: pull
-    force_source: true
-    force_tag: true
-  register: docker_image
-
 - name: Create the Dell_R730xd Fan Contoller container
  docker_container:
    name: Dell_R730xd
-    image: "{{ docker_image.image.RepoTags[0] }}"
+    image: ghcr.io/tigerblue77/dell_idrac_fan_controller:latest@sha256:eda09016a4acbee8883996f3b8cd4832a723200999bd037934675e75e2f00908
    restart_policy: unless-stopped
+    recreate: true
    env:
      IDRAC_HOST: "10.10.10.105"
      IDRAC_USERNAME: "root"
      IDRAC_PASSWORD: "calvin"
-      FAN_SPEED: "50"
+      FAN_SPEED: "40"
      CPU_TEMPERATURE_THRESHOLD: "80"
      CHECK_INTERVAL: "60"
      DISABLE_THIRD_PARTY_PCIE_CARD_DELL_DEFAULT_COOLING_RESPONSE: "true"
-  when: docker_image.changed
-  register: container_idrac
--- a/tasks/invoiceninja.yml
+++ b/tasks/invoiceninja.yml
@@ -4,13 +4,13 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/invoiceninja/"
-    - "/data/invoiceninja/config"
-    - "/data/invoiceninja/db"
+    - "{{ data_folder }}/invoiceninja/"
+    - "{{ data_folder }}/invoiceninja/config"
+    - "{{ data_folder }}/invoiceninja/db"

 - name: "create stack.env"
  copy:
-    dest: "/data/invoiceninja/stack.env"
+    dest: "{{ data_folder }}/invoiceninja/stack.env"
    content: |
      APP_NAME="Invoice Ninja"
      APP_ENV=production
@@ -60,29 +60,29 @@
  docker_container:
    name: invoiceninja-app
    image: invoiceninja/invoiceninja:5
-    env_file: "/data/invoiceninja/stack.env"
+    env_file: "{{ data_folder }}/invoiceninja/stack.env"
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    volumes:
-      - "/data/invoiceninja/config/hosts:/etc/hosts"
-      - "/data/invoiceninja/docker/app/public:/var/www/app/public"
-      - "/data/invoiceninja/docker/app/storage:/var/www/app/storage"
-    pull: true
-    recreate: true
+      - "{{ data_folder }}/invoiceninja/config/hosts:/etc/hosts"
+      - "{{ data_folder }}/invoiceninja/docker/app/public:/var/www/app/public"
+      - "{{ data_folder }}/invoiceninja/docker/app/storage:/var/www/app/storage"

 - name: Create the invoiceninja-nginx container
  docker_container:
    name: invoiceninja-nginx
-    image: nginx:1.29.2
-    env_file: "/data/invoiceninja/stack.env"
+    image: nginx:1.29.1
+    env_file: "{{ data_folder }}/invoiceninja/stack.env"
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    volumes:
-      - "/data/invoiceninja/config/nginx/in-vhost.conf:/etc/nginx/conf.d/in-vhost.conf"
-      - "/data/invoiceninja/docker/app/public:/var/www/app/public"
-      - "/data/invoiceninja/docker/app/storage:/var/www/app/storage"
+      - "{{ data_folder }}/invoiceninja/config/nginx/in-vhost.conf:/etc/nginx/conf.d/in-vhost.conf"
+      - "{{ data_folder }}/invoiceninja/docker/app/public:/var/www/app/public"
+      - "{{ data_folder }}/invoiceninja/docker/app/storage:/var/www/app/storage"
    labels:
      traefik.enable: "true"
      traefik.http.routers.invoiceninja.rule: "Host(`invoice.comprofix.com`)"
@@ -90,10 +90,6 @@
      traefik.http.routers.invoiceninja.tls: "true"
      traefik.http.services.invoiceninja.loadbalancer.server.port: "80"
      traefik.http.services.invoiceninja.loadbalancer.server.scheme: "http"
-    pull: true
-    recreate: true
-
-  

      
    
--- a/tasks/iscsi.yml
+++ b/tasks/iscsi.yml
@@ -9,112 +9,80 @@
    name: parted
    state: present

- name: Check existing iSCSI sessions
+- name: Discover iSCSI targets
+  command: sudo iscsiadm -m discovery -t sendtargets -p "10.10.10.2"
+  register: iscsi_discovery
+
+- name: Set target_iqn variable based on discovery
+  set_fact:
+    target_iqn: "{{ item.split(' ')[1] }}"
+  loop: "{{ iscsi_discovery.stdout_lines }}"
+  when: item.startswith("10.10.10.2")
+
+- name: Check if iSCSI target is already connected
  command: iscsiadm -m session
  register: iscsi_sessions
  changed_when: false
-  failed_when: iscsi_sessions.rc not in [0, 21]
+  failed_when: iscsi_sessions.rc not in [0, 21]  # Allow success if the return code is 0 or 21

- name: Discover iSCSI targets for each portal
-  command: iscsiadm -m discovery -t sendtargets -p "{{ item.portal }}"
-  register: iscsi_discovery
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"
-  changed_when: false
+- name: Connect to iSCSI target
+  command: sudo iscsiadm -m node -T "{{ target_iqn }}" -p "10.10.10.2" --login
+  when: target_iqn is defined and target_iqn not in iscsi_sessions.stdout

- name: Connect to iSCSI targets for this host
-  command: iscsiadm -m node -T "{{ item.iqn }}" -p "{{ item.portal }}" --login
-  loop: "{{ iscsi_targets }}"
-  when: item.iqn not in iscsi_sessions.stdout
-  loop_control:
-    label: "{{ item.iqn }}"
+- name: Set iSCSI target for automatic login
+  command: sudo iscsiadm -m node -T "{{ target_iqn }}" -p "10.10.10.2" --op update --name node.startup --value automatic
+  when: target_iqn is defined

- name: Set iSCSI targets for automatic login
-  command: iscsiadm -m node -T "{{ item.iqn }}" -p "{{ item.portal }}" --op update --name node.startup --value automatic
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"
+- name: Fail if no target_iqn found
+  fail:
+    msg: "No target IQN found for iSCSI server IP 10.10.10.2"
+  when: target_iqn is not defined

-# --------------------------
-# Wait for the iSCSI device to appear
-# --------------------------
- name: Wait for iSCSI device to appear
-  wait_for:
-    path: "/dev/disk/by-path/ip-{{ item.portal }}:3260-iscsi-{{ item.iqn }}-lun-0"
-    state: present
-    timeout: 30
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"
+- name: List all block devices
+  command: lsblk -o NAME,SIZE,TYPE,MODEL
+  register: lsblk_output

-# --------------------------
-# Check if device is raw
-# --------------------------
- name: Get block device info for each target
-  command: "blkid /dev/disk/by-path/ip-{{ item.portal }}:3260-iscsi-{{ item.iqn }}-lun-0"
-  register: blkid_output
-  failed_when: false
-  changed_when: false
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"
+- name: Set iSCSI device variable
+  set_fact:
+    iscsi_device: "/dev/{{ item.split()[0] }}"
+  loop: "{{ lsblk_output.stdout_lines }}"
+  when: item.split()[2] == 'disk' and 'iSCSI' in item  # Adjust based on the MODEL you observe

-# --------------------------
-# Create partition if device is raw
-# --------------------------
- name: Create partition if device is raw
+- name: Fail if no iSCSI device found
+  fail:
+    msg: "No iSCSI device found!"
+  when: iscsi_device is not defined
+
+- name: Create a partition on iSCSI device using parted
  parted:
-    device: "/dev/disk/by-path/ip-{{ item[1].portal }}:3260-iscsi-{{ item[1].iqn }}-lun-0"
+    device: "{{ iscsi_device }}"
    number: 1
    state: present
    part_type: primary
    fs_type: ext4
-    part_start: 0%
-    part_end: 100%
-  loop: "{{ blkid_output.results | zip(iscsi_targets) | map('flatten') | list }}"
-  loop_control:
-    label: "{{ item[1].iqn }}"
-  when: item[0].stdout == ""
+    part_start: 0%   # Start at the beginning of the device
+    part_end: 100%    # Use the entire available space

- name: Create filesystem if partition is raw
+- name: Create filesystem on new partition
  filesystem:
    fstype: ext4
-    dev: "/dev/disk/by-path/ip-{{ item[1].portal }}:3260-iscsi-{{ item[1].iqn }}-lun-0-part1"
-  loop: "{{ blkid_output.results | zip(iscsi_targets) | map('flatten') | list }}"
-  loop_control:
-    label: "{{ item[1].iqn }}"
-  when: item[0].stdout == ""
+    dev: "{{ iscsi_device }}1"  # Format the partition

- name: Create mount points
+- name: Create mount point
  file:
-    path: "{{ item.mount_point }}"
+    path: /data
    state: directory
-    mode: "0777"
-    owner: root
-    group: root
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"

- name: Mount iSCSI targets
+- name: Mount iSCSI target
  mount:
-    path: "{{ item.mount_point }}"
-    src: "/dev/disk/by-path/ip-{{ item.portal }}:3260-iscsi-{{ item.iqn }}-lun-0-part1"
+    path: /data
+    src: "{{ iscsi_device }}1"  # Mount the new partition
    fstype: ext4
    opts: defaults,_netdev
    state: mounted
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"

- name: Ensure mounted directories are world-writable
-  file:
-    path: "{{ item.mount_point }}"
-    state: directory
-    mode: "0777"
-    owner: root
-    group: root
-  loop: "{{ iscsi_targets }}"
-  loop_control:
-    label: "{{ item.iqn }}"
+# - name: Ensure iSCSI target is mounted at boot
+#   lineinfile:
+#     path: /etc/fstab
+#     line: "{{ iscsi_device }}1 /data ext4 _netdev 0 0"
+#     state: present
--- a/tasks/jellyseerr.yml
+++ b/tasks/jellyseerr.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/jellyseerr"
-    - "/data/jellyseerr/config"
-
+    - "{{ data_folder }}/jellyseerr"
+    - "{{ data_folder }}/jellyseerr/config"
+  
 - name: Create the jellyseerr container
  docker_container:
    name: jellyseerr
    image: fallenbagel/jellyseerr:2.7.3 
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -19,13 +20,10 @@
      PGID: "1000"
      TZ: "Australia/Brisbane"
    volumes:
-      - "/data/jellyseerr/config:/app/config"
+      - "{{ data_folder }}/jellyseerr/config:/app/config"
    labels:
      traefik.enable: "true"
      traefik.http.routers.jellyseerr.rule: "Host(`jellyseerr.comprofix.xyz`)"
      traefik.http.routers.jellyseerr.entrypoints: "https"
      traefik.http.routers.jellyseerr.tls: "true"
-      traefik.http.services.jellyseerr.loadbalancer.server.port: "5055"
-    pull: true
-    recreate: true
-    
+      traefik.http.services.jellyseerr.loadbalancer.server.port: "5055"
--- a/tasks/lidarr.yml
+++ b/tasks/lidarr.yml
@@ -1,17 +1,22 @@
 ---
+- name: Set Facts
+  set_fact:
+    container_name: 'lidarr'
+
 - name: Create directories
  file:
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/lidarr"
-    - "/data/lidarr/config"
-
+    - "{{ data_folder }}/lidarr"
+    - "{{ data_folder }}/lidarr/config"
+  
 - name: Create the lidarr container
  docker_container:
    name: lidarr
-    image: ghcr.io/linuxserver/lidarr:8.1.2135
+    image: ghcr.io/linuxserver/lidarr:latest@sha256:a6559012296a8d821e7fb397ac1c125f69b2cf4b1d3de996c1defda3287fdec6
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -21,7 +26,7 @@
      AUTO_UPDATE: "true" #optional
      DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:lidarr"
    volumes:
-      - "/data/lidarr/config:/config"
+      - "{{ data_folder }}/lidarr/config:/config"
      - /mnt/nfs/data:/data
    labels:
      traefik.enable: "true"
@@ -29,6 +34,3 @@
      traefik.http.routers.lidarr.entrypoints: "https"
      traefik.http.routers.lidarr.tls: "true"
      traefik.http.services.lidarr.loadbalancer.server.port: "8686"
-    pull: true
-    recreate: true
-    
--- a/tasks/mariadb.yml
+++ b/tasks/mariadb.yml
@@ -1,17 +1,22 @@
 ---
+- name: Set Facts
+  set_fact:
+    container_name: 'mariadb'
+
 - name: Create directories
  file:
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/mariadb"
-    - "/data/mariadb/config"
- 
+    - "{{ data_folder }}/mariadb"
+    - "{{ data_folder }}/mariadb/config"
+  
 - name: Create the mariadb container
  docker_container:
    name: "mariadb"
    image: ghcr.io/linuxserver/mariadb:11.4.8
    restart_policy: unless-stopped
+    recreate: true
    ports:
      - 3306:3306
    env:
@@ -20,7 +25,5 @@
      MYSQL_ROOT_PASSWORD: "{{MYSQL_ROOT_PASSWORD}}"
      TZ: "Australia/Brisbane"
    volumes:
-      - "/data/mariadb/config:/config"
-  when: docker_image.changed
-  register: container_mariadb
+      - "{{ data_folder }}/mariadb/config:/config"
    
--- a/tasks/mealie.yml
+++ b/tasks/mealie.yml
@@ -4,13 +4,13 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/mealie"
-    - "/data/mealie/config"
+    - "{{ data_folder }}/mealie"
+    - "{{ data_folder }}/mealie/config"

 - name: Create the mealie container
  docker_container:
    name: mealie
-    image: ghcr.io/mealie-recipes/mealie:v3.3.2
+    image: ghcr.io/mealie-recipes/mealie:v3.2.1
    restart_policy: unless-stopped
    networks:
      - name: proxy
@@ -27,13 +27,10 @@
      BASE_URL: "mealie.comprofix.xyz"
      SMTP_HOST: "{{MAIL_HOST}}"
    volumes:
-      - "/data/mealie/data/:/app/data"
+      - "{{ data_folder }}/mealie/data/:/app/data"
    labels:
      traefik.enable: "true"
      traefik.http.routers.mealie.rule: "Host(`mealie.comprofix.xyz`)"
      traefik.http.routers.mealie.entrypoints: "https"
      traefik.http.routers.mealie.tls: "true"
      traefik.http.services.mealie.loadbalancer.server.port: "9000"
-    pull: true
-    recreate: true
-    
--- a/tasks/mediawiki.yml
+++ b/tasks/mediawiki.yml
@@ -4,13 +4,14 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/mediawiki"
+    - "{{ data_folder }}/mediawiki"

 - name: Create the wiki container
  docker_container:
    name: mediawiki
-    image: mediawiki:1.44.2
+    image: mediawiki:1.44.0
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -18,13 +19,11 @@
      PGID: "1000"
      TZ: "Australia/Brisbane"
    volumes:
-      - "/data/mediawiki/images:/var/www/html/images"
-      - "/data/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php"
+      - "{{ data_folder }}/mediawiki/images:/var/www/html/images"
+      - "{{ data_folder }}/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php"
    labels:
      traefik.enable: "true"
      traefik.http.routers.wiki.rule: "Host(`wiki.comprofix.xyz`)"
      traefik.http.routers.wiki.entrypoints: "https"
      traefik.http.routers.wiki.tls: "true"
      traefik.http.services.wiki.loadbalancer.server.port: "80"
-    pull: true
-    recreate: true
--- a/tasks/mssql.yml
+++ b/tasks/mssql.yml
@@ -0,0 +1,30 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/mssql"
+    - "{{ data_folder }}/mssql/data"
+    - "{{ data_folder }}/mssql/log"
+    - "{{ data_folder }}/mssql/secrets"
+
+- name: Create the mssql container
+  docker_container:
+    name: mssql
+    image: mcr.microsoft.com/mssql/server:2025-latest@sha256:2c80e548ef65fb65a8ca23c3a74ed60e0964ea709f46d07c97ccaf7c437e2cc6
+    user: root
+    restart_policy: unless-stopped
+    recreate: true
+    ports:
+      - 1433:1433
+    env:
+      PUID: "0"
+      PGID: "0"
+      ACCEPT_EULA: "Y"
+      MSSQL_PID: "Express"
+      SA_PASSWORD: "{{ SA_PASSWORD }}"
+    volumes:
+      - "{{ data_folder }}/mssql/data:/var/opt/mssql/data"
+      - "{{ data_folder }}/mssql/log:/var/opt/mssql/log"
+      - "{{ data_folder }}/mssql/secrets:/var/opt/mssql/secrets"
--- a/tasks/omada.yml
+++ b/tasks/omada.yml
@@ -4,23 +4,21 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/omada"
-    - "/data/omada/data"
-    - "/data/omada/logs"
+    - "{{ data_folder }}/omada"
+    - "{{ data_folder }}/omada/data"
+    - "{{ data_folder }}/omada/logs"

- name: Create/Update the omada-controller container
+- name: Create the omada container
  docker_container:
    name: omada
    image: mbentley/omada-controller:5.15
    restart_policy: unless-stopped
+    recreate: true
    network_mode: host
    volumes:
-      - "/data/omada/data:/opt/tplink/EAPController/data"
-      - "/data/omada/logs:/opt/tplink/EAPController/logs"
+      - "{{ data_folder }}/omada/data:/opt/tplink/EAPController/data"
+      - "{{ data_folder }}/omada/logs:/opt/tplink/EAPController/logs"
    env:
      PUID: "1000"
      PGID: "1000"
      TZ: "Australia/Brisbane"
-    pull: true
-    recreate: true
-    
--- a/tasks/OLDosticket.yml
+++ b/tasks/OLDosticket.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/osticket"
-    - "/data/osticket/config"
+    - "{{ data_folder }}/osticket"
+    - "{{ data_folder }}/osticket/config"

 - name: Create the osticket container
  docker_container:
    name: osticket
    image: devinsolutions/osticket:1.17.5
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
--- a/tasks/planka.yml
+++ b/tasks/planka.yml
@@ -1,69 +0,0 @@
---
- name: Create directories
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items:
-    - "/data/planka"
-    - "/data/planka/data"
-    - "/data/planka/logs"
-
- name: Ensure "planka" network exists
-  docker_network:
-    name: planka
-
- name: Create/update the postgres database
-  docker_container:
-    name: postgres-planka
-    image: postgres:16-alpine
-    restart_policy: unless-stopped
-    env:
-      POSTGRES_DB: planka
-      POSTGRES_HOST_AUTH_METHOD: trust
-      PUID: "1000"
-      PGID: "1000"
-      TZ: "Australia/Brisbane"
-    networks:
-      - name: planka
-    volumes:
-      - "/data/planka/postgres:/var/lib/postgresql/data"
-    pull: true
-    recreate: true
-
- name: Create/Update the planka container
-  docker_container:
-    name: planka
-    image: ghcr.io/plankanban/planka:2.0.0-rc.4
-    restart_policy: unless-stopped
-    networks:
-      - name: proxy
-      - name: planka
-    volumes:
-      - "/data/planka/favicons:/app/public/favicons"
-      - "/data/planka/user-avatars:/app/public/user-avatars"
-      - "/data/planka/background-images:/app/public/background-images"
-      - "/data/planka/attachments:/app/private/attachments"
-    env:
-      BASE_URL: https://planka.comprofix.xyz
-      DATABASE_URL: postgresql://postgres@postgres-planka/planka
-      SECRET_KEY: 0bfe626742d5f70566dc95173360895825d1d07b342fcd58b64906314168f65c8f8279c09f0664afb24be2d78deb4e79c1e189f112ac7e4108e750e596900e76
-      TRUST_PROXY: "true"
-      PUID: "1000"
-      PGID: "1000"
-      TZ: "Australia/Brisbane"
-      DEFAULT_ADMIN_EMAIL: "{{ planka_email }}"
-      DEFAULT_ADMIN_PASSWORD: "{{ planka_password }}"
-      DEFAULT_ADMIN_NAME: "{{ planka_name }}"
-      DEFAULT_ADMIN_USERNAME: "{{ planka_username }}"
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.planka.rule: "Host(`planka.comprofix.xyz`)"
-      traefik.http.routers.planka.entrypoints: "https"
-      traefik.http.routers.planka.tls: "true"
-      traefik.http.services.planka.loadbalancer.server.port: "1337"
-      traefik.http.services.planka.loadbalancer.server.scheme: "http"
-      traefik.docker.network: "proxy"
-    pull: true
-    recreate: true
-
-  
--- a/tasks/postgres.yml
+++ b/tasks/postgres.yml
@@ -4,20 +4,19 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/postgres"
-    - "/data/postgres/data"
+    - "/mnt/nfs/docker/postgres"
+    - "/mnt/nfs/docker/postgres/config"

 - name: Create the postgres container
  docker_container:
    name: postgres
-    image: postgres:17.0-alpine
+    image: postgres:16-alpine
    restart_policy: unless-stopped
+    recreate: true
    ports:
      - 5432:5432
    env:
      POSTGRES_PASSWORD: "{{POSTGRES_PASSWORD}}"
    volumes:
-      - /data/postgres/data:/var/lib/postgresql/data
-    pull: true
-    recreate: true
+      - /mnt/nfs/docker/postgres/db-data:/var/lib/postgresql/data

--- a/tasks/prowlarr.yml
+++ b/tasks/prowlarr.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/prowlarr"
-    - "/data/prowlarr/config"
-
+    - "{{ data_folder }}/prowlarr"
+    - "{{ data_folder }}/prowlarr/config"
+  
 - name: Create the prowlarr container
  docker_container:
    name: prowlarr
-    image: linuxserver/prowlarr:2.1.5
+    image: linuxserver/prowlarr:2.0.5
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -21,13 +22,10 @@
      AUTO_UPDATE: "true" #optional
      DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:prowlarr"
    volumes:
-      - "/data/prowlarr/config:/config"
+      - "{{ data_folder }}/prowlarr/config:/config"
    labels:
      traefik.enable: "true"
      traefik.http.routers.prowlarr.rule: "Host(`prowlarr.comprofix.xyz`)"
      traefik.http.routers.prowlarr.entrypoints: "https"
      traefik.http.routers.prowlarr.tls: "true"
      traefik.http.services.prowlarr.loadbalancer.server.port: "9696"
-    pull: true
-    recreate: true
-    
--- a/tasks/pykms.yml
+++ b/tasks/pykms.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/pykms"
-    - "/data/pykms/db"
-
+    - "{{ data_folder }}/pykms"
+    - "{{ data_folder }}/pykms/db"
+  
 - name: Create the pykms container
  docker_container:
    name: pykms
-    image: ghcr.io/py-kms-organization/py-kms:latest@sha256:07e5295d563df9e8f5165109d79cf06e425559c8b7f465c3c22578f62f8dce59
+    image: ghcr.io/py-kms-organization/py-kms:latest
    restart_policy: unless-stopped
+    recreate: true
    ports:
      - "1688:1688"
    env:
@@ -20,9 +21,6 @@
      HWID: "RANDOM"
      LOGLEVEL: "INFO"
    volumes:
-      - "/data/pykms/db:/home/py-kms/db"
+      - "{{ data_folder }}/pykms/db:/home/py-kms/db"
      - /etc/localtime:/etc/localtime:ro
-    pull: true
-    recreate: true
-    

--- a/tasks/radarr.yml
+++ b/tasks/radarr.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/radarr"
-    - "/data/radarr/config"
-
+    - "{{ data_folder }}/radarr"
+    - "{{ data_folder }}/radarr/config"
+  
 - name: Create the radarr container
  docker_container:
    name: radarr
-    image: linuxserver/radarr:5.28.0
+    image: linuxserver/radarr:5.27.5
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -20,14 +21,11 @@
      TZ: "Australia/Brisbane"
      DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:radarr"
    volumes:
-      - "/data/radarr/config:/config"
+      - "{{ data_folder }}/radarr/config:/config"
      - /mnt/nfs/data:/data
    labels:
      traefik.enable: "true"
      traefik.http.routers.radarr.rule: "Host(`radarr.comprofix.xyz`)"
      traefik.http.routers.radarr.entrypoints: "https"
      traefik.http.routers.radarr.tls: "true"
-      traefik.http.services.radarr.loadbalancer.server.port: "7878"
-    pull: true
-    recreate: true
-    
+      traefik.http.services.radarr.loadbalancer.server.port: "7878"
--- a/tasks/readarr.yml
+++ b/tasks/readarr.yml
@@ -0,0 +1,33 @@
+# Readarr has been archived/retired.
+# Keeping this for history
+# ---
+# - name: Create directories
+#   file:
+#     path: "{{ item }}"
+#     state: directory
+#   with_items:
+#     - "{{ data_folder }}/readarr"
+#     - "{{ data_folder }}/readarr/config"
+
+# - name: Create the readarr container
+#   docker_container:
+#     name: readarr
+#     image: linuxserver/readarr:develop@sha256:eb37f58646a901dc7727cf448cae36daaefaba79de33b5058dab79aa4c04aefb
+#     restart_policy: unless-stopped
+#     recreate: true
+#     networks:
+#       - name: proxy
+#     env:
+#       PUID: "1000"
+#       PGID: "1000"
+#       TZ: "Australia/Brisbane"
+#       DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:readarr"
+#     volumes:
+#       - "{{ data_folder }}/readarr/config/:/config"
+#       - /mnt/nfs/data/:/data
+#     labels:
+#       traefik.enable: "true"
+#       traefik.http.routers.readarr.rule: "Host(`readarr.comprofix.xyz`)"
+#       traefik.http.routers.readarr.entrypoints: "https"
+#       traefik.http.routers.readarr.tls: "true"
+#       traefik.http.services.readarr.loadbalancer.server.port: "8787"
--- a/tasks/sabnzbd.yml
+++ b/tasks/sabnzbd.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/sabnzbd"
-    - "/data/sabnzbd/config"
+    - "{{ data_folder }}/sabnzbd"
+    - "{{ data_folder }}/sabnzbd/config"
  
 - name: Create the sabnzbd container
  docker_container:
    name: sabnzbd
-    image: linuxserver/sabnzbd:4.5.5
+    image: linuxserver/sabnzbd:4.5.3
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -21,7 +22,7 @@
      HOSTNAME: "sabnzbd.comprofix.xyz"
      DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:sabnzbd"
    volumes:
-      - "/data/sabnzbd/config:/config"
+      - "{{ data_folder }}/sabnzbd/config:/config"
      - /mnt/nfs/data:/data
    labels:
      traefik.enable: "true"
@@ -29,6 +30,3 @@
      traefik.http.routers.sabnzbd.entrypoints: "https"
      traefik.http.routers.sabnzbd.tls: "true"
      traefik.http.services.sabnzbd.loadbalancer.server.port: "8080"
-    pull: true
-    recreate: true
-    
--- a/tasks/sonarr.yml
+++ b/tasks/sonarr.yml
@@ -4,14 +4,15 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/sonarr"
-    - "/data/sonarr/config"
-
+    - "{{ data_folder }}/sonarr"
+    - "{{ data_folder }}/sonarr/config"
+  
 - name: Create the sonarr container
  docker_container:
    name: sonarr
    image: linuxserver/sonarr:4.0.15
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -20,7 +21,7 @@
      TZ: "Australia/Brisbane"
      DOCKER_MODS: "ghcr.io/themepark-dev/theme.park:sonarr"
    volumes:
-      - "/data/sonarr/config/:/config"
+      - "{{ data_folder }}/sonarr/config/:/config"
      - /mnt/nfs/data:/data
    labels:
      traefik.enable: "true"
@@ -28,5 +29,3 @@
      traefik.http.routers.sonarr.entrypoints: "https"
      traefik.http.routers.sonarr.tls: "true"
      traefik.http.services.sonarr.loadbalancer.server.port: "8989"
-    pull: true
-    recreate: true
--- a/tasks/speedtest.yml
+++ b/tasks/speedtest.yml
@@ -4,15 +4,16 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/speedtest"
-    - "/data/speedtest/config"
-    - "/data/speedtest/web"
+    - "{{ data_folder }}/speedtest"
+    - "{{ data_folder }}/speedtest/config"
+    - "{{ data_folder }}/speedtest/web"

 - name: Create the speedtest container
  docker_container:
    name: speedtest
-    image: lscr.io/linuxserver/speedtest-tracker:1.6.9
+    image: lscr.io/linuxserver/speedtest-tracker:1.6.6
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -29,8 +30,8 @@
      SPEEDTEST_SCHEDULE: "0 * * * *"
      DISPLAY_TIMEZONE: "Australia/Brisbane"
    volumes:
-      - "/data/speedtest/config:/config"
-      - "/data/speedtest/web:/etc/ssl/web"
+      - "{{ data_folder }}/speedtest/config:/config"
+      - "{{ data_folder }}/speedtest/web:/etc/ssl/web"
    labels:
      traefik.enable: "true"
      traefik.http.routers.speedtest.rule: "Host(`speedtest.comprofix.xyz`)"
@@ -38,6 +39,3 @@
      traefik.http.routers.speedtest.tls: "true"
      traefik.http.services.speedtest.loadbalancer.server.port: "80"
      traefik.http.services.speedtest.loadbalancer.server.scheme: "http"
-    pull: true
-    recreate: true
-    
--- a/tasks/traggo.yml
+++ b/tasks/traggo.yml
@@ -0,0 +1,26 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ data_folder }}/traggo"
+    - "{{ data_folder }}/traggo/data"
+
+- name: Create the traggo container
+  docker_container:
+    name: traggo
+    image: traggo/server:0.7.1
+    restart_policy: unless-stopped
+    recreate: true
+    networks:
+      - name: proxy
+    volumes:
+      - /data/traggo/data:/opt/traggo/data
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.traggo.rule: "Host(`traggo.comprofix.xyz`)"
+      traefik.http.routers.traggo.entrypoints: "https"
+      traefik.http.routers.traggo.tls: "true"
+      traefik.http.services.traggo.loadbalancer.server.port: "3030"
+      traefik.http.services.traggo.loadbalancer.server.scheme: "http"
--- a/tasks/vaultwarden.yml
+++ b/tasks/vaultwarden.yml
@@ -4,17 +4,18 @@
    path: "{{ item }}"
    state: directory
  with_items:
-    - "/data/vaultwarden"
-    - "/data/vaultwarden/config"
-    - "/data/vaultwardenbackup"
-    - "/data/vaultwardenbackup/config"
-    - "/data/vaultwardenbackup/config/rclone"
-
+    - "{{ data_folder }}/vaultwarden"
+    - "{{ data_folder }}/vaultwarden/config"
+    - "{{ data_folder }}/vaultwardenbackup"
+    - "{{ data_folder }}/vaultwardenbackup/config"
+    - "{{ data_folder }}/vaultwardenbackup/config/rclone"
+  
 - name: Create the vaultwarden container
  docker_container:
    name: vaultwarden
    image: vaultwarden/server:1.34.3
    restart_policy: unless-stopped
+    recreate: true
    networks:
      - name: proxy
    env:
@@ -22,7 +23,7 @@
      PGID: "1000"
      TZ: "Australia/Brisbane"
    volumes:
-      - "/data/vaultwarden/data:/data"
+      - "{{ data_folder }}/vaultwarden/data:/data"
    labels:
      traefik.enable: "true"
      traefik.http.routers.vaultwarden.rule: "Host(`vault.comprofix.com`)"
@@ -30,22 +31,21 @@
      traefik.http.routers.vaultwarden.tls: "true"
      traefik.http.routers.vaultwarden.service: "vaultwarden"
      traefik.http.services.vaultwarden.loadbalancer.server.port: "80"
-    pull: true
-    recreate: true
-
+  register: container

 - name: Copy rclone config
  copy:
    src: scripts/rclone.conf
-    dest: "/data/vaultwardenbackup/config/rclone/rclone.conf"
+    dest: "{{ data_folder }}/vaultwardenbackup/config/rclone/rclone.conf"
    decrypt: yes
    mode: "0600"

 - name: Create the vaultwarden container
  docker_container:
    name: vaultwardenbackup
-    image: ttionya/vaultwarden-backup:1.25.3
+    image: ttionya/vaultwarden-backup:1.25.1
    restart_policy: unless-stopped
+    recreate: true
    env:
      PUID: "1000"
      PGID: "1000"
@@ -54,10 +54,9 @@
      BACKUP_KEEP_DAYS: "14"
      ZIP_PASSWORD: "{{ VAULTWARDEN_BACKUP_ZIP_PASSWORD }}"
    volumes:
-      - "/data/vaultwarden/data:/bitwarden/data"
-      - "/data/vaultwardenbackup/config:/config"
-    pull: true
-    recreate: true
+      - "{{ data_folder }}/vaultwarden/data:/bitwarden/data"
+      - "{{ data_folder }}/vaultwardenbackup/config:/config"
+  register: container



--- a/vars/gitea-images.yml
+++ b/vars/gitea-images.yml
@@ -0,0 +1,3 @@
+alpine_latest_image: "alpine:latest"
+ubuntu_latest_image: "node:22-trixie"
+debian_latest_image: "git.comprofix.com/mmckinnon/debian-latest:2025.08.31-093853"
--- a/vault.sh
+++ b/vault.sh
@@ -13,6 +13,8 @@ fi
 #files=`find . \( -type d -name 'group_vars' -o -name 'vars' \) -exec find {} -type f \;`
 files=(
  "./group_vars/all.yml"
+  "./roles/docker/vars/main.yml"
+  "./roles/traefik/vars/main.yml"
  "./scripts/rclone.conf"
 )