Branch Diff Report - saltyorg/Saltbox

added

library/cloudflare_dns_records.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+ ---+ module: cloudflare_dns_records+ description:+     - "This module fetches DNS records from Cloudflare for a specific zone and record name."+     - "It supports both API key and API token authentication methods."+ author: salty+ options:+     auth_email:+         description:+             - Email associated with Cloudflare account+             - Required when using auth_key authentication+         required: false+         type: str+     auth_key:+         description:+             - API key for Cloudflare+             - Required when using auth_key authentication+         required: false+         type: str+     auth_token:+         description:+             - API token for Cloudflare+             - Can be used instead of auth_email and auth_key+         required: false+         type: str+     zone_name:+         description:+             - Name of the Cloudflare zone (e.g., example.com)+         required: true+         type: str+     record:+         description:+             - DNS record name to fetch (e.g., subdomain.example.com)+         required: true+         type: str+ """+ + EXAMPLES = """+ # Fetch DNS records using API key+ - name: Fetch Cloudflare DNS records with API key+   cloudflare_dns_records:+     auth_email: "user@example.com"+     auth_key: "{{ cloudflare_api_key }}"+     zone_name: "example.com"+     record: "app.example.com"+   register: dns_records+ + # Fetch DNS records using API token+ - name: Fetch Cloudflare DNS records with token+   cloudflare_dns_records:+     auth_token: "{{ cloudflare_api_token }}"+     zone_name: "example.com"+     record: "app.example.com"+   register: dns_records+ + # Access the records+ - name: Display records+   debug:+     var: dns_records.records+ """+ + RETURN = """+ records:+     description: List of DNS records matching the query+     type: list+     returned: success+ zone_id:+     description: The Cloudflare zone ID for the specified zone+     type: str+     returned: success+ changed:+     description: Whether any changes were made (always False for this read-only module)+     type: bool+     returned: always+ """+ + from typing import TYPE_CHECKING+ + from ansible.module_utils.basic import AnsibleModule+ + if TYPE_CHECKING:+     from cloudflare import Cloudflare+ + + def get_zone_id(client: "Cloudflare", zone_name: str, module: AnsibleModule) -> str:+     """+     Fetch the zone ID for a given zone name from Cloudflare.+ +     Args:+         client: Cloudflare client instance+         zone_name (str): Name of the zone to look up+         module: AnsibleModule instance for error reporting+ +     Returns:+         str: The zone ID+ +     Raises:+         Calls module.fail_json on error+     """+     try:+         zone = client.zones.list(name=zone_name)+         if len(zone.result) == 0:+             module.fail_json(msg=f"Specified zone '{zone_name}' was not found")+         return zone.result[0].id+     except Exception as e:+         module.fail_json(msg=f"Error fetching zone ID: {str(e)}")+ + + def fetch_dns_records(client: "Cloudflare", zone_id: str, record_name: str, module: AnsibleModule) -> list[dict[str, object]]:+     """+     Fetch DNS records from Cloudflare.+ +     Args:+         client: Cloudflare client instance+         zone_id (str): The Cloudflare zone ID+         record_name (str): The DNS record name to fetch+         module: AnsibleModule instance for error reporting+ +     Returns:+         list: List of DNS records+ +     Raises:+         Calls module.fail_json on error+     """+     try:+         records_response = client.dns.records.list(zone_id=zone_id, name={"exact": record_name})+         if records_response is None:+             module.fail_json(msg="No response from Cloudflare API")+ +         records = records_response.to_dict()+         results = records.get("result", [])+         if not isinstance(results, list):+             module.fail_json(msg="Unexpected response format from Cloudflare API")+         return results+     except Exception as e:+         module.fail_json(msg=f"Error fetching DNS records: {str(e)}")+ + + def run_module() -> None:+     """+     Main module execution.+ +     This function handles the module's argument parsing, execution flow,+     and return value preparation.+     """+     module_args = dict(+         auth_email=dict(type='str', required=False, no_log=False),+         auth_key=dict(type='str', required=False, no_log=True),+         auth_token=dict(type='str', required=False, no_log=True),+         zone_name=dict(type='str', required=True),+         record=dict(type='str', required=True),+     )+ +     result: dict[str, bool | str | list[dict[str, object]]] = {+         'changed': False,+         'records': [],+         'zone_id': '',+     }+ +     module = AnsibleModule(+         argument_spec=module_args,+         supports_check_mode=True,+         required_one_of=[+             ['auth_token', 'auth_key']+         ],+         required_together=[+             ['auth_email', 'auth_key']+         ],+         mutually_exclusive=[+             ['auth_token', 'auth_key']+         ],+     )+ +     try:+         # Import cloudflare here to provide better error message if not installed+         try:+             from cloudflare import Cloudflare+         except ImportError:+             module.fail_json(msg="The 'cloudflare' Python library is required. Install it with: pip install cloudflare")+ +         auth_email = module.params.get('auth_email')+         auth_key = module.params.get('auth_key')+         auth_token = module.params.get('auth_token')+         zone_name = module.params['zone_name']+         record = module.params['record']+ +         # Initialize Cloudflare client+         if auth_token:+             cf = Cloudflare(api_token=auth_token)+         else:+             cf = Cloudflare(api_email=auth_email, api_key=auth_key)+ +         # Fetch zone ID+         zone_id = get_zone_id(cf, zone_name, module)+         result['zone_id'] = zone_id+ +         # Fetch DNS records+         records = fetch_dns_records(cf, zone_id, record, module)+         result['records'] = records+ +         module.exit_json(**result)+ +     except Exception as e:+         module.fail_json(msg=f"Unexpected error: {str(e)}")+ + + def main() -> None:+     """+     Module entry point.+     """+     run_module()+ + + if __name__ == '__main__':+     main()

added

library/cloudflare_ssl.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+ ---+ module: cloudflare_ssl+ description:+     - "This module retrieves the SSL/TLS encryption mode for a specific Cloudflare zone."+     - "It supports both API key and API token authentication methods."+     - "Can automatically extract the zone from a domain using the tld library."+ author: salty+ options:+     auth_email:+         description:+             - Email associated with Cloudflare account+             - Required when using auth_key authentication+         required: false+         type: str+     auth_key:+         description:+             - API key for Cloudflare+             - Required when using auth_key authentication+         required: false+         type: str+     auth_token:+         description:+             - API token for Cloudflare+             - Can be used instead of auth_email and auth_key+         required: false+         type: str+     domain:+         description:+             - Domain name to parse and extract zone from (e.g., subdomain.example.com)+             - Mutually exclusive with zone_name+         required: false+         type: str+     zone_name:+         description:+             - Name of the Cloudflare zone (e.g., example.com)+             - Mutually exclusive with domain+         required: false+         type: str+ """+ + EXAMPLES = """+ # Get SSL/TLS mode using domain (automatically extracts zone)+ - name: Get Cloudflare SSL mode with domain+   cloudflare_ssl:+     auth_email: "user@example.com"+     auth_key: "{{ cloudflare_api_key }}"+     domain: "{{ user.domain }}"+   register: ssl_mode+ + # Get SSL/TLS mode using explicit zone name+ - name: Get Cloudflare SSL mode with zone+   cloudflare_ssl:+     auth_email: "user@example.com"+     auth_key: "{{ cloudflare_api_key }}"+     zone_name: "example.com"+   register: ssl_mode+ + # Display the SSL mode+ - name: Display SSL mode+   debug:+     msg: "SSL/TLS mode: {{ ssl_mode.ssl_mode }}"+ """+ + RETURN = """+ ssl_mode:+     description: The SSL/TLS encryption mode for the zone+     type: str+     returned: success+     sample: "full"+ zone_id:+     description: The Cloudflare zone ID for the specified zone+     type: str+     returned: success+ zone_name:+     description: The zone name that was queried+     type: str+     returned: success+ changed:+     description: Whether any changes were made (always False for this read-only module)+     type: bool+     returned: always+ """+ + from typing import TYPE_CHECKING+ + from ansible.module_utils.basic import AnsibleModule+ + if TYPE_CHECKING:+     from cloudflare import Cloudflare+ + + def get_zone_id(client: "Cloudflare", zone_name: str, module: AnsibleModule) -> str:+     """+     Fetch the zone ID for a given zone name from Cloudflare.+ +     Args:+         client: Cloudflare client instance+         zone_name (str): Name of the zone to look up+         module: AnsibleModule instance for error reporting+ +     Returns:+         str: The zone ID+ +     Raises:+         Calls module.fail_json on error+     """+     try:+         zone = client.zones.list(name=zone_name)+         if len(zone.result) == 0:+             module.fail_json(msg=f"Specified zone '{zone_name}' was not found")+         return zone.result[0].id+     except Exception as e:+         module.fail_json(msg=f"Error fetching zone ID: {str(e)}")+         raise # Unreachable - Pylance silencer+ + + def get_ssl_tls_mode(client: "Cloudflare", zone_id: str, module: AnsibleModule) -> str:+     """+     Get the SSL/TLS settings for a zone.+ +     Args:+         client: Cloudflare client instance+         zone_id (str): The Cloudflare zone ID+         module: AnsibleModule instance for error reporting+ +     Returns:+         str: The SSL/TLS mode value+ +     Raises:+         Calls module.fail_json on error+     """+     try:+         ssl_response = client.zones.settings.get(setting_id='ssl', zone_id=zone_id)+         if ssl_response is None:+             module.fail_json(msg="No response from Cloudflare API")+ +         ssl_settings = ssl_response.to_dict()+         ssl_mode = ssl_settings.get('value')+ +         if ssl_mode is None:+             module.fail_json(msg="SSL/TLS mode value not found in API response")+ +         return str(ssl_mode)+     except Exception as e:+         module.fail_json(msg=f"Error fetching SSL/TLS settings: {str(e)}")+         raise # Unreachable - Pylance silencer+ + + def run_module() -> None:+     """+     Main module execution.+ +     This function handles the module's argument parsing, execution flow,+     and return value preparation.+     """+     module_args = dict(+         auth_email=dict(type='str', required=False, no_log=False),+         auth_key=dict(type='str', required=False, no_log=True),+         auth_token=dict(type='str', required=False, no_log=True),+         domain=dict(type='str', required=False),+         zone_name=dict(type='str', required=False),+     )+ +     result = dict(+         changed=False,+         ssl_mode='',+         zone_id='',+         zone_name='',+     )+ +     module = AnsibleModule(+         argument_spec=module_args,+         supports_check_mode=True,+         required_one_of=[+             ['auth_token', 'auth_key'],+             ['domain', 'zone_name']+         ],+         required_together=[+             ['auth_email', 'auth_key']+         ],+         mutually_exclusive=[+             ['auth_token', 'auth_key'],+             ['domain', 'zone_name']+         ],+     )+ +     try:+         # Import cloudflare here to provide better error message if not installed+         try:+             from cloudflare import Cloudflare+         except ImportError:+             module.fail_json(msg="The 'cloudflare' Python library is required. Install it with: pip install cloudflare")+ +         auth_email = module.params.get('auth_email')+         auth_key = module.params.get('auth_key')+         auth_token = module.params.get('auth_token')+         domain = module.params.get('domain')+         zone_name = module.params.get('zone_name')+ +         # Parse domain to get zone name if domain is provided+         if domain:+             try:+                 from tld import get_tld+                 res = get_tld(f"http://{domain}", as_object=True)+                 zone_name = getattr(res, 'fld', None)+                 if not zone_name:+                     module.fail_json(msg=f"Failed to extract zone name from domain '{domain}'")+             except ImportError:+                 module.fail_json(msg="The 'tld' Python library is required for domain parsing. Install it with: pip install tld")+             except Exception as e:+                 module.fail_json(msg=f"Failed to parse domain '{domain}': {str(e)}")+ +         # Ensure zone_name is set+         if not zone_name:+             module.fail_json(msg="Zone name could not be determined from provided parameters")+ +         # Initialize Cloudflare client+         if auth_token:+             cf = Cloudflare(api_token=auth_token)+         else:+             cf = Cloudflare(api_email=auth_email, api_key=auth_key)+ +         # Fetch zone ID+         zone_id = get_zone_id(cf, zone_name, module)+         result['zone_id'] = zone_id+         result['zone_name'] = zone_name+ +         # Fetch SSL/TLS mode+         ssl_mode = get_ssl_tls_mode(cf, zone_id, module)+         result['ssl_mode'] = ssl_mode+ +         module.exit_json(**result)+ +     except Exception as e:+         module.fail_json(msg=f"Unexpected error: {str(e)}")+ + + def main() -> None:+     """+     Module entry point.+     """+     run_module()+ + + if __name__ == '__main__':+     main()

added

library/ip_timezone_lookup.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+ ---+ module: ip_timezone_lookup+ description:+     - Fetches timezone information from multiple IP geolocation services+     - Returns a consensus timezone when multiple sources agree+     - Provides individual results from each source for verification+     - Returns only valid IANA timezone identifiers suitable for timedatectl+ author: salty+ options:+     ip_address:+         description:+             - IP address to lookup timezone for+         required: true+         type: str+     timeout:+         description:+             - Timeout in seconds for each API request+         required: false+         default: 5+         type: int+     min_consensus:+         description:+             - Minimum number of sources that must agree for consensus+         required: false+         default: 2+         type: int+ """+ + EXAMPLES = """+ - name: Get timezone for specific IP+   ip_timezone_lookup:+     ip_address: "8.8.8.8"+   register: tz_result+ + - name: Set system timezone based on IP location+   command: timedatectl set-timezone {{ tz_result.timezone }}+   when: tz_result.confidence == 'high'+ + - name: Display consensus timezone+   debug:+     msg: "Consensus timezone: {{ tz_result.timezone }}"+ + - name: Display all source results+   debug:+     msg: "{{ tz_result.sources }}"+ """+ + RETURN = """+ timezone:+     description: The consensus timezone in IANA format (suitable for timedatectl)+     type: str+     returned: always+     sample: "Europe/Helsinki"+ confidence:+     description: Confidence level of the result (high/medium/low/none)+     type: str+     returned: always+     sample: "high"+ consensus_count:+     description: Number of sources agreeing on the timezone+     type: int+     returned: always+     sample: 8+ total_sources:+     description: Total number of sources queried+     type: int+     returned: always+     sample: 8+ successful_lookups:+     description: Number of successful API calls returning valid timezones+     type: int+     returned: always+     sample: 8+ sources:+     description: Dictionary containing results from each source+     type: dict+     returned: always+     sample: {+         "ipapi": {"timezone": "Europe/Helsinki", "success": true},+         "ipinfo": {"timezone": "Europe/Helsinki", "success": true}+     }+ ip_used:+     description: The IP address that was looked up+     type: str+     returned: always+     sample: "8.8.8.8"+ """+ + from ansible.module_utils.basic import AnsibleModule+ import json+ from collections import Counter+ import asyncio+ from typing import Any, Awaitable, Callable, Optional+ import aiohttp+ + class IPTimezoneLookup:+     def __init__(self, module: AnsibleModule) -> None:+         self.module: AnsibleModule = module+         self.ip_address: str = module.params['ip_address']+         self.timeout: int = module.params['timeout']+         self.min_consensus: int = module.params['min_consensus']+         self.results: dict[str, dict[str, object]] = {}+         +     async def make_request(self, session: aiohttp.ClientSession, url: str, headers: Optional[dict[str, str]] = None) -> Optional[dict[str, Any]]:+         """Make async HTTP request with error handling"""+         try:+             async with session.get(url, headers=headers, timeout=aiohttp.ClientTimeout(total=self.timeout)) as response:+                 if response.status == 200:+                     return await response.json()+                 return None+         except (aiohttp.ClientError, asyncio.TimeoutError, json.JSONDecodeError) as e:+             return None+     +     async def fetch_ipapi(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ip-api.com (free, reliable)"""+         url = f"http://ip-api.com/json/{self.ip_address}"+         data = await self.make_request(session, url)+         if data and data.get('status') == 'success':+             return data.get('timezone')+         return None+ +     async def fetch_ipinfo(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ipinfo.io (free tier, reliable)"""+         url = f"https://ipinfo.io/{self.ip_address}/json"+         data = await self.make_request(session, url)+         if data:+             return data.get('timezone')+         return None+ +     async def fetch_ipapi_co(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ipapi.co (reliable)"""+         url = f"https://ipapi.co/{self.ip_address}/json/"+         data = await self.make_request(session, url)+         if data and not data.get('error'):+             return data.get('timezone')+         return None+ +     async def fetch_freegeoip(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from freegeoip.app (reliable)"""+         url = f"https://freegeoip.app/json/{self.ip_address}"+         data = await self.make_request(session, url)+         if data:+             return data.get('time_zone')+         return None+ +     async def fetch_ipwhois(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ipwhois.app (reliable)"""+         url = f"https://ipwhois.app/json/{self.ip_address}"+         data = await self.make_request(session, url)+         if data and data.get('success') != False:+             return data.get('timezone')+         return None+ +     async def fetch_geojs(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from geojs.io (reliable)"""+         url = f"https://get.geojs.io/v1/ip/geo/{self.ip_address}.json"+         data = await self.make_request(session, url)+         if data:+             return data.get('timezone')+         return None+ +     async def fetch_ipregistry(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ipregistry.co (reliable with tryout key)"""+         url = f"https://api.ipregistry.co/{self.ip_address}?key=tryout"+         data = await self.make_request(session, url)+         if data:+             tz_info = data.get('time_zone')+             if tz_info:+                 return tz_info.get('id')+         return None+ +     async def fetch_ipapi_is(self, session: aiohttp.ClientSession) -> Optional[str]:+         """Fetch from ipapi.is (reliable)"""+         url = f"https://api.ipapi.is/?q={self.ip_address}"+         data = await self.make_request(session, url)+         if data:+             location = data.get('location')+             if location:+                 return location.get('timezone')+         return None+     +     async def _fetch_from_source(+         self,+         session: aiohttp.ClientSession,+         source_name: str,+         lookup_func: Callable[[aiohttp.ClientSession], Awaitable[Optional[str]]]+     ) -> tuple[str, dict[str, object]]:+         """Fetch timezone from a single source with error handling"""+         try:+             timezone = await lookup_func(session)+             if timezone and '/' in timezone:  # Valid IANA timezone+                 return source_name, {+                     'timezone': timezone,+                     'success': True+                 }+             else:+                 return source_name, {+                     'timezone': None,+                     'success': False,+                     'error': 'No valid IANA timezone returned'+                 }+         except Exception as e:+             return source_name, {+                 'timezone': None,+                 'success': False,+                 'error': str(e)+             }+ +     async def _run_lookups_async(self) -> None:+         """Run all timezone lookups concurrently"""+         # Only include sources that returned valid results in testing+         lookup_methods = {+             'ipapi': self.fetch_ipapi,+             'ipinfo': self.fetch_ipinfo,+             'ipapi_co': self.fetch_ipapi_co,+             'freegeoip': self.fetch_freegeoip,+             'ipwhois': self.fetch_ipwhois,+             'geojs': self.fetch_geojs,+             'ipregistry': self.fetch_ipregistry,+             'ipapi_is': self.fetch_ipapi_is,+         }+ +         # Create aiohttp session and run all lookups concurrently+         async with aiohttp.ClientSession() as session:+             tasks = [+                 self._fetch_from_source(session, source_name, lookup_func)+                 for source_name, lookup_func in lookup_methods.items()+             ]+             results = await asyncio.gather(*tasks)+ +             # Store results+             for source_name, result in results:+                 self.results[source_name] = result+ +     def run_lookups(self) -> None:+         """Run all timezone lookups (synchronous wrapper for async operations)"""+         asyncio.run(self._run_lookups_async())+     +     def determine_consensus(self) -> tuple[Optional[str], str, int]:+         """Determine the consensus timezone"""+         # Collect all successful timezones+         timezones = []+         +         for source, result in self.results.items():+             if result['success'] and result['timezone']:+                 timezones.append(result['timezone'])+         +         if not timezones:+             return None, 'none', 0+         +         # Count occurrences+         tz_counter = Counter(timezones)+         most_common = tz_counter.most_common(1)[0]+         consensus_tz = most_common[0]+         consensus_count = most_common[1]+         +         if consensus_count < self.min_consensus:+             return None, 'low', consensus_count+ +         # Determine confidence+         total_valid = len(timezones)+         if consensus_count >= total_valid * 0.7:+             confidence = 'high'+         elif consensus_count >= total_valid * 0.5:+             confidence = 'medium'+         else:+             confidence = 'low'+ +         return consensus_tz, confidence, consensus_count+ + def main() -> None:+     module = AnsibleModule(+         argument_spec=dict(+             ip_address=dict(type='str', required=True),+             timeout=dict(type='int', default=5),+             min_consensus=dict(type='int', default=2)+         ),+         supports_check_mode=True+     )+ +     if module.params['timeout'] <= 0:+         module.fail_json(msg="timeout must be a positive integer")+     if module.params['min_consensus'] < 1:+         module.fail_json(msg="min_consensus must be at least 1")+ +     if module.check_mode:+         module.exit_json(changed=False)+     +     lookup = IPTimezoneLookup(module)+     lookup.run_lookups()+     +     consensus_tz, confidence, consensus_count = lookup.determine_consensus()+     +     successful_lookups = sum(1 for r in lookup.results.values() if r['success'])+     +     result = {+         'changed': False,+         'timezone': consensus_tz,+         'confidence': confidence,+         'consensus_count': consensus_count,+         'total_sources': len(lookup.results),+         'successful_lookups': successful_lookups,+         'sources': lookup.results,+         'ip_used': lookup.ip_address+     }+     +     if consensus_tz:+         module.exit_json(**result)+ +     if successful_lookups == 0:+         module.fail_json(msg="Could not determine timezone from any source", **result)+ +     module.fail_json(+         msg=f"Could not reach minimum consensus of {lookup.min_consensus}",+         **result+     )+ + if __name__ == '__main__':+     main()

added

library/tld_parse.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+ ---+ module: tld_parse+ description:+     - Parses a domain name into components needed for DNS record management+     - Extracts the full domain and subdomain portions+     - Uses the tld Python library for parsing+ author: salty+ options:+     url:+         description:+             - The domain or URL to parse+         required: true+         type: str+     record:+         description:+             - Optional DNS record to prepend to the domain+         required: false+         type: str+         default: ''+ """+ + EXAMPLES = """+ - name: Parse domain+   tld_parse:+     url: "{{ user.domain }}"+   register: domain_info+ + - name: Parse domain with record+   tld_parse:+     url: "{{ user.domain }}"+     record: "subdomain"+   register: domain_info+ + - name: Use parsed values+   debug:+     msg: "Domain: {{ domain_info.domain }}, Record: {{ domain_info.record }}"+ """+ + RETURN = """+ fld:+     description: Full domain name (e.g., example.com)+     type: str+     returned: always+     sample: "example.com"+ subdomain:+     description: Subdomain portion (empty string if none)+     type: str+     returned: always+     sample: "www"+ record:+     description: DNS record format (subdomain or '@' for root domain)+     type: str+     returned: always+     sample: "www"+ tld:+     description: Top-level domain (e.g., com, org, co.uk)+     type: str+     returned: always+     sample: "com"+ domain:+     description: Domain name without TLD (e.g., example)+     type: str+     returned: always+     sample: "example"+ """+ + from typing import TYPE_CHECKING, Any+ + from ansible.module_utils.basic import AnsibleModule+ from tld import get_tld+ + if TYPE_CHECKING:+     from tld.utils import Result+ + + def main() -> None:+     module: Any = AnsibleModule(+         argument_spec=dict(+             url=dict(type='str', required=True),+             record=dict(type='str', default='')+         ),+         supports_check_mode=True+     )+ +     url: str = module.params['url']+     record: str = module.params['record']+ +     try:+         # Build the full URL+         full_url: str+         if record:+             full_url = f"http://{record}.{url}"+         else:+             # Only add http:// if URL doesn't already have a scheme+             if not url.startswith(('http://', 'https://')):+                 full_url = f"http://{url}"+             else:+                 full_url = url+ +         # Parse using tld library+         res: Result = get_tld(full_url, as_object=True)  # type: ignore[assignment]+ +         # Extract components - use same naming as tld library+         fld: str = res.fld+         subdomain: str = res.subdomain if res.subdomain else ''+         tld: str = res.tld+         domain: str = res.domain+ +         # Format record for DNS operations+         dns_record: str = subdomain if subdomain else '@'+ +         module.exit_json(+             changed=False,+             fld=fld,+             subdomain=subdomain,+             record=dns_record,+             tld=tld,+             domain=domain+         )+ +     except Exception as e:+         module.fail_json(msg=f"Failed to parse domain: {e!s}")+ + + if __name__ == '__main__':+     main()

added

lookup_plugins/docker_var.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+     name: docker_var+     description:+       - This lookup replicates lookup('vars', _instance_name + suffix, default=lookup('vars', _var_prefix + '_role' + suffix))+       - For the '_name' suffix, the fallback uses _var_prefix + '_name' instead of _var_prefix + '_role_name'+       - For instance names or var prefixes with dashes, checks both original and underscore-converted versions+       - Automatically converts lists of JSON strings to dictionaries when detected+     author: salty+     options:+       _terms:+         description: The suffix to append (e.g. '_docker_network_mode')+         required: true+       default:+         description: The default value to return if neither variable is found+         type: raw+         required: false+       convert_json:+         description: Whether to automatically convert JSON string lists to dictionaries (default true)+         type: bool+         required: false+         default: true+ """+ + EXAMPLES = """+ - name: Look up a docker variable with fallback+   vars:+     _var_prefix: "myapp"+     _instance_name: "myapp"+   debug:+     msg: "{{ lookup('docker_var', '_docker_container', default=_var_prefix) }}"+ """+ + from ansible.plugins.lookup import LookupBase+ from ansible.errors import AnsibleLookupError, AnsibleUndefinedVariable, AnsibleValueOmittedError+ from ansible.utils.display import Display+ from typing import Any, List, Optional, Dict+ import json+ + from jinja2 import Undefined+ + display = Display()+ + class LookupModule(LookupBase):+ +     def _is_json_string_list(self, value: Any) -> bool:+         """Check if value is a list of JSON strings"""+         if not isinstance(value, list):+             return False+         +         # Check if all items are strings that look like JSON objects+         for item in value:+             if not isinstance(item, str):+                 return False+             stripped = item.strip()+             if not (stripped.startswith('{') and stripped.endswith('}')):+                 return False+         +         return len(value) > 0+ +     def _convert_json_list_to_dict(self, json_list: List[str]) -> Optional[Dict[str, Any]]:+         """Convert a list of JSON strings to a combined dictionary"""+         combined_dict: Dict[str, Any] = {}+ +         for json_str in json_list:+             try:+                 # Parse the JSON string directly+                 parsed = json.loads(json_str)+                 if isinstance(parsed, dict):+                     combined_dict.update(parsed)+                 else:+                     display.warning(f"[docker_var] JSON string parsed to non-dict: {parsed}")+                     return None+             except json.JSONDecodeError as je:+                 display.warning(f"[docker_var] Invalid JSON in: {json_str[:100]}... Error: {je}")+                 return None+             except (TypeError, AttributeError) as e:+                 display.warning(f"[docker_var] Failed to process JSON string: {e}")+                 return None+ +         display.vvv(f"[docker_var] Converted JSON list to dict with {len(combined_dict)} keys using manual parsing")+         return combined_dict+ +     def _check_for_undefined(self, value: Any, var_name: str) -> None:+         """Recursively check for undefined variables in a result and raise a clear error if found"""+         if isinstance(value, Undefined):+             undefined_name = getattr(value, '_undefined_name', str(value))+             raise AnsibleUndefinedVariable(+                 f"[docker_var] Variable '{var_name}' contains undefined variable: {undefined_name}"+             )+         # Check for CapturedExceptionMarker or similar sentinel types+         type_name = type(value).__name__+         if 'Captured' in type_name or 'Undefined' in type_name or 'Marker' in type_name:+             # Try to extract more info from the marker+             undefined_name = getattr(value, '_undefined_name', None)+             if undefined_name is None:+                 undefined_name = getattr(value, 'name', None)+             if undefined_name is None:+                 # Try to get it from string representation+                 value_str = str(value)+                 if value_str and value_str != type_name:+                     undefined_name = value_str+             msg = f"[docker_var] Variable '{var_name}' references an undefined variable"+             if undefined_name:+                 msg += f": '{undefined_name}'"+             else:+                 msg += f" (found {type_name})"+             raise AnsibleUndefinedVariable(msg)+         if isinstance(value, list):+             for i, item in enumerate(value):+                 self._check_for_undefined(item, f"{var_name}[{i}]")+         elif isinstance(value, dict):+             for k, v in value.items():+                 self._check_for_undefined(v, f"{var_name}.{k}")+ +     def run(self, terms: List[str], variables: Optional[Dict[str, Any]] = None, **kwargs: Any) -> List[Any]:  # type: ignore[override]+         if variables is None:+             variables = {}+         +         suffix: str = terms[0] if terms else ''+         self.set_options(var_options=variables, direct=kwargs)+         default: Any = self.get_option('default')+         convert_json: Optional[bool] = self.get_option('convert_json')+         if convert_json is None:+             convert_json = True+         omit_token = variables.get('omit')+ +         if self._templar is None:+             raise AnsibleLookupError("[docker_var] Templar is not initialized")+         self._templar.available_variables = variables+         stack_key = "__saltbox_docker_var_stack__"+         stack_prev = variables.get(stack_key)+         stack_owner = False+         if not isinstance(stack_prev, list):+             variables[stack_key] = []+             stack_owner = True+         stack = variables[stack_key]+ +         try:+             if '_var_prefix' not in variables:+                 raise KeyError("[docker_var] Required variable '_var_prefix' not found")+             if '_instance_name' not in variables:+                 raise KeyError("[docker_var] Required variable '_instance_name' not found")+ +             var_prefix: str = self._templar.template(variables['_var_prefix'], fail_on_undefined=True)+             instance_name: str = self._templar.template(variables['_instance_name'], fail_on_undefined=True)+             +             # Create lists of prefixes to try (including dash/underscore variants)+             instance_names_to_try: List[str] = [instance_name]+             if '-' in instance_name:+                 underscore_instance: str = instance_name.replace('-', '_')+                 instance_names_to_try.append(underscore_instance)+                 display.vvv(f"[docker_var] Added underscore variant for instance: {underscore_instance}")+ +             var_prefixes_to_try: List[str] = [var_prefix]+             if '-' in var_prefix:+                 underscore_prefix: str = var_prefix.replace('-', '_')+                 var_prefixes_to_try.append(underscore_prefix)+                 display.vvv(f"[docker_var] Added underscore variant for prefix: {underscore_prefix}")+ +             # Build the variable names to check+             vars_to_check: List[str] = []+             +             # For each instance name variant, add the primary variable+             for inst_name in instance_names_to_try:+                 primary_var: str = inst_name + suffix+                 vars_to_check.append(primary_var)+ +             # For each var prefix variant, add the fallback variable+             for var_pref in var_prefixes_to_try:+                 fallback_var: str+                 if suffix == '_name':+                     fallback_var = var_pref + suffix+                 else:+                     fallback_var = var_pref + '_role' + suffix+                 vars_to_check.append(fallback_var)+ +             display.vvv(f"[docker_var] Checking these keys in order: {vars_to_check}")+             if display.verbosity >= 3:+                 debug_keys = sorted([+                     k for k in variables+                     if suffix in k or k.endswith(suffix) or any(k.startswith(prefix) for prefix in instance_names_to_try + var_prefixes_to_try)+                 ])+                 display.vvv(f"[docker_var] Relevant vars: {debug_keys}")+             +             # Try each variable name in order+             for var_name in vars_to_check:+                 if var_name in variables:+                     raw_value = variables.get(var_name)+                     if raw_value is None:+                         display.vvv(f"[docker_var] Skipping {var_name} (value is None)")+                         continue+                     if omit_token is not None and raw_value is omit_token:+                         display.vvv(f"[docker_var] {var_name} is omit — returning omit")+                         return [omit_token]+ +                     guard_id = f"docker_var:{var_prefix}:{instance_name}:{suffix}:{var_name}"+                     if guard_id in stack:+                         cycle = " -> ".join(stack + [guard_id])+                         raise AnsibleLookupError(+                             f"[docker_var] Circular reference detected while resolving '{var_name}' "+                             f"(prefix='{var_prefix}', instance='{instance_name}', suffix='{suffix}'). Stack: {cycle}"+                         )+                     stack.append(guard_id)+                     try:+                         # Variable exists - if templating fails, that's an error (don't fall back to default)+                         # This ensures that variables referencing undefined vars are caught+                         try:+                             result = self._templar.template(raw_value, fail_on_undefined=True)+                         except AnsibleValueOmittedError:+                             display.vvv(f"[docker_var] {var_name} templated to omit — returning omit")+                             return [omit_token]+                         except Exception as e:+                             raise AnsibleLookupError(+                                 f"[docker_var] Failed to resolve '{var_name}': {e}"+                             ) from e+                         if omit_token is not None and result is omit_token:+                             display.vvv(f"[docker_var] {var_name} resolved to omit — returning omit")+                             return [omit_token]+                         # Check for undefined variables that got captured instead of raising+                         self._check_for_undefined(result, var_name)+                         if result is not None:+                             # Check if we should convert JSON list to dict+                             if convert_json and self._is_json_string_list(result):+                                 display.vvv(f"[docker_var] Found JSON string list for {var_name}, converting to dict")+                                 converted = self._convert_json_list_to_dict(result)+                                 if converted is not None:+                                     return [converted]+                                 else:+                                     display.vvv(f"[docker_var] Conversion failed, returning original list")+ +                             display.vvv(f"[docker_var] Returning templated value for {var_name}: {result}")+                             return [result]+                         else:+                             display.vvv(f"[docker_var] {var_name} is None after templating, skipping")+                     finally:+                         if stack and stack[-1] == guard_id:+                             stack.pop()+                         elif guard_id in stack:+                             stack.remove(guard_id)+                 else:+                     display.vvv(f"[docker_var] {var_name} not found in variables — skipping")+ +             # If we have a default, use it (only reached if no variable existed)+             if default is not None:+                 display.vvv(f"[docker_var] No usable variable found, returning default: {default}")+                 return [default]+ +             # Otherwise raise an error - variable not found and no default provided+             raise AnsibleLookupError(+                 f"[docker_var] Variable not found and no default provided. "+                 f"Tried the following variables in order: {', '.join(vars_to_check)}"+             )+         finally:+             if stack_owner:+                 if stack_prev is None:+                     variables.pop(stack_key, None)+                 else:+                     variables[stack_key] = stack_prev

added

lookup_plugins/docker_vars.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+     name: docker_vars+     description:+       - Bulk lookup for docker variables using the same resolution logic as C(docker_var), but resolves multiple suffixes in one call.+       - For the '_name' suffix, the fallback uses _var_prefix + '_name' instead of _var_prefix + '_role_name'.+       - For instance names or var prefixes with dashes, checks both original and underscore-converted versions.+       - Automatically converts lists of JSON strings to dictionaries when detected.+     author: salty+     options:+       _terms:+         description: The suffixes to append (e.g. '_docker_network_mode')+         required: true+       specs:+         description: >-+           Mapping of suffix to spec dict (keys: default, omit, required). When provided,+           _terms/defaults are ignored.+         type: dict+         required: false+       defaults:+         description: Mapping of suffix to default value if neither variable is found+         type: dict+         required: false+       convert_json:+         description: Whether to automatically convert JSON string lists to dictionaries (default true)+         type: bool+         required: false+         default: true+ """+ + EXAMPLES = """+ - name: Look up multiple docker variables with fallback in a single call+   vars:+     _docker_var_suffixes:+       - "_docker_container"+       - "_docker_network_mode"+     _docker_var_defaults:+       _docker_container: "myapp"+       _docker_network_mode: "bridge"+   debug:+     msg: "{{ lookup('docker_vars', _docker_var_suffixes, defaults=_docker_var_defaults) }}"+ + - name: Look up multiple docker variables with specs+   vars:+     _docker_var_specs:+       _docker_container:+         default: "myapp"+       _docker_network_mode:+         default: "bridge"+       _docker_auto_remove:+         omit: true+       _docker_image:+         required: true+   debug:+     msg: "{{ lookup('docker_vars', specs=_docker_var_specs) }}"+ """+ + from ansible.plugins.lookup import LookupBase+ from ansible.errors import AnsibleLookupError, AnsibleUndefinedVariable, AnsibleValueOmittedError+ from ansible.utils.display import Display+ from typing import Any, List, Optional, Dict+ import json+ + from jinja2 import Undefined+ + display = Display()+ _OMIT_SENTINEL = object()+ + class LookupModule(LookupBase):+ +     def _is_json_string_list(self, value: Any) -> bool:+         """Check if value is a list of JSON strings"""+         if not isinstance(value, list):+             return False+ +         # Check if all items are strings that look like JSON objects+         for item in value:+             if not isinstance(item, str):+                 return False+             stripped = item.strip()+             if not (stripped.startswith('{') and stripped.endswith('}')):+                 return False+ +         return len(value) > 0+ +     def _convert_json_list_to_dict(self, json_list: List[str]) -> Optional[Dict[str, Any]]:+         """Convert a list of JSON strings to a combined dictionary"""+         combined_dict: Dict[str, Any] = {}+ +         for json_str in json_list:+             try:+                 # Parse the JSON string directly+                 parsed = json.loads(json_str)+                 if isinstance(parsed, dict):+                     combined_dict.update(parsed)+                 else:+                     display.warning(f"[docker_vars] JSON string parsed to non-dict: {parsed}")+                     return None+             except json.JSONDecodeError as je:+                 display.warning(f"[docker_vars] Invalid JSON in: {json_str[:100]}... Error: {je}")+                 return None+             except (TypeError, AttributeError) as e:+                 display.warning(f"[docker_vars] Failed to process JSON string: {e}")+                 return None+ +         display.vvv(f"[docker_vars] Converted JSON list to dict with {len(combined_dict)} keys using manual parsing")+         return combined_dict+ +     def _check_for_undefined(self, value: Any, var_name: str) -> None:+         """Recursively check for undefined variables in a result and raise a clear error if found"""+         if isinstance(value, Undefined):+             undefined_name = getattr(value, '_undefined_name', str(value))+             raise AnsibleUndefinedVariable(+                 f"[docker_vars] Variable '{var_name}' contains undefined variable: {undefined_name}"+             )+         # Check for CapturedExceptionMarker or similar sentinel types+         type_name = type(value).__name__+         if 'Captured' in type_name or 'Undefined' in type_name or 'Marker' in type_name:+             # Try to extract more info from the marker+             undefined_name = getattr(value, '_undefined_name', None)+             if undefined_name is None:+                 undefined_name = getattr(value, 'name', None)+             if undefined_name is None:+                 # Try to get it from string representation+                 value_str = str(value)+                 if value_str and value_str != type_name:+                     undefined_name = value_str+             msg = f"[docker_vars] Variable '{var_name}' references an undefined variable"+             if undefined_name:+                 msg += f": '{undefined_name}'"+             else:+                 msg += f" (found {type_name})"+             raise AnsibleUndefinedVariable(msg)+         if isinstance(value, list):+             for i, item in enumerate(value):+                 self._check_for_undefined(item, f"{var_name}[{i}]")+         elif isinstance(value, dict):+             for k, v in value.items():+                 self._check_for_undefined(v, f"{var_name}.{k}")+ +     def _normalize_terms(self, terms: List[Any]) -> List[Any]:+         if len(terms) == 1 and isinstance(terms[0], (list, tuple)):+             return list(terms[0])+         return list(terms)+ +     def _build_vars_to_check(+         self,+         suffix: str,+         instance_names_to_try: List[str],+         var_prefixes_to_try: List[str],+     ) -> List[str]:+         vars_to_check: List[str] = []+ +         for inst_name in instance_names_to_try:+             vars_to_check.append(inst_name + suffix)+ +         for var_pref in var_prefixes_to_try:+             if suffix == '_name':+                 fallback_var = var_pref + suffix+             else:+                 fallback_var = var_pref + '_role' + suffix+             vars_to_check.append(fallback_var)+ +         return vars_to_check+ +     def _resolve_suffix(+         self,+         suffix: str,+         variables: Dict[str, Any],+         default_set: bool,+         default: Any,+         convert_json: bool,+         omit_token: Any,+         stack: List[str],+         var_prefix: str,+         instance_name: str,+         instance_names_to_try: List[str],+         var_prefixes_to_try: List[str],+     ) -> Any:+         if self._templar is None:+             raise AnsibleLookupError("[docker_vars] Templar is not initialized")+         templar = self._templar+ +         vars_to_check = self._build_vars_to_check(suffix, instance_names_to_try, var_prefixes_to_try)+ +         display.vvv(f"[docker_vars] Checking these keys in order for suffix '{suffix}': {vars_to_check}")+         if display.verbosity >= 3:+             debug_keys = sorted([+                 k for k in variables+                 if suffix in k or k.endswith(suffix) or any(k.startswith(prefix) for prefix in instance_names_to_try + var_prefixes_to_try)+             ])+             display.vvv(f"[docker_vars] Relevant vars for suffix '{suffix}': {debug_keys}")+ +         for var_name in vars_to_check:+             if var_name in variables:+                 raw_value = variables.get(var_name)+                 if raw_value is None:+                     display.vvv(f"[docker_vars] Skipping {var_name} (value is None)")+                     continue+                 if omit_token is not None and raw_value is omit_token:+                     display.vvv(f"[docker_vars] {var_name} is omit — returning omit")+                     return omit_token+ +                 guard_id = f"docker_var:{var_prefix}:{instance_name}:{suffix}:{var_name}"+                 if guard_id in stack:+                     cycle = " -> ".join(stack + [guard_id])+                     raise AnsibleLookupError(+                         f"[docker_vars] Circular reference detected while resolving '{var_name}' "+                         f"(prefix='{var_prefix}', instance='{instance_name}', suffix='{suffix}'). Stack: {cycle}"+                     )+                 stack.append(guard_id)+                 try:+                     try:+                         result = templar.template(raw_value, fail_on_undefined=True)+                     except AnsibleValueOmittedError:+                         display.vvv(f"[docker_vars] {var_name} templated to omit — returning omit")+                         return omit_token+                     except Exception as e:+                         raise AnsibleLookupError(+                             f"[docker_vars] Failed to resolve '{var_name}': {e}"+                         ) from e+                     if omit_token is not None and result is omit_token:+                         display.vvv(f"[docker_vars] {var_name} resolved to omit — returning omit")+                         return omit_token+                     self._check_for_undefined(result, var_name)+                     if result is not None:+                         if convert_json and self._is_json_string_list(result):+                             display.vvv(f"[docker_vars] Found JSON string list for {var_name}, converting to dict")+                             converted = self._convert_json_list_to_dict(result)+                             if converted is not None:+                                 return converted+                             else:+                                 display.vvv(f"[docker_vars] Conversion failed, returning original list")+ +                         display.vvv(f"[docker_vars] Returning templated value for {var_name}: {result}")+                         return result+                     else:+                         display.vvv(f"[docker_vars] {var_name} is None after templating, skipping")+                 finally:+                     if stack and stack[-1] == guard_id:+                         stack.pop()+                     elif guard_id in stack:+                         stack.remove(guard_id)+             else:+                 display.vvv(f"[docker_vars] {var_name} not found in variables — skipping")+ +         if default_set:+             display.vvv(f"[docker_vars] No usable variable found for suffix '{suffix}', returning default: {default}")+             return default+ +         raise AnsibleLookupError(+             f"[docker_vars] Variable not found and no default provided for suffix '{suffix}'. "+             f"Tried the following variables in order: {', '.join(vars_to_check)}"+         )+ +     def run(self, terms: List[Any], variables: Optional[Dict[str, Any]] = None, **kwargs: Any) -> List[Any]:  # type: ignore[override]+         if variables is None:+             variables = {}+ +         self.set_options(var_options=variables, direct=kwargs)+         specs: Optional[Dict[str, Any]] = self.get_option('specs')+         defaults: Optional[Dict[str, Any]] = self.get_option('defaults')+         convert_json: Optional[bool] = self.get_option('convert_json')+         if convert_json is None:+             convert_json = True+         omit_token = variables.get('omit')+ +         use_specs = specs is not None+         if use_specs:+             if not isinstance(specs, dict):+                 raise AnsibleLookupError("[docker_vars] 'specs' must be a dict when provided")+             suffixes = list(specs.keys())+         else:+             suffixes = self._normalize_terms(terms)+ +         if defaults is None:+             defaults = {}+         if defaults is not None and not isinstance(defaults, dict):+             raise AnsibleLookupError("[docker_vars] 'defaults' must be a dict when provided")+ +         if self._templar is None:+             raise AnsibleLookupError("[docker_vars] Templar is not initialized")+         self._templar.available_variables = variables+ +         stack_key = "__saltbox_docker_var_stack__"+         stack_prev = variables.get(stack_key)+         stack_owner = False+         if not isinstance(stack_prev, list):+             variables[stack_key] = []+             stack_owner = True+         stack = variables[stack_key]+ +         try:+             if '_var_prefix' not in variables:+                 raise KeyError("[docker_vars] Required variable '_var_prefix' not found")+             if '_instance_name' not in variables:+                 raise KeyError("[docker_vars] Required variable '_instance_name' not found")+ +             var_prefix: str = self._templar.template(variables['_var_prefix'], fail_on_undefined=True)+             instance_name: str = self._templar.template(variables['_instance_name'], fail_on_undefined=True)+ +             instance_names_to_try: List[str] = [instance_name]+             if '-' in instance_name:+                 underscore_instance: str = instance_name.replace('-', '_')+                 instance_names_to_try.append(underscore_instance)+                 display.vvv(f"[docker_vars] Added underscore variant for instance: {underscore_instance}")+ +             var_prefixes_to_try: List[str] = [var_prefix]+             if '-' in var_prefix:+                 underscore_prefix: str = var_prefix.replace('-', '_')+                 var_prefixes_to_try.append(underscore_prefix)+                 display.vvv(f"[docker_vars] Added underscore variant for prefix: {underscore_prefix}")+ +             results: Dict[str, Any] = {}+             for suffix in suffixes:+                 if use_specs:+                     spec = specs.get(suffix, {}) if specs is not None else {}+                     if spec is None:+                         spec = {}+                     if not isinstance(spec, dict):+                         raise AnsibleLookupError(+                             f"[docker_vars] Spec for '{suffix}' must be a dict when provided"+                         )+                     spec_has_default = 'default' in spec+                     spec_default = spec.get('default')+                     spec_omit = bool(spec.get('omit', False))+                     spec_required = bool(spec.get('required', False))+ +                     default_set = spec_has_default or spec_omit+                     if spec_required:+                         default_set = False+                         spec_omit = False+                     if spec_has_default:+                         default_value = spec_default+                     elif spec_omit:+                         default_value = _OMIT_SENTINEL+                     else:+                         default_value = None+ +                     resolved = self._resolve_suffix(+                         suffix=suffix,+                         variables=variables,+                         default_set=default_set,+                         default=default_value,+                         convert_json=convert_json,+                         omit_token=omit_token,+                         stack=stack,+                         var_prefix=var_prefix,+                         instance_name=instance_name,+                         instance_names_to_try=instance_names_to_try,+                         var_prefixes_to_try=var_prefixes_to_try,+                     )+ +                     omit_value = False+                     if resolved is _OMIT_SENTINEL:+                         omit_value = True+                         resolved = None+                     elif omit_token is not None and resolved is omit_token:+                         omit_value = True+                         resolved = None+                     results[suffix] = {+                         "value": resolved,+                         "omit": omit_value,+                     }+                 else:+                     default_set = bool(defaults) and suffix in defaults+                     default_value: Any = defaults[suffix] if default_set else None+                     results[suffix] = self._resolve_suffix(+                         suffix=suffix,+                         variables=variables,+                         default_set=default_set,+                         default=default_value,+                         convert_json=convert_json,+                         omit_token=omit_token,+                         stack=stack,+                         var_prefix=var_prefix,+                         instance_name=instance_name,+                         instance_names_to_try=instance_names_to_try,+                         var_prefixes_to_try=var_prefixes_to_try,+                     )+ +             return [results]+         finally:+             if stack_owner:+                 if stack_prev is None:+                     variables.pop(stack_key, None)+                 else:+                     variables[stack_key] = stack_prev

added

lookup_plugins/role_var.py

+ # -*- coding: utf-8 -*-+ + from __future__ import annotations+ + DOCUMENTATION = """+     name: role_var+     description:+       - This lookup replicates lookup('vars', traefik_role_var + suffix, default=lookup('vars', role_name + '_role' + suffix))+       - For the '_name' suffix, the fallback uses role_name + '_name' instead of role_name + '_role_name'+       - When 'role' parameter is specified, constructs the appropriate traefik_role_var for that role+       - For _name variables with dashes, checks both original and underscore-converted versions+       - Automatically converts lists of JSON strings to dictionaries when detected+     author: salty+     options:+       _terms:+         description: The suffix to append (e.g. '_dns_record')+         required: true+       default:+         description: The default value to return if neither variable is found+         type: raw+         required: false+       role:+         description: The role name to use for lookup instead of the current role_name+         type: str+         required: false+       convert_json:+         description: Whether to automatically convert JSON string lists to dictionaries (default true)+         type: bool+         required: false+         default: true+ """+ + EXAMPLES = """+ - name: Look up a role variable with fallback+   vars:+     role_name: "traefik"+     traefik_role_var: "traefik"+   debug:+     msg: "{{ lookup('role_var', '_name', default=role_name) }}"+ """+ + from ansible.plugins.lookup import LookupBase+ from ansible.errors import AnsibleLookupError, AnsibleUndefinedVariable, AnsibleValueOmittedError+ from ansible.utils.display import Display+ from typing import Any, List, Optional, Dict+ import json+ + from jinja2 import Undefined+ + display = Display()+ + class LookupModule(LookupBase):+ +     def _is_json_string_list(self, value: Any) -> bool:+         """Check if value is a list of JSON strings"""+         if not isinstance(value, list):+             return False+         +         # Check if all items are strings that look like JSON objects+         for item in value:+             if not isinstance(item, str):+                 return False+             stripped = item.strip()+             if not (stripped.startswith('{') and stripped.endswith('}')):+                 return False+         +         return len(value) > 0+ +     def _convert_json_list_to_dict(self, json_list: List[str]) -> Optional[Dict[str, Any]]:+         """Convert a list of JSON strings to a combined dictionary"""+         combined_dict: Dict[str, Any] = {}+ +         for json_str in json_list:+             try:+                 # Parse the JSON string directly+                 parsed = json.loads(json_str)+                 if isinstance(parsed, dict):+                     combined_dict.update(parsed)+                 else:+                     display.warning(f"[role_var] JSON string parsed to non-dict: {parsed}")+                     return None+             except json.JSONDecodeError as je:+                 display.warning(f"[role_var] Invalid JSON in: {json_str[:100]}... Error: {je}")+                 return None+             except (TypeError, AttributeError) as e:+                 display.warning(f"[role_var] Failed to process JSON string: {e}")+                 return None+ +         display.vvv(f"[role_var] Converted JSON list to dict with {len(combined_dict)} keys using manual parsing")+         return combined_dict+ +     def _check_for_undefined(self, value: Any, var_name: str) -> None:+         """Recursively check for undefined variables in a result and raise a clear error if found"""+         if isinstance(value, Undefined):+             undefined_name = getattr(value, '_undefined_name', str(value))+             raise AnsibleUndefinedVariable(+                 f"[role_var] Variable '{var_name}' contains undefined variable: {undefined_name}"+             )+         # Check for CapturedExceptionMarker or similar sentinel types+         type_name = type(value).__name__+         if 'Captured' in type_name or 'Undefined' in type_name or 'Marker' in type_name:+             # Try to extract more info from the marker+             undefined_name = getattr(value, '_undefined_name', None)+             if undefined_name is None:+                 undefined_name = getattr(value, 'name', None)+             if undefined_name is None:+                 # Try to get it from string representation+                 value_str = str(value)+                 if value_str and value_str != type_name:+                     undefined_name = value_str+             msg = f"[role_var] Variable '{var_name}' references an undefined variable"+             if undefined_name:+                 msg += f": '{undefined_name}'"+             else:+                 msg += f" (found {type_name})"+             raise AnsibleUndefinedVariable(msg)+         if isinstance(value, list):+             for i, item in enumerate(value):+                 self._check_for_undefined(item, f"{var_name}[{i}]")+         elif isinstance(value, dict):+             for k, v in value.items():+                 self._check_for_undefined(v, f"{var_name}.{k}")+ +     def run(self, terms: List[str], variables: Optional[Dict[str, Any]] = None, **kwargs: Any) -> List[Any]:  # type: ignore[override]+         if variables is None:+             variables = {}+ +         suffix: str = terms[0] if terms else ''+         self.set_options(var_options=variables, direct=kwargs)+         default: Any = self.get_option('default')+         specified_role: Optional[str] = self.get_option('role')+         convert_json: Optional[bool] = self.get_option('convert_json')+         if convert_json is None:+             convert_json = True+         omit_token = variables.get('omit')+ +         if self._templar is None:+             raise AnsibleLookupError("[role_var] Templar is not initialized")+         self._templar.available_variables = variables+         stack_key = "__saltbox_role_var_stack__"+         stack_prev = variables.get(stack_key)+         stack_owner = False+         if not isinstance(stack_prev, list):+             variables[stack_key] = []+             stack_owner = True+         stack = variables[stack_key]+ +         try:+             # Use specified role if provided, otherwise fall back to role_name+             if specified_role:+                 role_name: str = self._templar.template(specified_role, fail_on_undefined=True)+             else:+                 if 'role_name' not in variables:+                     raise KeyError("[role_var] Required variable 'role_name' not found")+                 role_name: str = self._templar.template(variables['role_name'], fail_on_undefined=True)+             +             # If a custom role is specified, we need to construct the appropriate traefik_role_var for that role+             traefik_role_var: str+             if specified_role:+                 # Replicate the logic: traefik_role_var: "{{ lookup('vars', role_name + '_name', default=role_name) }}"+                 custom_role_name_var: str = role_name + '_name'+                 if custom_role_name_var in variables:+                     traefik_role_var = self._templar.template(variables[custom_role_name_var], fail_on_undefined=True)+                 else:+                     traefik_role_var = role_name+                 display.vvv(f"[role_var] Using custom traefik_role_var for role '{role_name}': {traefik_role_var}")+             else:+                 if 'traefik_role_var' not in variables:+                     raise KeyError("[role_var] Required variable 'traefik_role_var' not found")+                 traefik_role_var = self._templar.template(variables['traefik_role_var'], fail_on_undefined=True)+ +             # Build the variable names to check+             primary_var: str+             fallback_var: str+             if suffix == '_name':+                 primary_var = traefik_role_var + suffix+                 fallback_var = role_name + suffix+             else:+                 primary_var = traefik_role_var + suffix+                 fallback_var = role_name + '_role' + suffix+ +             # Create list of all variable names to check (including dash/underscore variants)+             vars_to_check: List[str] = []+             +             for var_name in [primary_var, fallback_var]:+                 vars_to_check.append(var_name)+                 # If the variable name contains dashes, also check the underscore version+                 if '-' in var_name:+                     underscore_var = var_name.replace('-', '_')+                     vars_to_check.append(underscore_var)+                     display.vvv(f"[role_var] Added underscore variant: {underscore_var} for {var_name}")+ +             display.vvv(f"[role_var] Checking these keys in order: {vars_to_check}")+             if display.verbosity >= 3:+                 debug_keys = sorted([+                     k for k in variables+                     if suffix in k or k.endswith(suffix) or k.startswith((traefik_role_var, role_name))+                 ])+                 display.vvv(f"[role_var] Relevant vars: {debug_keys}")+ +             # Try each variable name in order+             for var_name in vars_to_check:+                 if var_name in variables:+                     raw_value = variables.get(var_name)+                     if raw_value is None:+                         display.vvv(f"[role_var] Skipping {var_name} (value is None)")+                         continue+                     if omit_token is not None and raw_value is omit_token:+                         display.vvv(f"[role_var] {var_name} is omit — returning omit")+                         return [omit_token]+ +                     guard_id = f"role_var:{role_name}:{suffix}:{var_name}"+                     if guard_id in stack:+                         cycle = " -> ".join(stack + [guard_id])+                         raise AnsibleLookupError(+                             f"[role_var] Circular reference detected while resolving '{var_name}' "+                             f"(role='{role_name}', suffix='{suffix}'). Stack: {cycle}"+                         )+                     stack.append(guard_id)+                     try:+                         # Variable exists - if templating fails, that's an error (don't fall back to default)+                         # This ensures that variables referencing undefined vars are caught+                         try:+                             result = self._templar.template(raw_value, fail_on_undefined=True)+                         except AnsibleValueOmittedError:+                             display.vvv(f"[role_var] {var_name} templated to omit — returning omit")+                             return [omit_token]+                         except Exception as e:+                             raise AnsibleLookupError(+                                 f"[role_var] Failed to resolve '{var_name}': {e}"+                             ) from e+                         if omit_token is not None and result is omit_token:+                             display.vvv(f"[role_var] {var_name} resolved to omit — returning omit")+                             return [omit_token]+                         # Check for undefined variables that got captured instead of raising+                         self._check_for_undefined(result, var_name)+                         if result is not None:+                             # Check if we should convert JSON list to dict+                             if convert_json and self._is_json_string_list(result):+                                 display.vvv(f"[role_var] Found JSON string list for {var_name}, converting to dict")+                                 converted = self._convert_json_list_to_dict(result)+                                 if converted is not None:+                                     return [converted]+                                 else:+                                     display.vvv(f"[role_var] Conversion failed, returning original list")+ +                             display.vvv(f"[role_var] Returning templated value for {var_name}: {result}")+                             return [result]+                         else:+                             display.vvv(f"[role_var] {var_name} is None after templating, skipping")+                     finally:+                         if stack and stack[-1] == guard_id:+                             stack.pop()+                         elif guard_id in stack:+                             stack.remove(guard_id)+                 else:+                     display.vvv(f"[role_var] {var_name} not found in variables — skipping")+ +             # If we have a default, use it (only reached if no variable existed)+             if default is not None:+                 display.vvv(f"[role_var] No usable variable found, returning default: {default}")+                 return [default]+ +             # Otherwise raise an error - variable not found and no default provided+             raise AnsibleLookupError(+                 f"[role_var] Variable not found and no default provided. "+                 f"Tried the following variables in order: {', '.join(vars_to_check)}"+             )+         finally:+             if stack_owner:+                 if stack_prev is None:+                     variables.pop(stack_key, None)+                 else:+                     variables[stack_key] = stack_prev

added

resources/tasks/instances/nzbget.yml

+ #########################################################################+ # Title:         Saltbox: Resources | Tasks | Instances | Get NZBGet Info #+ # Author(s):     salty                                                    #+ # URL:           https://github.com/saltyorg/Saltbox                      #+ # --                                                                      #+ #########################################################################+ #                   GNU General Public License v3.0                       #+ #########################################################################+ ---+ - name: Resources | Tasks | Instances | Get Info | Check if NZBGet exists+   ansible.builtin.stat:+     path: "{{ lookup('role_var', '_paths_config_location', role='nzbget') }}"+   register: nzbget_role_paths_config_location_stat+ + - name: Resources | Tasks | Instances | Get Info | NZBGet tasks+   when: nzbget_role_paths_config_location_stat.stat.exists+   block:+     - name: Resources | Tasks | Instances | Get Info | Fetch NZBGet ControlUsername+       ansible.builtin.shell: "grep -oP '^ControlUsername=\\K.*' {{ lookup('role_var', '_paths_config_location', role='nzbget') }}"+       register: nzbget_username_result+       changed_when: false+ +     - name: Resources | Tasks | Instances | Get Info | Fetch NZBGet ControlPassword+       ansible.builtin.shell: "grep -oP '^ControlPassword=\\K.*' {{ lookup('role_var', '_paths_config_location', role='nzbget') }}"+       register: nzbget_password_result+       changed_when: false+ +     - name: Resources | Tasks | Instances | Get Info | Set 'nzbget_info' variable+       ansible.builtin.set_fact:+         nzbget_info:+           name: nzbget+           url: "{{ lookup('role_var', '_web_url', role='nzbget') }}"+           username: "{{ nzbget_username_result.stdout }}"+           password: "{{ nzbget_password_result.stdout }}"+ + - name: Resources | Tasks | Instances | Get Info | Set 'nzbget_info' variable+   ansible.builtin.set_fact:+     nzbget_info:+       name: nzbget+       url: "{{ lookup('role_var', '_web_url', role='nzbget') }}"+       username: "not installed"+       password: "not installed"+   when: (not nzbget_role_paths_config_location_stat.stat.exists)

added

resources/tasks/instances/sabnzbd.yml

+ #########################################################################+ # Title:         Saltbox: Resources | Tasks | Instances | Get SABnzbd Info #+ # Author(s):     salty                                                     #+ # URL:           https://github.com/saltyorg/Saltbox                       #+ # --                                                                       #+ #########################################################################+ #                   GNU General Public License v3.0                        #+ #########################################################################+ ---+ - name: Resources | Tasks | Instances | Get Info | Check if SABnzbd exists+   ansible.builtin.stat:+     path: "{{ lookup('role_var', '_paths_config_location', role='sabnzbd') }}"+   register: sabnzbd_role_paths_config_location_stat+ + - name: Resources | Tasks | Instances | Get Info | SABnzbd API Key tasks+   when: sabnzbd_role_paths_config_location_stat.stat.exists+   block:+     - name: Resources | Tasks | Instances | Get Info | Fetch SABnzbd API Key+       ansible.builtin.shell: "grep -oP '^api_key = \\K.*' {{ lookup('role_var', '_paths_config_location', role='sabnzbd') }}"+       register: sabnzbd_api_key_result+       changed_when: false+ +     - name: Resources | Tasks | Instances | Get Info | Set 'sabnzbd_info' variable+       ansible.builtin.set_fact:+         sabnzbd_info:+           name: sabnzbd+           url: "{{ lookup('role_var', '_web_url', role='sabnzbd') }}"+           api_key: "{{ sabnzbd_api_key_result.stdout }}"+ + - name: Resources | Tasks | Instances | Get Info | Set 'sabnzbd_info' variable+   ansible.builtin.set_fact:+     sabnzbd_info:+       name: sabnzbd+       url: "{{ lookup('role_var', '_web_url', role='sabnzbd') }}"+       api_key: "not installed"+   when: (not sabnzbd_role_paths_config_location_stat.stat.exists)

added

resources/tasks/variables/import_inventory_vars.yml

+ #####################################################################################+ # Title:         Saltbox: Resources | Tasks | Variables | Import Inventory Vars     #+ # Author(s):     salty                                                              #+ # URL:           https://github.com/saltyorg/Saltbox                                #+ # --                                                                                #+ #####################################################################################+ #                   GNU General Public License v3.0                                 #+ #####################################################################################+ ---+ - name: "Resources | Tasks | Variables | Import Inventory Vars | Check if 'localhost.yml' exists"+   ansible.builtin.stat:+     path: "/srv/git/saltbox/inventories/host_vars/localhost.yml"+   register: localhost_inventory_file+ + - name: "Resources | Tasks | Variables | Import Inventory Vars | Import Inventory variables"+   ansible.builtin.include_vars: "/srv/git/saltbox/inventories/host_vars/localhost.yml"+   when: localhost_inventory_file.stat.exists

added

resources/tasks/variables/import_role_vars.yml

+ ################################################################################+ # Title:         Saltbox: Resources | Tasks | Variables | Import Role Vars     #+ # Author(s):     salty                                                         #+ # URL:           https://github.com/saltyorg/Saltbox                           #+ # --                                                                           #+ ################################################################################+ #                   GNU General Public License v3.0                            #+ ################################################################################+ ---+ - name: "Resources | Tasks | Variables | Import Role Vars | Include {{ import_role_name }} role default vars"+   ansible.builtin.include_vars: "/srv/git/saltbox/roles/{{ import_role_name }}/defaults/main.yml"+ + - name: "Resources | Tasks | Variables | Import Role Vars | Check if 'localhost.yml' exists"+   ansible.builtin.stat:+     path: "/srv/git/saltbox/inventories/host_vars/localhost.yml"+   register: localhost_inventory_file+ + - name: "Resources | Tasks | Variables | Import Role Vars | Import Inventory variables"+   ansible.builtin.include_vars: "/srv/git/saltbox/inventories/host_vars/localhost.yml"+   when: localhost_inventory_file.stat.exists

added

roles/autoplow/defaults/main.yml

+ ##########################################################################+ # Title:         Saltbox: Autoplow | Default Variables                   #+ # Author(s):     salty                                                   #+ # URL:           https://github.com/saltyorg/Saltbox                     #+ # --                                                                     #+ ##########################################################################+ #                   GNU General Public License v3.0                      #+ ##########################################################################+ ---+ ################################+ # Basics+ ################################+ + autoplow_name: autoplow+ + ################################+ # Paths+ ################################+ + autoplow_path: "/srv/binaries/autoplow"+ autoplow_binary_path: "{{ autoplow_path }}/autoplow"+ autoplow_db_path: "/opt/autoplow"+ autoplow_db_file: "{{ autoplow_db_path }}/autoplow.db"+ autoplow_role_paths_folders_list:+   - "/srv/binaries"+   - "{{ autoplow_path }}"+   - "{{ autoplow_db_path }}"+ + ################################+ # Web+ ################################+ + autoplow_role_web_subdomain: "{{ autoplow_name }}"+ autoplow_role_web_domain: "{{ user.domain }}"+ autoplow_role_web_port: "{{ autoplow_port_lookup.meta.port }}"+ + ################################+ # GitHub+ ################################+ + autoplow_latest_releases_url: "{{ svm }}https://api.github.com/repos/saltyorg/autoplow/releases/latest"+ autoplow_latest_release_lookup_command: |+   curl -s {{ autoplow_latest_releases_url }} \+     | jq -r ".assets[] | select(.name | test(\"linux.*amd64\")) | .browser_download_url"+ + ################################+ # Systemd+ ################################+ + autoplow_service_name: "saltbox_managed_{{ autoplow_name }}"+ + ################################+ # Run Flags+ ################################+ + autoplow_run_flags_default:+   - "--port {{ autoplow_role_web_port }}"+   - "--bind 0.0.0.0"+   - "--db {{ autoplow_db_file }}"+   - "--allow-subnet 172.19.0.0/16"+ autoplow_run_flags_custom: []+ autoplow_run_flags: "{{ autoplow_run_flags_default + autoplow_run_flags_custom }}"+ + ################################+ # DNS+ ################################+ + autoplow_role_dns_record: "{{ autoplow_role_web_subdomain }}"+ autoplow_role_dns_zone: "{{ autoplow_role_web_domain }}"+ autoplow_role_dns_proxy: "{{ dns_proxied }}"+ + ################################+ # Traefik+ ################################+ + autoplow_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+ autoplow_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+ autoplow_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+ autoplow_role_traefik_enabled: true+ autoplow_role_traefik_api_enabled: true+ autoplow_role_traefik_api_endpoint: "PathPrefix(`/api`)"

added

roles/autoplow/tasks/main.yml

+ #########################################################################+ # Title:         Saltbox: Autoplow Role                                 #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Add DNS record+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"+   vars:+     dns_record: "{{ lookup('role_var', '_dns_record') }}"+     dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+     dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"+ + - name: Stop Service+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/systemd/stop_service.yml"+   vars:+     _service_name: "{{ autoplow_service_name }}"+ + - name: Get next available port within the range of '8300-8399'+   find_open_port:+     low_bound: 8300+     high_bound: 8399+     protocol: both+   register: autoplow_port_lookup+ + - name: Create directories+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"+ + - name: "Get URL for latest Autoplow release"+   ansible.builtin.shell: "{{ autoplow_latest_release_lookup_command }}"+   args:+     executable: /bin/bash+   register: autoplow_latest_download_url+   changed_when: false+ + - name: "Download Autoplow binary"+   ansible.builtin.get_url:+     url: "{{ autoplow_latest_download_url.stdout }}"+     dest: "{{ autoplow_binary_path }}"+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     mode: "0775"+     force: true+   register: x+   until: "x is not failed"+   retries: "{{ ansible_retry_count+             if (not continuous_integration)+             else ansible_retry_count_ci }}"+   delay: 10+ + - name: Import 'autoplow.yml' Traefik file provider+   ansible.builtin.template:+     src: "autoplow.yml.j2"+     dest: "{{ server_appdata_path }}/traefik/{{ autoplow_name }}.yml"+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     mode: "0644"+     force: true+ + - name: "Import '{{ autoplow_service_name }}.service'"+   ansible.builtin.template:+     src: autoplow.service.j2+     dest: "/etc/systemd/system/{{ autoplow_service_name }}.service"+     mode: "0644"+     force: true+ + - name: Start service+   ansible.builtin.systemd_service:+     name: "{{ autoplow_service_name }}"+     state: started+     enabled: true+     daemon_reload: true

added

roles/autoplow/templates/autoplow.service.j2

+ # /etc/systemd/system/{{ autoplow_service_name }}.service+ #########################################################################+ # Title:         Saltbox: Autoplow Service                              #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ + [Unit]+ Description=Autoplow+ After=network-online.target docker.service+ StartLimitIntervalSec=500s+ StartLimitBurst=5+ + [Service]+ User={{ user.name }}+ Group={{ user.name }}+ Type=simple+ WorkingDirectory={{ autoplow_path }}/+ ExecStart={{ autoplow_binary_path }} {{ autoplow_run_flags | join(' ') }}+ Restart=on-failure+ RestartSec=5s+ + [Install]+ WantedBy=default.target

added

roles/autoplow/templates/autoplow.yml.j2

+ http:+   routers:+     {{ autoplow_name }}-http:+       entryPoints:+         - "web"+       rule: "{{ traefik_host_template }}"+       middlewares:+         {{ traefik_default_middleware_http.split(',') | to_nice_yaml | trim | indent(8) }}+       service: "{{ autoplow_name }}"+ +     {{ autoplow_name }}:+       entryPoints:+         - "websecure"+       rule: "{{ traefik_host_template }}"+       middlewares:+         {{ traefik_middleware.split(',') | to_nice_yaml | trim | indent(8) }}+       service: "{{ autoplow_name }}"+       tls:+         options: securetls@file+         certResolver: {{ lookup('role_var', '_traefik_certresolver', role='autoplow') }}+ {% if lookup('role_var', '_traefik_api_enabled', role='autoplow') %}+ +     {{ autoplow_name }}-api-http:+       entryPoints:+         - "web"+       rule: "{{ traefik_host_template }} && ({{ lookup('role_var', '_traefik_api_endpoint', role='autoplow') }})"+       middlewares:+         {{ traefik_default_middleware_http_api.split(',') | to_nice_yaml | trim | indent(8) }}+       service: "{{ autoplow_name }}"+ +     {{ autoplow_name }}-api:+       entryPoints:+         - "websecure"+       rule: "{{ traefik_host_template }} && ({{ lookup('role_var', '_traefik_api_endpoint', role='autoplow') }})"+       middlewares:+         {{ traefik_default_middleware_api.split(',') | to_nice_yaml | trim | indent(8) }}+       service: "{{ autoplow_name }}"+       tls:+         options: securetls@file+         certResolver: {{ lookup('role_var', '_traefik_certresolver', role='autoplow') }}+ {% endif %}+ +   services:+     {{ autoplow_name }}:+       loadBalancer:+         servers:+           - url: "http://172.19.0.1:{{ lookup('role_var', '_web_port', role='autoplow') }}"

added

roles/backup/templates/backup_excludes_list.txt.j2

+ #########################################################################+ # Title:         Saltbox: Backup Excludes List                          #+ # Author(s):     desimaniac                                             #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ + {% for bazarr_instance in bazarr_instances | default(['bazarr']) %}+ ./{{ bazarr_instance }}/log/*+ {% endfor %}+ + ./cloudplow/cloudplow.log+ ./cloudplow/cloudplow.log.*+ ./cloudplow/locks/*+ + ./drive_strm/*.log*+ + {% for lidarr_instance in lidarr_instances | default(['lidarr']) %}+ ./{{ lidarr_instance }}/logs/*+ {% endfor %}+ + ./nvidia/*+ + {% for plex_instance in plex_instances | default(['plex']) %}+ ./{{ plex_instance }}/Library/Application Support/Plex Media Server/Cache/PhotoTranscoder/*+ ./{{ plex_instance }}/Library/Application Support/Plex Media Server/Cache/Transcode/*+ {% endfor %}+ + ./plex_autoscan/plex_autoscan.log+ ./plex_autoscan/plex_autoscan.log.*+ + ./plex_dupefinder/activity.log+ ./plex_dupefinder/decisions.log+ + ./python-plexlibrary/plexlibrary.log+ + {% for tautulli_instance in tautulli_instances | default(['tautulli']) %}+ ./{{ tautulli_instance }}/logs/*+ {% endfor %}+ + {% for radarr_instance in radarr_instances | default(['radarr']) %}+ ./{{ radarr_instance }}/logs/*+ {% endfor %}+ + {% for sonarr_instance in sonarr_instances | default(['sonarr']) %}+ ./{{ sonarr_instance }}/logs/*+ {% endfor %}+ + {% if backup_excludes_list_extra | default([]) | length > 0 %}+ {% for exclude_line in backup_excludes_list_extra %}+ {{ exclude_line }}+ {% endfor %}+ {% endif %}

added

roles/cloudplow_disable/tasks/main.yml

+ #########################################################################+ # Title:         Saltbox: Cloudplow Disable Role                        #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Delete Legacy Service+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/systemd/delete_service.yml"+   vars:+     _service_name: "{{ cloudplow_service_name_old }}"+ + - name: Delete Service+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/systemd/delete_service.yml"+   vars:+     _service_name: "{{ cloudplow_service_name }}"

added

roles/motd/tasks/subtasks/emby_info.yml

+ #########################################################################+ # Title:         Saltbox: MOTD | Build Emby Info                       #+ # Author(s):     salty                                                 #+ # URL:           https://github.com/saltyorg/Saltbox                   #+ # --                                                                   #+ #########################################################################+ #                   GNU General Public License v3.0                    #+ #########################################################################+ ---+ - name: Set 'emby_info' variable+   ansible.builtin.set_fact:+     emby_info: "{{ emby_info | default({}) | combine({emby_name: {'name': emby_name, 'url': lookup('role_var', '_web_url', role=emby_name), 'token': 'not installed'}}) }}"

added

roles/motd/tasks/subtasks/jellyfin_info.yml

+ #########################################################################+ # Title:         Saltbox: MOTD | Build Jellyfin Info                   #+ # Author(s):     salty                                                 #+ # URL:           https://github.com/saltyorg/Saltbox                   #+ # --                                                                   #+ #########################################################################+ #                   GNU General Public License v3.0                    #+ #########################################################################+ ---+ - name: Set 'jellyfin_info' variable+   ansible.builtin.set_fact:+     jellyfin_info: "{{ jellyfin_info | default({}) | combine({jellyfin_name: {'name': jellyfin_name, 'url': lookup('role_var', '_web_url', role=jellyfin_name), 'token': 'not installed'}}) }}"

added

roles/motd/tasks/subtasks/qbittorrent_info.yml

+ #########################################################################+ # Title:         Saltbox: MOTD | Build qBittorrent Info                 #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Set 'qbittorrent_info' variable+   ansible.builtin.set_fact:+     qbittorrent_info: "{{ qbittorrent_info | default({}) | combine({qbittorrent_name: {'name': qbittorrent_name, 'url': lookup('role_var', '_web_url', role=qbittorrent_name), 'username': user.name, 'password': user.pass}}) }}"

added

roles/postgres_host/defaults/main.yml

+ ##########################################################################+ # Title:         Saltbox: PostgreSQL | Default Variables                 #+ # Author(s):     salty                                                   #+ # URL:           https://github.com/saltyorg/Saltbox                     #+ # --                                                                     #+ ##########################################################################+ #                   GNU General Public License v3.0                      #+ ##########################################################################+ ---+ ################################+ # Basics+ ################################+ + # Supports any versions from https://wiki.postgresql.org/wiki/Apt+ # Each version is unique and you cannot specify the same version twice+ postgres_host_role_versions: ["17"]+ + ################################+ # Paths+ ################################+ + postgres_host_role_data_directory: "{{ server_appdata_path }}/postgresql"+ + ################################+ # Superuser+ ################################+ + postgres_host_role_create_root_superuser: true+ postgres_host_role_root_superuser_name: "root"+ postgres_host_role_root_superuser_password: "password4321"+ + ################################+ # Per-Version Configuration+ ################################+ + # Example:+ # postgres_host_role_config:+ #   "16":+ #     allowed_hosts:+ #       - "172.19.0.0/16"+ #       - "10.0.0.0/8"+ #     auth_method: "md5"+ #     users:+ #       - name: "app_user"+ #         password: "password1"+ #       - name: "app_user2"+ #         password: "password2"+ #     databases:+ #       - name: "app_database"+ #         users:+ #           - "app_user"+ #           - "app_user2"+ #       - name: "metrics_db"+ #         users:+ #           - "app_user"+ #   "17":+ #     allowed_hosts:+ #       - "172.19.0.0/16"+ #     auth_method: "scram-sha-256"+ #     users:+ #       - name: "app_user3"+ #         password: "password3"+ #     databases:+ #       - name: "new_app_database"+ #         users:+ #           - "app_user3"+ postgres_host_role_config: {}+ + ################################+ # Access Control+ ################################+ + postgres_host_role_allowed_hosts:+   - "172.19.0.0/16"+ + postgres_host_role_auth_method: "scram-sha-256"+ + ################################+ # User & Database Configuration+ ################################+ + postgres_host_role_users:+   - name: "{{ user.name }}"+     password: "{{ user.pass }}"+ + postgres_host_role_databases:+   - name: "saltbox"+     users: ["{{ user.name }}"]

added

roles/postgres_host/tasks/main.yml

+ #########################################################################+ # Title:         Saltbox: PostgreSQL Host Role                          #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Update apt cache+   ansible.builtin.apt:+     update_cache: true+ + - name: Install postgresql-common+   ansible.builtin.apt:+     name: postgresql-common+     state: latest+ + - name: Run PGDG script+   ansible.builtin.command: /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y+   args:+     creates: /etc/apt/sources.list.d/pgdg.list+ + - name: Create PostgreSQL data directory+   ansible.builtin.file:+     path: "{{ postgres_host_role_data_directory }}"+     state: directory+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     mode: '0755'+ + - name: Create symlink for entire PostgreSQL directory+   ansible.builtin.file:+     src: "{{ postgres_host_role_data_directory }}"+     dest: "/etc/postgresql"+     state: link+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     follow: false+     force: true+ + - name: Install PostgreSQL packages for specified versions+   ansible.builtin.apt:+     name: "postgresql-{{ item }}"+     state: latest+   loop: "{{ postgres_host_role_versions }}"+ + - name: Discover existing PostgreSQL clusters+   ansible.builtin.shell: |+     pg_lsclusters --no-header | awk '{print $1":"$2":"$3}'+   register: existing_clusters+   changed_when: false+   failed_when: false+ + - name: Parse cluster information+   ansible.builtin.set_fact:+     postgres_cluster_info: "{{ postgres_cluster_info | default([]) + [{'version': item.split(':')[0], 'name': item.split(':')[1], 'port': item.split(':')[2]}] }}"+   loop: "{{ existing_clusters.stdout_lines | default([]) }}"+   when: (existing_clusters.stdout_lines is defined)+ + - name: Find all PostgreSQL services+   ansible.builtin.shell: |+     systemctl list-units --type=service --state=loaded --no-legend | grep postgresql | awk '{print $1}'+   register: postgres_services+   changed_when: false+   failed_when: false+ + - name: Stop and disable unspecified PostgreSQL versions+   ansible.builtin.systemd:+     name: "{{ item }}"+     state: stopped+     enabled: false+   loop: "{{ postgres_services.stdout_lines }}"+   when:+     - postgres_services.stdout_lines is defined+     - item != "postgresql.service"+     - item not in (postgres_host_role_versions | map('regex_replace', '^(.*)$', 'postgresql@\\1-main.service') | list)+   failed_when: false+ + - name: Check if default clusters exist+   ansible.builtin.stat:+     path: "/var/lib/postgresql/{{ item }}/main"+   register: default_clusters_exist+   loop: "{{ postgres_host_role_versions }}"+ + - name: Stop default clusters if they exist+   ansible.builtin.command: >+     pg_ctlcluster {{ item.item }} main stop+   loop: "{{ default_clusters_exist.results }}"+   become: true+   become_user: "{{ user.name }}"+   when: item.stat.exists+   failed_when: false+ + - name: Remove default clusters if they exist+   ansible.builtin.command: >+     pg_dropcluster {{ item.item }} main+   loop: "{{ default_clusters_exist.results }}"+   become: true+   become_user: "{{ user.name }}"+   when: item.stat.exists+   failed_when: false+ + - name: Check if clusters are already configured+   ansible.builtin.shell: |+     pg_lsclusters --no-header | grep "^{{ item }}\s\+main" || echo "not_found"+   register: clusters_configured+   loop: "{{ postgres_host_role_versions }}"+   become: true+   become_user: "{{ user.name }}"+   changed_when: false+   failed_when: false+ + - name: Update port in postgresql.conf for existing clusters+   ansible.builtin.lineinfile:+     path: "{{ postgres_host_role_data_directory }}/{{ item }}/main/postgresql.conf"+     regexp: "^#?port ="+     line: "port = {{ postgres_port_assignments[item] }}"+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     mode: '0644'+   loop: "{{ postgres_host_role_versions }}"+   when: postgres_port_assignments[item] is defined+ + - name: Create clusters with custom data directory and user+   ansible.builtin.command: >+     pg_createcluster {{ item.item }} main+     --datadir={{ postgres_host_role_data_directory }}/{{ item.item }}/data+     --user={{ user.name }}+     --port={{ postgres_port_assignments[item.item] }}+   loop: "{{ clusters_configured.results }}"+   become: true+   become_user: "{{ user.name }}"+   when: ('not_found' in item.stdout)+ + - name: Create systemd override directory for PostgreSQL service+   ansible.builtin.file:+     path: "/etc/systemd/system/postgresql@.service.d"+     state: directory+     owner: root+     group: root+     mode: '0755'+ + - name: Create systemd override for PostgreSQL service+   ansible.builtin.copy:+     content: |+       [Service]+       User={{ user.name }}+       Group={{ user.name }}+ +       # Ensure runtime directory exists and has correct ownership+       ExecStartPre=+/bin/mkdir -p /var/run/postgresql+       ExecStartPre=+/bin/chown -R {{ user.name }}:{{ user.name }} /var/run/postgresql+       ExecStartPre=+/bin/chmod 0775 /var/run/postgresql+ +       # Ensure log directory has correct ownership+       ExecStartPre=+/bin/mkdir -p /var/run/postgresql+       ExecStartPre=+/bin/chown -R {{ user.name }}:{{ user.name }} /var/log/postgresql+     dest: "/etc/systemd/system/postgresql@.service.d/override.conf"+     owner: root+     group: root+     mode: '0644'+   register: postgres_systemd_override+ + - name: Reload systemd daemon after override changes+   ansible.builtin.systemd:+     daemon_reload: true+   when: postgres_systemd_override.changed+ + - name: Calculate desired port assignments based on version order+   ansible.builtin.set_fact:+     postgres_port_assignments: "{{ postgres_port_assignments | default({}) | combine({item: (5432 + my_idx)}) }}"+   loop: "{{ postgres_host_role_versions }}"+   loop_control:+     index_var: my_idx+ + - name: Stop all PostgreSQL services before port validation+   ansible.builtin.systemd:+     name: "postgresql@{{ item }}-main"+     state: stopped+   loop: "{{ postgres_host_role_versions }}"+   failed_when: false+ + - name: Stop generic PostgreSQL service+   ansible.builtin.systemd:+     name: postgresql+     state: stopped+   failed_when: false+ + - name: Check if desired ports are available+   ansible.builtin.wait_for:+     port: "{{ postgres_port_assignments[item] }}"+     host: "127.0.0.1"+     state: stopped+     timeout: 1+   loop: "{{ postgres_host_role_versions }}"+   register: port_check_results+   failed_when: false+ + - name: Fail if any desired ports are not available+   ansible.builtin.fail:+     msg: "Port {{ postgres_port_assignments[item] }} for PostgreSQL version {{ item }} is not available (in use by another service)"+   loop: "{{ postgres_host_role_versions }}"+   loop_control:+     index_var: port_idx+   when: port_check_results.results[port_idx].failed+ + - name: Start PostgreSQL services with correct port assignments+   ansible.builtin.systemd:+     name: "postgresql@{{ item }}-main"+     state: started+     enabled: true+   loop: "{{ postgres_host_role_versions }}"+ + - name: Ensure generic PostgreSQL service is enabled+   ansible.builtin.systemd:+     name: postgresql+     enabled: true+ + - name: Rediscover PostgreSQL clusters after setup+   ansible.builtin.shell: |+     pg_lsclusters --no-header | awk '{print $1":"$2":"$3":"$4}'+   register: updated_clusters+   changed_when: false+   failed_when: false+ + - name: Parse updated cluster information+   ansible.builtin.set_fact:+     postgres_active_clusters: "{{ postgres_active_clusters | default([]) + [{'version': item.split(':')[0], 'name': item.split(':')[1], 'port': item.split(':')[2], 'status': item.split(':')[3]}] }}"+   loop: "{{ updated_clusters.stdout_lines | default([]) }}"+   when:+     - (updated_clusters.stdout_lines is defined)+     - (item.split(':')[0] in postgres_host_role_versions)+ + - name: Setup databases and users for each PostgreSQL version+   ansible.builtin.include_tasks: setup_version.yml+   vars:+     postgres_version: "{{ postgres_item }}"+     cluster_port: "{{ postgres_port_assignments[postgres_item] }}"+   loop: "{{ postgres_host_role_versions | unique }}"+   loop_control:+     loop_var: "postgres_item"

added

roles/postgres_host/tasks/setup_version.yml

+ #########################################################################+ # Title:         Saltbox: PostgreSQL Host Role                          #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Set version-specific configuration for version {{ postgres_version }}+   ansible.builtin.set_fact:+     version_users: "{{ postgres_host_role_config[postgres_version].users | default(postgres_host_role_users) }}"+     version_databases: "{{ postgres_host_role_config[postgres_version].databases | default(postgres_host_role_databases) }}"+     version_allowed_hosts: "{{ postgres_host_role_config[postgres_version].allowed_hosts | default(postgres_host_role_allowed_hosts) }}"+     version_auth_method: "{{ postgres_host_role_config[postgres_version].auth_method | default(postgres_host_role_auth_method) }}"+ + - name: Add allowed hosts to pg_hba.conf for version {{ postgres_version }}+   ansible.builtin.blockinfile:+     path: "{{ postgres_host_role_data_directory }}/{{ postgres_version }}/main/pg_hba.conf"+     marker: "### SALTBOX MANAGED BLOCK - {mark} ###"+     block: |+       {% for host in version_allowed_hosts %}+       # Allow connections from {{ host }}+       host    all             all             {{ "%-18s" | format(host) }}      {{ version_auth_method }}+       {% endfor %}+     owner: "{{ user.name }}"+     group: "{{ user.name }}"+     mode: '0640'+ + - name: Create default user database for version {{ postgres_version }}+   community.postgresql.postgresql_db:+     name: "{{ user.name }}"+     state: present+     login_port: "{{ cluster_port }}"+     login_user: "{{ user.name }}"+   become: true+   become_user: "{{ user.name }}"+ + - name: Create root superuser for version {{ postgres_version }}+   community.postgresql.postgresql_user:+     name: "{{ postgres_host_role_root_superuser_name }}"+     password: "{{ postgres_host_role_root_superuser_password }}"+     role_attr_flags: SUPERUSER,CREATEDB,CREATEROLE+     state: present+     login_port: "{{ cluster_port }}"+     login_user: "{{ user.name }}"+   become: true+   become_user: "{{ user.name }}"+   no_log: true+   when: (postgres_host_role_create_root_superuser | bool)+ + - name: Create PostgreSQL users for version {{ postgres_version }}+   community.postgresql.postgresql_user:+     name: "{{ item.name }}"+     password: "{{ item.password }}"+     state: present+     login_port: "{{ cluster_port }}"+     login_user: "{{ user.name }}"+   loop: "{{ version_users }}"+   become: true+   become_user: "{{ user.name }}"+   no_log: true+   when: (version_users | length > 0)+ + - name: Create PostgreSQL databases for version {{ postgres_version }}+   community.postgresql.postgresql_db:+     name: "{{ item.name }}"+     state: present+     login_port: "{{ cluster_port }}"+     login_user: "{{ user.name }}"+   loop: "{{ version_databases }}"+   become: true+   become_user: "{{ user.name }}"+   when: (version_databases | length > 0)+ + - name: Grant database privileges to users for version {{ postgres_version }}+   community.postgresql.postgresql_privs:+     login_db: "{{ item.0.name }}"+     roles: "{{ item.1 }}"+     privs: ALL+     type: database+     state: present+     login_port: "{{ cluster_port }}"+     login_user: "{{ user.name }}"+   loop: "{{ version_databases | subelements('users', skip_missing=True) }}"+   become: true+   become_user: "{{ user.name }}"+   when: (version_databases | length > 0)

added

roles/pre_tasks/defaults/main.yml

+ ##########################################################################+ # Title:         Saltbox: pre_tasks | Default Variables                  #+ # Author(s):     salty                                                   #+ # URL:           https://github.com/saltyorg/Saltbox                     #+ # --                                                                     #+ ##########################################################################+ #                   GNU General Public License v3.0                      #+ ##########################################################################+ ---+ pre_tasks_saltbox_mod_location: "{{ server_appdata_path }}/saltbox_mod"

added

roles/timescaledb/defaults/main.yml

+ ##########################################################################+ # Title:         Saltbox: TimescaleDB | Default Variables                #+ # Author(s):     salty                                                   #+ # URL:           https://github.com/saltyorg/Saltbox                     #+ # --                                                                     #+ ##########################################################################+ #                   GNU General Public License v3.0                      #+ ##########################################################################+ ---+ ################################+ # Basics+ ################################+ + timescaledb_instances: ["timescaledb"]+ + ################################+ # Settings+ ################################+ + timescaledb_role_docker_env_password: "password4321"+ timescaledb_role_docker_env_user: "{{ user.name }}"+ timescaledb_role_docker_env_db: "saltbox"+ + # Do not edit or override using the inventory+ timescaledb_role_docker_env_password_include: ""+ # Do not edit or override using the inventory+ timescaledb_role_docker_env_user_include: ""+ # Do not edit or override using the inventory+ timescaledb_role_docker_env_password_effective: "{{ timescaledb_role_docker_env_password_include+                                                 if (timescaledb_role_docker_env_password_include | length > 0)+                                                 else lookup('role_var', '_docker_env_password', role='timescaledb') }}"+ # Do not edit or override using the inventory+ timescaledb_role_docker_env_user_effective: "{{ timescaledb_role_docker_env_user_include+                                             if (timescaledb_role_docker_env_user_include | length > 0)+                                             else lookup('role_var', '_docker_env_user', role='timescaledb') }}"+ + ################################+ # Paths+ ################################+ + timescaledb_role_paths_folder: "{{ timescaledb_name }}"+ timescaledb_role_paths_location: "{{ server_appdata_path }}/{{ timescaledb_role_paths_folder }}"+ timescaledb_role_paths_folders_list:+   - "{{ timescaledb_role_paths_location }}"+ + ################################+ # Docker+ ################################+ + # Container+ timescaledb_role_docker_container: "{{ timescaledb_name }}"+ + # Image+ timescaledb_role_docker_image_pull: true+ timescaledb_role_docker_image_tag: "pg18-all-amd64"+ timescaledb_role_docker_image_repo: "timescale/timescaledb-ha"+ timescaledb_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='timescaledb') }}:{{ lookup('role_var', '_docker_image_tag', role='timescaledb') }}"+ + # Envs+ timescaledb_role_docker_envs_default:+   TZ: "{{ tz }}"+   PGDATA: "/pgdata"+   POSTGRES_PASSWORD: "{{ timescaledb_role_docker_env_password_effective }}"+   POSTGRES_USER: "{{ timescaledb_role_docker_env_user_effective }}"+   POSTGRES_DB: "{{ lookup('role_var', '_docker_env_db', role='timescaledb', default=timescaledb_role_docker_env_db) }}"+ timescaledb_role_docker_envs_custom: {}+ timescaledb_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='timescaledb')+                                   | combine(lookup('role_var', '_docker_envs_custom', role='timescaledb')) }}"+ + # Volumes+ timescaledb_role_docker_volumes_default:+   - "{{ timescaledb_role_paths_location }}:/pgdata"+   - "/etc/passwd:/etc/passwd:ro"+ timescaledb_role_docker_volumes_custom: []+ timescaledb_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='timescaledb')+                                      + lookup('role_var', '_docker_volumes_custom', role='timescaledb') }}"+ + # Hostname+ timescaledb_role_docker_hostname: "{{ timescaledb_name }}"+ + # Networks+ timescaledb_role_docker_networks_alias: "{{ timescaledb_name }}"+ timescaledb_role_docker_networks_default: []+ timescaledb_role_docker_networks_custom: []+ timescaledb_role_docker_networks: "{{ docker_networks_common+                                       + lookup('role_var', '_docker_networks_default', role='timescaledb')+                                       + lookup('role_var', '_docker_networks_custom', role='timescaledb') }}"+ + # Restart Policy+ timescaledb_role_docker_restart_policy: unless-stopped+ + # State+ timescaledb_role_docker_state: started+ + # User+ timescaledb_role_docker_user: "{{ uid }}:{{ gid }}"+ + # SHM size+ timescaledb_role_docker_shm_size: "128M"

added

roles/timescaledb/tasks/main.yml

+ #########################################################################+ # Title:         Saltbox: TimescaleDB Role                              #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: "Execute TimescaleDB roles"+   ansible.builtin.include_tasks: main2.yml+   vars:+     timescaledb_name: "{{ instance }}"+   with_items: "{{ timescaledb_instances }}"+   loop_control:+     loop_var: instance

added

roles/timescaledb/tasks/main2.yml

+ #########################################################################+ # Title:         Saltbox: TimescaleDB Role                              #+ # Author(s):     salty                                                  #+ # URL:           https://github.com/saltyorg/Saltbox                    #+ # --                                                                    #+ #########################################################################+ #                   GNU General Public License v3.0                     #+ #########################################################################+ ---+ - name: Remove existing Docker container+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"+ + - name: Create directories+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"+ + - name: Create Docker container+   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"+ + - name: Sleep for 30 seconds+   ansible.builtin.wait_for:+     timeout: 30

added

roles/traefik_template/templates/docker-compose.yml.j2

+ ---+ services:+   {{ traefik_template_name }}:+     container_name: {{ traefik_template_name }}+     environment: # Change this as needed for your image+       PUID: "{{ uid }}"+       PGID: "{{ gid }}"+       TZ: "{{ tz }}"+     hostname: {{ traefik_template_name }}+     image: your_image:your_tag+     labels:+ {% for key, value in docker_labels_common | dictsort %}+       {{ key }}: {{ value }}+ {% endfor %}+ {% if ((service_gluetun_enabled.user_input | lower) | bool) %}+     network_mode: {{ traefik_template_role_docker_network_mode }}+ {% else %}+     networks:+       - saltbox+ {% endif %}+     restart: unless-stopped+     volumes: # Change this as needed for your image+       - {{ server_appdata_path }}/{{ traefik_template_name }}:/config+       - /etc/localtime:/etc/localtime:ro+ + {% if not ((service_gluetun_enabled.user_input | lower) | bool) %}+ networks:+   saltbox:+     external: true+ {% endif %}

added

scripts/saltbox-defaults-linter.py

+ #!/usr/bin/env python3+ """+ Saltbox Role Defaults Linter+ Enforces Saltbox formatting rules for role defaults/main.yml files+ + Rules:+ 1. Operator Alignment: | and + operators must align with first character after "{{+    - Standard: All operators align with base position (first char after "{{ )+    - Exception: When 'else' is followed by content on a new line that continues,+      subsequent operators within that else branch align with content after 'else '+    - Context resets when if/else blocks close (marked by )) or )))+ + 2. If/Else Alignment: if and else keywords must align vertically within {{ }} brackets+ """+ + import re+ import sys+ from pathlib import Path+ from typing import List+ + + class LintError:+     """Represents a single linting error"""+ +     def __init__(self, file: str, line: int, message: str, repo_url: str = None, commit_sha: str = None):+         self.file = file+         self.line = line+         self.message = message+         self.repo_url = repo_url+         self.commit_sha = commit_sha+ +     def to_github_annotation(self) -> str:+         """+         Format error as GitHub Actions annotation+ +         Includes a clickable link to the file at the specific commit in the message,+         since GitHub's default annotation links only point to the commit page+         (which doesn't show the file if it wasn't modified in that commit).+         """+         # Build GitHub blob URL if we have repo and commit info+         if self.repo_url and self.commit_sha:+             # Format: https://github.com/owner/repo/blob/commit_sha/path/to/file.yml#L123+             github_link = f"{self.repo_url}/blob/{self.commit_sha}/{self.file}#L{self.line}"+             message_with_link = f"{self.message} - {github_link}"+         else:+             message_with_link = self.message+ +         return f"::error file={self.file},line={self.line}::{message_with_link}"+ +     def __str__(self) -> str:+         return f"{self.file}:{self.line} - {self.message}"+ + + class DefaultsLinter:+     """Lints a single defaults/main.yml file"""+ +     def __init__(self, file_path: Path, repo_url: str = None, commit_sha: str = None):+         self.file_path = file_path+         self.repo_url = repo_url+         self.commit_sha = commit_sha+         self.lines = file_path.read_text().splitlines()+         self.errors: List[LintError] = []+ +     def check_operator_alignment(self):+         """+         Rule 1: Check | and + operators align with first character after '{{ '+ +         Standard alignment - all operators at base position:+             sonarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='sonarr')+                                          | combine(lookup('role_var', '_docker_envs_custom', role='sonarr')) }}"+                                          ^ Aligns with 'l' in lookup (position after "{{ )+ +         Multiple operators - all at same base position:+             wikijs_role_docker_networks: "{{ docker_networks_common+                                              + lookup('role_var', '_docker_networks_default', role='wikijs')+                                              + lookup('role_var', '_docker_networks_custom', role='wikijs') }}"+                                              ^ All + align with 'd' in docker_networks_common+ +         Exception - else with continuing content creates new context:+             dozzle_role_docker_commands: "{{ lookup('role_var', '_docker_commands_agent', role='dozzle')+                                              + lookup('role_var', '_docker_commands_default', role='dozzle')+                                           if lookup('role_var', '_agent_mode', role='dozzle')+                                           else lookup('role_var', '_docker_commands_default', role='dozzle')+                                                + lookup('role_var', '_docker_commands_custom', role='dozzle') }}"+                                                ^ This + aligns with 'l' in lookup after 'else ', not with base+ +         Inline if/else (no context change):+             traefik_role_docker_labels: "{{ docker_labels_saltbox+                                             | combine((lookup('role_var', '_docker_labels_http', role='traefik')+                                                       if traefik_http+                                                       else lookup('role_var', '_docker_labels_dns', role='traefik')))+                                             | combine(lookup('role_var', '_docker_labels_custom', role='traefik')) }}"+                                             ^ All | remain at base position - inline if/else doesn't change context+         """+         i = 0+         while i < len(self.lines):+             curr_line = self.lines[i]+ +             # Match variable definitions starting multi-line Jinja expressions+             # Pattern: variable_name: "{{ <content>+             match = re.match(r'^([a-z_]+): "{{ (.+)', curr_line)+ +             # Only process if:+             # 1. Line matches pattern+             # 2. Line doesn't end with }} (multi-line expression)+             if match and '}}' not in curr_line:+                 var_name = match.group(1)+ +                 # This is the start of a multi-line expression+                 # Track the expected alignment position for continuation lines+                 expected_alignment = len(curr_line.split('"{{')[0] + '"{{ ')+ +                 # Now check all continuation lines until we hit }}+                 j = i + 1+                 # Track alignment context - changes when we encounter 'else' with content+                 # and resets when if/else blocks close+                 current_alignment = expected_alignment+                 in_else_context = False+ +                 while j < len(self.lines):+                     continuation_line = self.lines[j]+ +                     # Check if this line closes an if/else block (ends with )) or }))+                     # This resets alignment context back to base+                     if in_else_context and re.search(r'\)\)(?:\)|$)', continuation_line.rstrip()):+                         current_alignment = expected_alignment+                         in_else_context = False+ +                     # Check if this line starts with 'else' followed by content that continues+                     # This creates a new alignment context for subsequent operators+                     # Pattern: else followed by lookup/variable (not just closing like '])')+                     # BUT: only if the else block doesn't close on the same line+                     else_match = re.match(r'^(\s+)else (lookup|[a-z_]+)', continuation_line)+                     if else_match:+                         # Check if this line also closes the if/else block (contains )))+                         # If so, don't set a persistent context+                         closes_immediately = re.search(r'\)\)\)', continuation_line)+ +                         if not closes_immediately:+                             # New alignment context: content after 'else '+                             # Only persists if the line doesn't close the block+                             current_alignment = len(else_match.group(1)) + len('else ')+                             in_else_context = True+ +                     # Check if this line has an operator+                     op_match = re.match(r'^(\s+)([|+]) ', continuation_line)+ +                     if op_match:+                         actual_spaces = len(op_match.group(1))+                         operator = op_match.group(2)+ +                         # Use current alignment context (changes after 'else', resets after closing parens)+                         expected_spaces = current_alignment+ +                         if actual_spaces != expected_spaces:+                             diff = actual_spaces - expected_spaces+ +                             # Get relative path for GitHub annotation+                             try:+                                 relative_path = str(self.file_path.relative_to(Path.cwd()))+                             except ValueError:+                                 relative_path = str(self.file_path)+ +                             self.errors.append(LintError(+                                 file=relative_path,+                                 line=j + 1,  # Convert to 1-indexed+                                 message=f"[operator-alignment] Variable '{var_name}': Operator '{operator}' at column {actual_spaces}, expected {expected_spaces} (off by {diff:+d})",+                                 repo_url=self.repo_url,+                                 commit_sha=self.commit_sha+                             ))+ +                     # Stop if we've reached the end of the Jinja block+                     if '}}' in continuation_line:+                         break+ +                     j += 1+ +                 # Skip ahead past the multi-line block we just processed+                 i = j+ +             i += 1+ +     def check_ifelse_alignment(self):+         """+         Rule 2: Check if/else keywords align within same {{ }} brackets+ +         Example:+             variable: "{{ value+                        if condition+                        else other_value }}"+                        ^ if and else must align vertically+         """+         in_multiline_jinja = False+         jinja_lines = []+         jinja_start_line = 0+ +         for i, line in enumerate(self.lines, 1):+             # Detect start of multi-line Jinja expression+             if '"{{' in line and '}}' not in line:+                 in_multiline_jinja = True+                 jinja_lines = [line]+                 jinja_start_line = i+ +             elif in_multiline_jinja:+                 jinja_lines.append(line)+ +                 # Check if we've reached the end of the Jinja block+                 if '}}' in line:+                     # Find lines containing 'if' and 'else'+                     if_lines = [l for l in jinja_lines if ' if ' in l or l.strip().startswith('if ')]+                     else_lines = [l for l in jinja_lines if ' else ' in l or l.strip().startswith('else ')]+ +                     # Only check if both if and else exist in the same block+                     if if_lines and else_lines:+                         # Find indentation of 'if' and 'else' keywords+                         if_indent = None+                         else_indent = None+ +                         for l in jinja_lines:+                             if ' if ' in l:+                                 # Calculate column position where 'if' appears+                                 if_indent = len(l) - len(l.lstrip())+                             if ' else ' in l or l.strip().startswith('else '):+                                 else_indent = len(l) - len(l.lstrip())+ +                         # Check if if and else align+                         if if_indent is not None and else_indent is not None:+                             if if_indent != else_indent:+                                 diff = else_indent - if_indent+                                 # Get relative path for GitHub annotation+                                 try:+                                     relative_path = str(self.file_path.relative_to(Path.cwd()))+                                 except ValueError:+                                     relative_path = str(self.file_path)+ +                                 self.errors.append(LintError(+                                     file=relative_path,+                                     line=jinja_start_line,+                                     message=f"[ifelse-alignment] 'if' at column {if_indent} doesn't align with 'else' at column {else_indent} (off by {diff:+d})",+                                     repo_url=self.repo_url,+                                     commit_sha=self.commit_sha+                                 ))+ +                     # Reset state+                     in_multiline_jinja = False+                     jinja_lines = []+ +     def lint(self) -> List[LintError]:+         """Run all lint checks and return list of errors"""+         self.check_operator_alignment()+         self.check_ifelse_alignment()+         return self.errors+ + + def main():+     """Main entry point for the linter"""+     import os+ +     if len(sys.argv) < 2:+         print("Usage: python3 saltbox-defaults-linter.py <roles_directory>")+         print("\nExample:")+         print("  python3 saltbox-defaults-linter.py roles/")+         sys.exit(1)+ +     roles_dir = Path(sys.argv[1])+ +     if not roles_dir.exists():+         print(f"Error: Directory '{roles_dir}' does not exist")+         sys.exit(1)+ +     if not roles_dir.is_dir():+         print(f"Error: '{roles_dir}' is not a directory")+         sys.exit(1)+ +     # Get GitHub repo and commit info from environment variables (set by GitHub Actions)+     # GITHUB_REPOSITORY format: "owner/repo"+     # GITHUB_SHA: commit SHA that triggered the workflow+     github_repo = os.environ.get('GITHUB_REPOSITORY')+     github_sha = os.environ.get('GITHUB_SHA')+ +     # Build full repo URL if we have the repository name+     repo_url = f"https://github.com/{github_repo}" if github_repo else None+ +     all_errors = []+     files_checked = 0+ +     # Find and lint all defaults/main.yml files+     for defaults_file in sorted(roles_dir.glob("*/defaults/main.yml")):+         linter = DefaultsLinter(defaults_file, repo_url=repo_url, commit_sha=github_sha)+         errors = linter.lint()+         all_errors.extend(errors)+         files_checked += 1+ +     # Output results+     if all_errors:+         print(f"❌ Found {len(all_errors)} formatting error(s) in {files_checked} file(s):\n")+         for error in all_errors:+             print(error.to_github_annotation())+         print(f"\nTotal: {len(all_errors)} error(s)")+         sys.exit(1)+     else:+         print(f"✅ All {files_checked} role defaults files pass formatting checks")+         sys.exit(0)+ + + if __name__ == "__main__":+     main()

removed

resources/roles/dns/files/fetch_cloudflare_records.py

- import argparse- import cloudflare- from cloudflare import Cloudflare- import json- import sys- import datetime- from typing import List, cast- - - class CustomJSONEncoder(json.JSONEncoder):-     def default(self, obj):-         if isinstance(obj, datetime.datetime):-             return obj.strftime('%Y-%m-%dT%H:%M:%S.%fZ')-         return json.JSONEncoder.default(self, obj)- - - def fetch_dns_records(client: Cloudflare, zone_id: str, record_name: str) -> list:-     try:-         records = client.dns.records.list(zone_id=zone_id, name=record_name).to_dict()-         results = cast(List[dict], records["result"])-         return results-     except cloudflare.APIConnectionError as e:-         print(f'Error fetching DNS records: {e}', file=sys.stderr)-         raise-     except Exception as e:-         print(f'Unexpected error: {e}', file=sys.stderr)-         raise- - - def get_zone_id(client: Cloudflare, zone_name: str) -> str:-     try:-         zone = client.zones.list(name=zone_name)-         if len(zone.result) == 0:-             raise ValueError(f'Specified zone: {zone_name} was not found')-         return zone.result[0].id-     except cloudflare.APIConnectionError as e:-         print(f'Error fetching zone ID: {e}', file=sys.stderr)-         raise-     except Exception as e:-         print(f'Unexpected error: {e}', file=sys.stderr)-         raise- - - def main():-     parser = argparse.ArgumentParser(-         prog='Saltbox Cloudflare Helper',-         description='Parses Cloudflare Zone Records',-         epilog='')- -     parser.add_argument('--auth_key', required=True, help='API key for Cloudflare')-     parser.add_argument('--auth_email', required=True, help='Email associated with Cloudflare account')-     parser.add_argument('--zone_name', required=True, help='Name of the Cloudflare zone')-     parser.add_argument('--record', required=True, help='DNS record to fetch')- -     args = parser.parse_args()- -     cf = Cloudflare(api_email=args.auth_email, api_key=args.auth_key)- -     try:-         zone_id = get_zone_id(cf, args.zone_name)-         print(json.dumps(fetch_dns_records(cf, zone_id, args.record), cls=CustomJSONEncoder))-     except ValueError as e:-         print(f'Error: {e}', file=sys.stderr)-         exit(1)-     except Exception as e:-         print(f'Failed to fetch DNS records: {e}', file=sys.stderr)-         exit(1)- -     exit(0)- - - if __name__ == '__main__':-     main()

removed

resources/roles/dns/files/requirements.txt

- requests==2.32.5- cloudflare==4.3.1

removed

resources/roles/dns/tasks/cloudflare/subtasks/checksum.yml

- #########################################################################- # Title:         Saltbox: DNS | Cloudflare | Checksum                   #- # Author(s):     salty                                                  #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Cloudflare | Checksum | Get 'fetch_cloudflare_records.py' checksum-   ansible.builtin.stat:-     path: "{{ resources_path }}/roles/dns/files/fetch_cloudflare_records.py"-     checksum_algorithm: sha256-   register: repo_fetch_cloudflare_records_py_checksum- - - name: Cloudflare | Checksum | Get 'requirements.txt' checksum-   ansible.builtin.stat:-     path: "{{ resources_path }}/roles/dns/files/requirements.txt"-     checksum_algorithm: sha256-   register: repo_requirements_txt_checksum- - - name: Cloudflare | Checksum | Get installed 'fetch_cloudflare_records.py' checksum-   ansible.builtin.stat:-     path: "{{ cloudflare_path }}/fetch_cloudflare_records.py"-     checksum_algorithm: sha256-   register: installed_fetch_cloudflare_records_py_checksum- - - name: Cloudflare | Checksum | Get installed 'requirements.txt' checksum-   ansible.builtin.stat:-     path: "{{ cloudflare_path }}/requirements.txt"-     checksum_algorithm: sha256-   register: installed_requirements_txt_checksum- - - name: Cloudflare | Checksum | Check for updates-   ansible.builtin.set_fact:-     cloudflare_reinstall: true-   when: (not installed_fetch_cloudflare_records_py_checksum.stat.exists) or-         (not installed_requirements_txt_checksum.stat.exists) or-         (repo_fetch_cloudflare_records_py_checksum.stat.checksum != installed_fetch_cloudflare_records_py_checksum.stat.checksum) or-         (repo_requirements_txt_checksum.stat.checksum != installed_requirements_txt_checksum.stat.checksum)

removed

resources/roles/dns/tasks/cloudflare/subtasks/python.yml

- #########################################################################- # Title:         Saltbox: DNS | Cloudflare | Python                     #- # Author(s):     salty                                                  #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Cloudflare | Python | Verify Python {{ cloudflare_python_version }} installation"-   ansible.builtin.command: "{{ python_bin }} python find {{ cloudflare_python_version }} --managed-python"-   register: cloudflare_uv_python_path-   changed_when: false-   failed_when: false-   environment: "{{ python_environment }}"-   become: true-   become_user: "{{ user.name }}"- - - name: "Cloudflare | Python | Check if Python needs upgrading"-   ansible.builtin.set_fact:-     cloudflare_reinstall: "{{ (cloudflare_uv_python_path.rc != 0)-                               or (cloudflare_folder_symlink.stat.lnk_target is defined-                                  and (cloudflare_folder_symlink.stat.lnk_target != cloudflare_uv_python_path.stdout)) }}"

removed

resources/roles/dns/tasks/cloudflare/subtasks/setup.yml

- #########################################################################- # Title:         Saltbox: DNS | Cloudflare | Setup                      #- # Author(s):     salty                                                  #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Cloudflare | Setup | Setup venv block-   block:-     - name: Cloudflare | Setup | Cleanup folder-       ansible.builtin.file:-         path: "{{ cloudflare_path }}"-         state: absent- -     - name: Cloudflare | Setup | Create directory-       ansible.builtin.file:-         path: "{{ cloudflare_path }}"-         state: directory-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0775"-         recurse: true- -     - name: Cloudflare | Setup | Import Cloudflare files-       ansible.builtin.copy:-         src: "{{ item }}"-         force: true-         dest: "{{ cloudflare_path }}/{{ item | basename }}"-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0664"-       with_items: "{{ cloudflare_files }}"- -     - name: Cloudflare | Setup | Execute Python role-       ansible.builtin.include_role:-         name: "python"-       vars:-         python_version: "{{ cloudflare_python_version }}"- -     - name: "Cloudflare | Setup | Lookup Python {{ cloudflare_python_version }} installation"-       ansible.builtin.command: "{{ python_bin }} python find {{ cloudflare_python_version }} --managed-python"-       register: cloudflare_python_install_path_lookup-       changed_when: false-       environment: "{{ python_environment }}"-       become: true-       become_user: "{{ user.name }}"- -     - name: Cloudflare | Setup | Set Python version-       ansible.builtin.set_fact:-         cloudflare_python_install_path: "{{ cloudflare_python_install_path_lookup.stdout }}"- -     - name: Cloudflare | Setup | Delete venv folder-       ansible.builtin.file:-         path: "{{ cloudflare_venv_path }}"-         state: absent- -     - name: Cloudflare | Create venv-       ansible.builtin.command:-         cmd: "{{ cloudflare_python_install_path }} -m venv {{ cloudflare_venv_path }}"-       args:-         creates: "{{ cloudflare_venv_path }}"-       become: true-       become_user: "{{ user.name }}"- -     - name: Cloudflare | Install pip requirements-       ansible.builtin.pip:-         requirements: "{{ cloudflare_requirements_path }}"-         virtualenv: "{{ cloudflare_venv_path }}"-         virtualenv_command: "{{ cloudflare_venv_path }}/bin/python3 -m pip"-       become: true-       become_user: "{{ user.name }}"- -   rescue:-     - name: Cloudflare | Setup | Delete venv folder-       ansible.builtin.file:-         path: "{{ cloudflare_venv_path }}"-         state: absent- -     - name: Cloudflare | Setup | Print Failure-       ansible.builtin.fail:-         msg:-           - "Setting up the Cloudflare venv failed for some reason."-           - "This usually means issues with apt. Make sure 'sudo apt update' and 'sudo apt upgrade' works before retrying."

removed

roles/autobrr/templates/config.toml.j2

- # config.toml- - # Hostname / IP- #- # Default: "localhost"- #- host = "0.0.0.0"- - # Port- #- # Default: 7474- #- port = 7474- - # Base url- # Set custom baseUrl eg /autobrr/ to serve in subdirectory.- # Not needed for subdomain, or by accessing with the :port directly.- #- # Optional- #- #baseUrl = "/autobrr/"- - # autobrr logs file- # If not defined, logs to stdout- #- # Optional- #- logPath = "log/autobrr.log"- - # Log level- #- # Default: "DEBUG"- #- # Options: "ERROR", "DEBUG", "INFO", "WARN", "TRACE"- #- logLevel = "INFO"- - # Session secret- # Can be generated by running: head /dev/urandom | tr -dc A-Za-z0-9 | head -c16- sessionSecret = "{{ autobrr_secret.stdout }}"

removed

roles/backup/files/backup_excludes_list.txt

- #########################################################################- # Title:         Saltbox: Backup Excludes List                          #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- - ./bazarr/log/*- - ./cloudplow/cloudplow.log- ./cloudplow/cloudplow.log.*- ./cloudplow/locks/*- - ./drive_strm/*.log*- - ./lidarr/logs/*- - ./nvidia/*- - ./plex/Library/Application Support/Plex Media Server/Cache/PhotoTranscoder/*- ./plex/Library/Application Support/Plex Media Server/Cache/Transcode/*- - ./plex_autoscan/plex_autoscan.log- ./plex_autoscan/plex_autoscan.log.*- - ./plex_dupefinder/activity.log- ./plex_dupefinder/decisions.log- - ./python-plexlibrary/plexlibrary.log- - ./tautulli/logs/*- - ./radarr/logs/*- - ./radarr4k/logs/*- - ./sonarr/logs/*- - ./sonarr4k/logs/*

removed

roles/backup2/files/backup_excludes_list.txt

- #########################################################################- # Title:         Saltbox: Backup Excludes List                          #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- - ./bazarr/log/*- - ./cloudplow/cloudplow.log- ./cloudplow/cloudplow.log.*- ./cloudplow/locks/*- - ./drive_strm/*.log*- - ./lidarr/logs/*- - ./nvidia/*- - ./plex/Library/Application Support/Plex Media Server/Cache/PhotoTranscoder/*- ./plex/Library/Application Support/Plex Media Server/Cache/Transcode/*- - ./plex_autoscan/plex_autoscan.log- ./plex_autoscan/plex_autoscan.log.*- - ./plex_dupefinder/activity.log- ./plex_dupefinder/decisions.log- - ./python-plexlibrary/plexlibrary.log- - ./tautulli/logs/*- - ./radarr/logs/*- - ./radarr4k/logs/*- - ./sonarr/logs/*- - ./sonarr4k/logs/*

removed

roles/cloudplow/tasks/subtasks/disable.yml

- #########################################################################- # Title:         Saltbox: Cloudplow | Disable Task                      #- # Author(s):     salty                                                  #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Delete Service-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/systemd/delete_service.yml"-   vars:-     _service_name: "{{ cloudplow_service_name }}"

removed

roles/diag/files/cloudflare_ssl.py

- import argparse- import cloudflare- from cloudflare import Cloudflare- - - def get_zone_id(client: Cloudflare, zone_name: str) -> str:-     try:-         zone = client.zones.list(name=zone_name)-         if len(zone.result) == 0:-             raise ValueError(f'Specified zone: {zone_name} was not found')-         return zone.result[0].id-     except cloudflare.APIConnectionError as e:-         exit(f'Error fetching zone ID: {e}')-     except Exception as e:-         exit(f'Unexpected error: {e}')- - - def get_ssl_tls_mode(auth_email, auth_key, zone_name):-     cf = Cloudflare(api_email=auth_email, api_key=auth_key)- -     zone_id = get_zone_id(cf, zone_name)- -     # Get the SSL/TLS settings for the zone-     try:-         ssl_settings = cf.zones.settings.get(setting_id='ssl', zone_id=zone_id).to_dict()-         ssl_mode = ssl_settings['value']-         print(f"{ssl_mode}")-     except cloudflare.APIConnectionError as e:-         exit(f'/zones/settings/ssl.get - {e} - API call failed')-     except Exception as e:-         exit(f'/zones/settings/ssl.get - {e} - API call failed')- - - def main():-     parser = argparse.ArgumentParser(-         prog='SSL/TLS Mode Checker',-         description='Retrieves Cloudflare SSL/TLS Encryption Mode for a Zone',-         epilog='')- -     parser.add_argument('--auth_key', required=True, help='Cloudflare API key')-     parser.add_argument('--auth_email', required=True, help='Cloudflare account email')-     parser.add_argument('--zone_name', required=True, help='Name of the Cloudflare zone')- -     args = parser.parse_args()- -     get_ssl_tls_mode(args.auth_email, args.auth_key, args.zone_name)- - - if __name__ == '__main__':-     main()

removed

roles/jaeger/defaults/main.yml

- ##########################################################################- # Title:         Saltbox: Jaeger | Default Variables                     #- # Author(s):     salty                                                   #- # URL:           https://github.com/saltyorg/Saltbox                     #- # --                                                                     #- ##########################################################################- #                   GNU General Public License v3.0                      #- ##########################################################################- ---- ################################- # Basics- ################################- - jaeger_name: jaeger- - ################################- # Paths- ################################- - jaeger_paths_folder: "{{ jaeger_name }}"- jaeger_paths_location: "{{ server_appdata_path }}/{{ jaeger_paths_folder }}"- jaeger_paths_folders_list:-   - "{{ jaeger_paths_location }}"- - ################################- # Web- ################################- - jaeger_web_subdomain: "{{ jaeger_name }}"- jaeger_web_domain: "{{ user.domain }}"- jaeger_web_port: "16686"- jaeger_web_url: "{{ 'https://' + (jaeger_web_subdomain + '.' + jaeger_web_domain-                  if (jaeger_web_subdomain | length > 0)-                  else jaeger_web_domain) }}"- - ################################- # DNS- ################################- - jaeger_dns_record: "{{ jaeger_web_subdomain }}"- jaeger_dns_zone: "{{ jaeger_web_domain }}"- jaeger_dns_proxy: "{{ dns.proxied }}"- - ################################- # Traefik- ################################- - jaeger_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"- jaeger_traefik_middleware_default: "{{ traefik_default_middleware }}"- jaeger_traefik_middleware_custom: ""- jaeger_traefik_certresolver: "{{ traefik_default_certresolver }}"- jaeger_traefik_enabled: true- jaeger_traefik_api_enabled: false- jaeger_traefik_api_endpoint: ""- - ################################- # Docker- ################################- - # Container- jaeger_docker_container: "{{ jaeger_name }}"- - # Image- jaeger_docker_image_pull: true- jaeger_docker_image_tag: "latest"- jaeger_docker_image: "jaegertracing/all-in-one:{{ jaeger_docker_image_tag }}"- - # Ports- jaeger_docker_ports_defaults: []- jaeger_docker_ports_custom: []- jaeger_docker_ports: "{{ jaeger_docker_ports_defaults-                          + jaeger_docker_ports_custom }}"- - # Envs- jaeger_docker_envs_default:-   TZ: "{{ tz }}"-   COLLECTOR_ZIPKIN_HTTP_PORT: "9411"- jaeger_docker_envs_custom: {}- jaeger_docker_envs: "{{ jaeger_docker_envs_default-                         | combine(jaeger_docker_envs_custom) }}"- - # Commands- jaeger_docker_commands_default: []- jaeger_docker_commands_custom: []- jaeger_docker_commands: "{{ jaeger_docker_commands_default-                             + jaeger_docker_commands_custom }}"- - # Volumes- jaeger_docker_volumes_default: []- jaeger_docker_volumes_custom: []- jaeger_docker_volumes: "{{ jaeger_docker_volumes_default-                            + jaeger_docker_volumes_custom }}"- - # Devices- jaeger_docker_devices_default: []- jaeger_docker_devices_custom: []- jaeger_docker_devices: "{{ jaeger_docker_devices_default-                            + jaeger_docker_devices_custom }}"- - # Hosts- jaeger_docker_hosts_default: {}- jaeger_docker_hosts_custom: {}- jaeger_docker_hosts: "{{ docker_hosts_common-                          | combine(jaeger_docker_hosts_default)-                          | combine(jaeger_docker_hosts_custom) }}"- - # Labels- jaeger_docker_labels_default: {}- jaeger_docker_labels_custom: {}- jaeger_docker_labels: "{{ docker_labels_common-                           | combine(jaeger_docker_labels_default)-                           | combine(jaeger_docker_labels_custom) }}"- - # Hostname- jaeger_docker_hostname: "{{ jaeger_name }}"- - # Networks- jaeger_docker_networks_alias: "{{ jaeger_name }}"- jaeger_docker_networks_default: []- jaeger_docker_networks_custom: []- jaeger_docker_networks: "{{ docker_networks_common-                             + jaeger_docker_networks_default-                             + jaeger_docker_networks_custom }}"- - # Capabilities- jaeger_docker_capabilities_default: []- jaeger_docker_capabilities_custom: []- jaeger_docker_capabilities: "{{ jaeger_docker_capabilities_default-                                 + jaeger_docker_capabilities_custom }}"- - # Security Opts- jaeger_docker_security_opts_default: []- jaeger_docker_security_opts_custom: []- jaeger_docker_security_opts: "{{ jaeger_docker_security_opts_default-                                  + jaeger_docker_security_opts_custom }}"- - # Restart Policy- jaeger_docker_restart_policy: unless-stopped- - # State- jaeger_docker_state: started

removed

roles/jaeger/tasks/main.yml

- #########################################################################- # Title:         Saltbox: Jaeger Role                                   #- # Author(s):     salty                                                  #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Add DNS record-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"-   vars:-     dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-     dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-     dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"- - - name: Remove existing Docker container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"- - - name: Create directories-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"- - - name: Create Docker container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"

removed

roles/rutorrent/defaults/main.yml

- #########################################################################- # Title:         Saltbox: ruTorrent | Default Variables                 #- # Author(s):     desimaniac, salty                                      #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- ################################- # Basics- ################################- - rutorrent_name: rutorrent- - ################################- # Paths- ################################- - rutorrent_paths_folder: "{{ rutorrent_name }}"- rutorrent_paths_location: "{{ server_appdata_path }}/{{ rutorrent_paths_folder }}"- rutorrent_paths_downloads_location: "{{ downloads_torrents_path }}/{{ rutorrent_paths_folder }}"- rutorrent_paths_folders_list:-   - "{{ rutorrent_paths_location }}"-   - "{{ rutorrent_paths_location }}/plugins"-   - "{{ rutorrent_paths_location }}/themes"-   - "{{ rutorrent_paths_downloads_location }}"-   - "{{ rutorrent_paths_downloads_location }}/completed"-   - "{{ rutorrent_paths_downloads_location }}/incoming"-   - "{{ rutorrent_paths_downloads_location }}/watched"- - # Config files- rutorrent_paths_config_php_location: "{{ rutorrent_paths_location }}/rutorrent/settings/config.php"- rutorrent_paths_rtorrent_rc_location: "{{ rutorrent_paths_location }}/rtorrent/rtorrent.rc"- rutorrent_paths_php_local_ini_location: "{{ rutorrent_paths_location }}/php/php-local.ini"- rutorrent_paths_plugins_ini_location: "{{ rutorrent_paths_location }}/rutorrent/settings/plugins.ini"- - ################################- # Web- ################################- - rutorrent_web_subdomain: "{{ rutorrent_name }}"- rutorrent_web_domain: "{{ user.domain }}"- rutorrent_web_port: "80"- rutorrent_web_url: "{{ 'https://' + (rutorrent_web_subdomain + '.' + rutorrent_web_domain-                     if (rutorrent_web_subdomain | length > 0)-                     else rutorrent_web_domain) }}"- - ################################- # DNS- ################################- - rutorrent_dns_record: "{{ rutorrent_web_subdomain }}"- rutorrent_dns_zone: "{{ rutorrent_web_domain }}"- rutorrent_dns_proxy: "{{ dns.proxied }}"- - ################################- # Traefik- ################################- - rutorrent_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"- rutorrent_traefik_middleware_default: "{{ traefik_default_middleware-                                           + (',themepark-' + lookup('vars', rutorrent_name + '_name', default=rutorrent_name)-                                             if (rutorrent_themepark_enabled and global_themepark_plugin_enabled)-                                             else '') }}"- rutorrent_traefik_middleware_custom: ""- rutorrent_traefik_certresolver: "{{ traefik_default_certresolver }}"- rutorrent_traefik_enabled: true- rutorrent_traefik_api_enabled: true- rutorrent_traefik_api_middleware: "rutorrent-auth,{{ traefik_default_middleware_api }}"- rutorrent_traefik_api_endpoint: "PathPrefix(`/RPC2`)"- - ################################- # Config- ################################- - rutorrent_config_public_trackers: false- rutorrent_config_diskspace_path: "/mnt"- - ## New Installs- - # rtorrent.rc- rutorrent_config_new_installs_rutorrent_rc_settings_default:-   # Minimum number of peers to connect to per torrent-   - { option: "throttle.min_peers.normal.set", value: "1" }-   # Maximum number of simultaneous upload slots per torrent-   - { option: "throttle.max_uploads.set", value: "1024" }-   # Maximum number of simultaneous download slots, globally-   - { option: "throttle.max_downloads.global.set", value: "1024" }-   # Maximum number of simultaneous upload slots, globally-   - { option: "throttle.max_uploads.global.set", value: "1024" }-   # Maximum download rate, globally (KiB); 0 = unlimited-   - { option: "throttle.global_down.max_rate.set_kb", value: "0" }-   # Maximum upload rate, globally (KiB); 0 = unlimited-   - { option: "throttle.global_up.max_rate.set_kb", value: "0" }-   # Maximum number of open files-   - { option: "network.max_open_files.set", value: "1024" }-   # Maximum XMLRPC payloads-   - { option: "network.xmlrpc.size_limit.set", value: "20M" }-   # Encryption Parameters-   - { option: "protocol.encryption.set", value: "allow_incoming,try_outgoing,enable_retry,prefer_plaintext" }-   # Hash check on completion - disabled-   - { option: "pieces.hash.on_completion.set", value: "no" }-   # Disk space allocation - disabled-   - { option: "system.file.allocate.set", value: "0" }-   # Download Directory-   - { option: "directory.default.set", value: "/mnt/unionfs/downloads/torrents/rutorrent/completed" }-   # Watched Directory-   - { option: "schedule", value: 'watch_directory,5,5,"load.start=/mnt/unionfs/downloads/torrents/rutorrent/watched/*.torrent,d.delete_tied="' }- rutorrent_config_new_installs_rutorrent_rc_settings_custom: []- rutorrent_config_new_installs_rutorrent_rc_settings_list: "{{ rutorrent_config_new_installs_rutorrent_rc_settings_default-                                                               + rutorrent_config_new_installs_rutorrent_rc_settings_custom }}"- - # php-local.ini- rutorrent_config_new_installs_php_local_ini_settings_default:-   # Maximum Upload File Size via Web Browser (eg Uploading Torrent Files)-   - { option: "upload_max_filesize", value: "20M" }- rutorrent_config_new_installs_php_local_ini_settings_custom: []- rutorrent_config_new_installs_php_local_ini_settings_list: "{{ rutorrent_config_new_installs_php_local_ini_settings_default-                                                                + rutorrent_config_new_installs_php_local_ini_settings_custom }}"- - ## Existing Installs- - # rtorrent.rc- rutorrent_config_existing_installs_rutorrent_rc_settings_default:-   # Execute - Initiate Plugins-   - { option: "execute", value: "{sh,-c,/usr/bin/php /app/rutorrent/php/initplugins.php abc &}" }-   # IP address that is reported to the tracker-   - { option: "network.local_address.set", value: "{{ ip_address_public }}" }-   # Ports-   - { option: "network.port_range.set", value: "{{ rutorrent_docker_ports_51413 }}-{{ rutorrent_docker_ports_51413 }}" }-   - { option: "dht.port.set", value: "{{ rutorrent_docker_ports_6881 }}" }-   # Enable / Disable Public Trackers-   - { option: "dht.mode.set", value: "{{ rutorrent_config_public_trackers | ternary('on', 'disable') }}" }-   - { option: "trackers.use_udp.set", value: "{{ rutorrent_config_public_trackers | ternary('yes', 'no') }}" }-   - { option: "protocol.pex.set", value: "{{ rutorrent_config_public_trackers | ternary('yes', 'no') }}" }- rutorrent_config_existing_installs_rutorrent_rc_settings_custom: []- rutorrent_config_existing_installs_rutorrent_rc_settings_list: "{{ rutorrent_config_existing_installs_rutorrent_rc_settings_default-                                                                    + rutorrent_config_existing_installs_rutorrent_rc_settings_custom }}"- - ################################- # THEME- ################################- - # Options can be found at https://github.com/themepark-dev/theme.park- rutorrent_themepark_enabled: false- rutorrent_themepark_app: "rutorrent"- rutorrent_themepark_theme: "{{ global_themepark_theme }}"- rutorrent_themepark_domain: "{{ global_themepark_domain }}"- rutorrent_themepark_addons: []- - ################################- # Docker- ################################- - # Container- rutorrent_docker_container: "{{ rutorrent_name }}"- - # Image- rutorrent_docker_image_pull: true- rutorrent_docker_image_tag: "latest"- rutorrent_docker_image: "kudeta/ru-rtorrent:{{ rutorrent_docker_image_tag }}"- - # Ports- rutorrent_docker_ports_51413: "{{ port_lookup_51413.meta.port-                                if (port_lookup_51413.meta.port is defined) and (port_lookup_51413.meta.port | trim | length > 0)-                                else '51413' }}"- rutorrent_docker_ports_6881: "{{ port_lookup_6881.meta.port-                               if (port_lookup_6881.meta.port is defined) and (port_lookup_6881.meta.port | trim | length > 0)-                               else '6881' }}"- - rutorrent_docker_ports_defaults:-   - "{{ rutorrent_docker_ports_51413 }}:{{ rutorrent_docker_ports_51413 }}"-   - "{{ rutorrent_docker_ports_51413 }}:{{ rutorrent_docker_ports_51413 }}/udp"-   - "{{ rutorrent_docker_ports_6881 }}:{{ rutorrent_docker_ports_6881 }}/udp"- rutorrent_docker_ports_custom: []- - rutorrent_docker_ports: "{{ rutorrent_docker_ports_defaults-                             + rutorrent_docker_ports_custom }}"- - # Envs- rutorrent_docker_envs_default:-   PUID: "{{ uid }}"-   PGID: "{{ gid }}"-   TZ: "{{ tz }}"- rutorrent_docker_envs_custom: {}- rutorrent_docker_envs: "{{ rutorrent_docker_envs_default-                            | combine(rutorrent_docker_envs_custom) }}"- - # Commands- rutorrent_docker_commands_default: []- rutorrent_docker_commands_custom: []- rutorrent_docker_commands: "{{ rutorrent_docker_commands_default-                                + rutorrent_docker_commands_custom }}"- - # Volumes- rutorrent_docker_volumes_default:-   - "{{ rutorrent_paths_location }}:/config"-   - "{{ server_appdata_path }}/scripts:/scripts"- rutorrent_docker_volumes_custom: []- rutorrent_docker_volumes: "{{ rutorrent_docker_volumes_default-                               + rutorrent_docker_volumes_custom }}"- - # Devices- rutorrent_docker_devices_default: []- rutorrent_docker_devices_custom: []- rutorrent_docker_devices: "{{ rutorrent_docker_devices_default-                               + rutorrent_docker_devices_custom }}"- - # Hosts- rutorrent_docker_hosts_default: {}- rutorrent_docker_hosts_custom: {}- rutorrent_docker_hosts: "{{ docker_hosts_common-                             | combine(rutorrent_docker_hosts_default)-                             | combine(rutorrent_docker_hosts_custom) }}"- - # Labels- rutorrent_docker_labels_default:-   traefik.http.middlewares.rutorrent-auth.basicauth.usersfile: "/etc/traefik/auth"- rutorrent_docker_labels_custom: {}- rutorrent_docker_labels: "{{ docker_labels_common-                              | combine(lookup('vars', rutorrent_name + '_docker_labels_default', default=rutorrent_docker_labels_default))-                              | combine((traefik_themepark_labels-                                        if (rutorrent_themepark_enabled and global_themepark_plugin_enabled)-                                        else {}),-                                        lookup('vars', rutorrent_name + '_docker_labels_custom', default=rutorrent_docker_labels_custom)) }}"- - # Hostname- rutorrent_docker_hostname: "{{ rutorrent_name }}"- - # Networks- rutorrent_docker_networks_alias: "{{ rutorrent_name }}"- rutorrent_docker_networks_default: []- rutorrent_docker_networks_custom: []- rutorrent_docker_networks: "{{ docker_networks_common-                                + rutorrent_docker_networks_default-                                + rutorrent_docker_networks_custom }}"- - # Capabilities- rutorrent_docker_capabilities_default: []- rutorrent_docker_capabilities_custom: []- rutorrent_docker_capabilities: "{{ rutorrent_docker_capabilities_default-                                    + rutorrent_docker_capabilities_custom }}"- - # Security Opts- rutorrent_docker_security_opts_default: []- rutorrent_docker_security_opts_custom: []- rutorrent_docker_security_opts: "{{ rutorrent_docker_security_opts_default-                                     + rutorrent_docker_security_opts_custom }}"- - # Restart Policy- rutorrent_docker_restart_policy: unless-stopped- - # Stop Timeout- rutorrent_docker_stop_timeout: 900- - # State- rutorrent_docker_state: started

removed

roles/rutorrent/files/plugins.ini

- ;; Plugins' permissions.- ;; If flag is not found in plugin section, corresponding flag from "default" section is used.- ;; If flag is not found in "default" section, it is assumed to be "yes".- ;;- ;; For setting individual plugin permissions you must write something like that:- ;;- ;; [ratio]- ;; enabled = yes			;; also may be "user-defined", in this case user can control plugin's state from UI- ;; canChangeToolbar = yes- ;; canChangeMenu = yes- ;; canChangeOptions = no- ;; canChangeTabs = yes- ;; canChangeColumns = yes- ;; canChangeStatusBar = yes- ;; canChangeCategory = yes- ;; canBeShutdowned = yes- - [default]- enabled = user-defined- canChangeToolbar = yes- canChangeMenu = yes- canChangeOptions = yes- canChangeTabs = yes- canChangeColumns = yes- canChangeStatusBar = yes- canChangeCategory = yes- canBeShutdowned = yes

removed

roles/rutorrent/tasks/main.yml

- #########################################################################- # Title:         Saltbox: ruTorrent Role                                #- # Author(s):     desimaniac, l3uddz, salty                              #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Add DNS record-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"-   vars:-     dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-     dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-     dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"- - - name: Remove existing Docker container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"- - - name: Create directories-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"- - - name: Check if existing config file exists-   ansible.builtin.stat:-     path: "{{ rutorrent_paths_rtorrent_rc_location }}"-   register: rutorrent_paths_rtorrent_rc_location_stat- - - name: Pre-Install Tasks-   ansible.builtin.import_tasks: "subtasks/pre-install/main.yml"-   when: (not continuous_integration)- - - name: Create Docker container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"- - - name: Post-Install Tasks-   ansible.builtin.import_tasks: "subtasks/post-install/main.yml"

removed

roles/rutorrent/tasks/subtasks/post-install/main.yml

- #########################################################################- # Title:         Saltbox: ruTorrent | Post-Install Tasks                #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Post-Install | Wait for config files to be created-   ansible.builtin.wait_for:-     path: "{{ item }}"-     state: present-   loop:-     - "{{ rutorrent_paths_rtorrent_rc_location }}"-     - "{{ rutorrent_paths_php_local_ini_location }}"-     - "{{ rutorrent_paths_plugins_ini_location }}"- - - name: Post-Install | Wait for 60 seconds-   ansible.builtin.wait_for:-     timeout: 60- - - name: Post-Install | Stop container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"- - - name: Post-Install | Settings Task-   ansible.builtin.import_tasks: "settings/main.yml"- - - name: Post-Install | Start container-   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

removed

roles/rutorrent/tasks/subtasks/post-install/settings/main.yml

- #########################################################################- # Title:         Saltbox: ruTorrent | Post-Install | Settings           #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Post-Install | Settings | Update settings For New Installs-   ansible.builtin.import_tasks: "new_installs.yml"-   when: (not continuous_integration) and (not rutorrent_paths_rtorrent_rc_location_stat.stat.exists)- - - name: Post-Install | Settings | Create directory-   ansible.builtin.file:-     path: "{{ rutorrent_paths_location }}/plugins/diskspace"-     state: directory-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0775"- - - name: Post-Install | Settings | Import custom 'conf.php' for diskspace-   ansible.builtin.template:-     src: "diskspace_conf.php.j2"-     dest: "{{ rutorrent_paths_location }}/plugins/diskspace/conf.php"-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0644"-     force: true

removed

roles/rutorrent/tasks/subtasks/post-install/settings/new_installs.yml

- ####################################################################################- # Title:         Saltbox: ruTorrent | Post-Install | Settings | New Installs       #- # Author(s):     desimaniac                                                        #- # URL:           https://github.com/saltyorg/Saltbox                               #- # --                                                                               #- ####################################################################################- #                   GNU General Public License v3.0                                #- ####################################################################################- ---- - name: Post-Install | Settings | New Installs | Update 'rtorrent.rc' config settings-   community.general.ini_file:-     path: "{{ rutorrent_paths_rtorrent_rc_location }}"-     section: null-     option: "{{ item.option }}"-     value: "{{ item.value }}"-     no_extra_spaces: false-     state: present-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0664"-   loop: "{{ rutorrent_config_new_installs_rutorrent_rc_settings_list }}"- - - name: Post-Install | Settings | New Installs | Update 'php-local.ini' config settings-   community.general.ini_file:-     path: "{{ rutorrent_paths_php_local_ini_location }}"-     section: null-     option: "{{ item.option }}"-     value: "{{ item.value }}"-     no_extra_spaces: false-     state: present-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0664"-   loop: "{{ rutorrent_config_new_installs_php_local_ini_settings_list }}"- - - name: Post-Install | Settings | New Installs | Import custom 'plugins.ini'-   ansible.builtin.copy:-     src: plugins.ini-     force: true-     dest: "{{ rutorrent_paths_plugins_ini_location }}"-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0664"

removed

roles/rutorrent/tasks/subtasks/pre-install/existing_installs.yml

- ####################################################################################- # Title:         Saltbox: ruTorrent | Pre-Install | Settings | Existing Installs   #- # Author(s):     desimaniac                                                        #- # URL:           https://github.com/saltyorg/Saltbox                               #- # --                                                                               #- ####################################################################################- #                   GNU General Public License v3.0                                #- ####################################################################################- ---- - name: Pre-Install | Settings | Existing Installs | Update 'rtorrent.rc' config settings-   community.general.ini_file:-     path: "{{ rutorrent_paths_rtorrent_rc_location }}"-     section: null-     option: "{{ item.option }}"-     value: "{{ item.value }}"-     no_extra_spaces: false-     state: present-     owner: "{{ user.name }}"-     group: "{{ user.name }}"-     mode: "0664"-   loop: "{{ rutorrent_config_existing_installs_rutorrent_rc_settings_list }}"

removed

roles/rutorrent/tasks/subtasks/pre-install/main.yml

- #########################################################################- # Title:         Saltbox: ruTorrent | Pre-Install Tasks                 #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Pre-Install | Remove existing 'config.php'-   ansible.builtin.file:-     path: "{{ rutorrent_paths_config_php_location }}"-     state: absent- - - name: Pre-Install | Get next available port within the range of '51413-51423' # noqa fqcn[action]-   find_open_port:-     low_bound: 51413-     high_bound: 51423-     protocol: both-   register: port_lookup_51413-   ignore_errors: true- - - name: Pre-Install | Get next available port within the range of '6881-6891' # noqa fqcn[action]-   find_open_port:-     low_bound: 6881-     high_bound: 6891-     protocol: udp-   register: port_lookup_6881-   ignore_errors: true- - - name: Pre-Install | Settings | Update settings For Existing Installs-   ansible.builtin.import_tasks: "existing_installs.yml"-   when: rutorrent_paths_rtorrent_rc_location_stat.stat.exists

removed

roles/rutorrent/templates/diskspace_conf.php.j2

- <?php- - $diskUpdateInterval = 10;     // in seconds- $notifySpaceLimit = 512;      // in Mb- $partitionDirectory = '{{ rutorrent_config_diskspace_path }}'; // set this to the absolute path for checked partition.

removed

roles/scripts/files/plex_autoscan_url.sh

- #!/usr/bin/env bash- #########################################################################- # Title:         Plex Autoscan URL Script                               #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # Description:   Prints out the Plex Autoscan URL.                      #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- - ################################- # Constants- ################################- - # Regular colors- readonly NORMAL="\033[0;39m"- readonly GREEN="\033[32m"- - # Bold colors- readonly BRED="\033[1;31m"- readonly BWHITE="\033[1;37m"- readonly BBLUE="\033[1;34m"- - # Config files- readonly SB_ANSIBLE="/srv/git/saltbox/ansible.cfg"- readonly SB_ACCOUNTS="/srv/git/saltbox/accounts.yml"- readonly PAS_CONFIG="/opt/plex_autoscan/config/config.json"- - # Boolean vars- readonly TRUE=1- readonly FALSE=0- - ################################- # Functions- ################################- - function banner1() {-     if [ -x "$(command -v toilet)" ]; then-         echo ""-         toilet 'Plex Autoscan URL' -f standard --filter metal --filter border:metal --width 86-     fi- }- - function banner2() {- echo -e "- ${GREEN}┌───────────────────────────────────────────────────────────────────────────────────┐- ${GREEN}│ Title:             Plex Autoscan URL Script                                       │- ${GREEN}│ Author(s):         desimaniac                                                     │- ${GREEN}│ URL:               https://github.com/saltyorg/Saltbox                            │- ${GREEN}│ Description:       Prints out the Plex Autoscan URL.                              │- ${GREEN}├───────────────────────────────────────────────────────────────────────────────────┤- ${GREEN}│                        GNU General Public License v3.0                            │- ${GREEN}└───────────────────────────────────────────────────────────────────────────────────┘- ${NORMAL}"- }- - function sanity_check() {-     # Sanity checks-     if ! [[ -x "$(command -v jq)" ]]; then-         echo -e ${BRED}" Error: "${NORMAL}"'"${BWHITE}"jq"${NORMAL}"' is not installed."\-         ${NORMAL}"Run '"${BWHITE}"sudo apt-get install jq"${NORMAL}"' to install." >&2-         echo ""-         exit 1-     elif ! [[ -x "$(command -v yyq)" ]]; then-         echo -e ${BRED}" Error: "${NORMAL}"'"${BWHITE}"yyq"${NORMAL}"' is not installed."\-         ${NORMAL}"Run '"${BWHITE}"sb install yyq"${NORMAL}"' to install." >&2-         echo ""-         exit 1-     elif [[ ! -f ${PAS_CONFIG} ]]; then-         echo -e ${BRED}" Error: "${NORMAL}"File '"${BWHITE}${PAS_CONFIG}${NORMAL}"' is not found." >&2-         echo ""-         exit 1-     elif [[ ! -f ${SB_ACCOUNTS} ]]; then-         echo -e ${BRED}" Error: "${NORMAL}"File '"${BWHITE}${SB_ACCOUNTS}${NORMAL}"' is not found." >&2-         echo ""-         exit 1-     fi- -     # Validate JSON file-     cat ${PAS_CONFIG} | jq -e . >/dev/null 2>&1-     rc=$?-     if [[ $rc != 0 ]]; then-         echo -e ${BRED}" Error: "${NORMAL}"Invalid JSON format in '"${BWHITE}${PAS_CONFIG}${NORMAL}"'."  >&2-         echo ""-         echo -e " See 'JSON Format Errors' on the Wiki FAQ page."  >&2-         echo ""-         exit 1-     fi- }- - function build_url() {-     # Get variables from Plex Autoscan config-     SERVER_IP=$(cat ${PAS_CONFIG} | jq -r .SERVER_IP)-     SERVER_PORT=$(cat ${PAS_CONFIG} | jq -r .SERVER_PORT)-     SERVER_PASS=$(cat ${PAS_CONFIG} | jq -r .SERVER_PASS)- -     # Get variables from Saltbox account settings-     DOMAIN=$(yyq '.user.domain' ${SB_ACCOUNTS} )- -     # If SERVER_IP is 0.0.0.0, assign public IP address to REAL_IP.-     if [[ ${SERVER_IP} = 0.0.0.0 ]]; then-         REAL_IP="$(dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'\"' '{ print $2}')"-     else-         REAL_IP=${SERVER_IP}-     fi- -     # Declare Subdomains Array-     declare -a SUBDOMAINS=(-         "plex.${DOMAIN}"-         "mediabox.${DOMAIN}"-         "saltbox.${DOMAIN}"-         "${REAL_IP}"-     )- -     # Get length of the subdomains array-     SUBDOMAIN_LEN=${#SUBDOMAINS[@]}- -     # Declare variables for while loop-     declare -i COUNT=0-     SUBDOMAIN_IP=""- -     # Determine which subdomain points to the actual host IP address (vs a CDN one, for example)-     while [[ ((${REAL_IP} != ${SUBDOMAIN_IP}) && (${COUNT} < ${SUBDOMAIN_LEN})) ]]; do-         SUBDOMAIN=${SUBDOMAINS[$COUNT]}-         SUBDOMAIN_IP=$(dig -4 +short ${SUBDOMAIN} @8.8.8.8)-         COUNT+=1-     done- }- - # Print Plex Autoscan URL- function print_url() {- -     if (( SIMPLE - 1 )); then-         echo -e ${BWHITE}"Your Plex Autoscan URL:"-         echo -e ${BBLUE}"http://${SUBDOMAIN}:${SERVER_PORT}/${SERVER_PASS}"${NORMAL}-         echo ""-     else-         echo http://${SUBDOMAIN}:${SERVER_PORT}/${SERVER_PASS}-     fi- - }- - ################################- # Argument Parser- ################################- - ## https://stackoverflow.com/a/39398359- SIMPLE=${FALSE}- # As long as there is at least one more argument, keep looping- while [[ $# -gt 0 ]]; do-     key="$1"-     case "$key" in-         # This flag type option will catch either -s or --simple-         -s|--simple)-         SIMPLE=${TRUE}-         ;;-         *)-         # Exit when unknown argument is passed-         echo "Unknown option '$key'"-         exit 10-         ;;-     esac-     shift- done- - ################################- # Main- ################################- - function main ()- {-     if [[ ${SIMPLE} == ${FALSE} ]]; then-         banner1-         banner2-     fi-         sanity_check-         build_url-         print_url- }- - main "$@"

removed

roles/scripts/files/plexsql.sh

- #!/bin/bash- # if script name is plexsql.sh then- # usage is - ./plexsql.sh "select something from some_table where something = something_else"- # - mkdir -p /opt/plexsql- sqlplex="/opt/plexsql/Plex SQLite"- docker stop plex- docker cp plex:/usr/lib/plexmediaserver/. /opt/plexsql- cd "/opt/plex/Library/Application Support/Plex Media Server/Plug-in Support/Databases"- cp com.plexapp.plugins.library.db com.plexapp.plugins.library.db.original- "$sqlplex" com.plexapp.plugins.library.db "$1"- - #and if you want to do something other than select statements use this instead- #cp com.plexapp.plugins.library.db com.plexapp.plugins.library.db.original- #"$sqlplex" com.plexapp.plugins.library.db "DROP index 'index_title_sort_naturalsort'"- #"$sqlplex" com.plexapp.plugins.library.db "DELETE from schema_migrations where version='20180501000000'"- #"$sqlplex" com.plexapp.plugins.library.db "$1"

removed

roles/scripts/files/restart_containers.sh

- #!/bin/bash- #########################################################################- # Title:         Restart Running Containers Script                      #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # Description:   Stop running containers and start them back up.        #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- - - # Regular color(s)- NORMAL="\033[0;39m"- GREEN="\033[32m"- - echo -e "- $GREEN-  ┌───────────────────────────────────────────────────────────────────────────────────┐-  │ Title:             Restart Running Containers Script                              │-  │ Author(s):         desimaniac, salty                                              │-  │ URL:               https://github.com/saltyorg/Saltbox                            │-  │ Description:       Stop running containers and start them back up.                │-  ├───────────────────────────────────────────────────────────────────────────────────┤-  │                        GNU General Public License v3.0                            │-  └───────────────────────────────────────────────────────────────────────────────────┘- $NORMAL- "- - containers=$(docker ps -q)- echo Stopping $containers- docker=$(docker stop $containers)- - sleep 3- - echo Starting $containers- docker=$(docker start $containers)

removed

roles/settings/files/settings-updater.py

- #!/srv/ansible/venv/bin/python3- """- -     #########################################################################-     # Title:         Settings Updater Script                                #-     # Author(s):     l3uddz, chazlarson, salty                              #-     # URL:           https://github.com/saltyorg/Saltbox                    #-     # Description:   Adds variables to settings.yml.                        #-     # --                                                                    #-     #########################################################################-     #                   GNU General Public License v3.0                     #-     #########################################################################- - """- import logging- import os- import sys- from logging.handlers import RotatingFileHandler- - from ruamel.yaml import YAML- from ruamel.yaml.comments import CommentedMap- - ############################################################- # INIT- ############################################################- - - log = None- - - def init_logging(playbook_path):-     # log settings-     log_format = '%(asctime)s - %(levelname)-10s - %(name)-35s - %(funcName)-35s - %(message)s'-     log_file_path = os.path.join(playbook_path, "settings-updater.log")-     log_level = logging.DEBUG- -     # init root_logger-     log_formatter = logging.Formatter(log_format)-     root_logger = logging.getLogger()-     root_logger.setLevel(log_level)- -     # init console_logger-     console_handler = logging.StreamHandler(sys.stdout)-     console_handler.setFormatter(log_formatter)-     root_logger.addHandler(console_handler)- -     # init file_logger-     file_handler = RotatingFileHandler(-         log_file_path,-         maxBytes=1024 * 1024 * 5,-         backupCount=5-     )-     file_handler.setFormatter(log_formatter)-     root_logger.addHandler(file_handler)- -     # Set chosen logging level-     root_logger.setLevel(log_level)- -     # Get logger-     return root_logger.getChild("settings-updater")- - - ############################################################- # UPDATER- ############################################################- - def load_settings(file_to_load):-     yaml_instance = YAML()-     yaml_instance.preserve_quotes = True- -     settings = None-     try:-         with open(file_to_load, "r") as f:-             settings = yaml_instance.load(f)-     except Exception:-         log.exception("Exception loading %s: ", file_to_load)-     return settings- - def dump_settings(settings, file_to_dump):-     dumped = False-     try:-         yaml_instance = YAML()-         yaml_instance.preserve_quotes = True-         with open(file_to_dump, 'w') as fp:-             yaml_instance.dump(settings, fp)-         dumped = True-     except Exception:-         log.exception("Exception dumping upgraded %s: ", file_to_dump)-     return dumped- - def is_remote_entry(thing):-     ret_val = False-     if type(thing) == CommentedMap:-         rem_set = {'port', 'remote', 'template', 'cache'}-         for k in thing.keys():-             ret_val = ret_val or (k in rem_set)-     return ret_val- - def _inner_upgrade(settings1, settings2, key=None, overwrite=False):-     sub_upgraded = False-     merged = settings2.copy()- -     if isinstance(settings1, dict):-         for k, v in settings1.items():-             # missing k-             if k not in settings2:-                 merged[k] = v-                 sub_upgraded = True-                 if not key:-                     log.info("Added %r setting: %s", str(k), str(v))-                 else:-                     log.info("Added %r to setting %r: %s", str(k), str(key), str(v))-                 continue- -             # iterate children-             if isinstance(v, dict) or isinstance(v, list):-                 merged[k], did_upgrade = _inner_upgrade(settings1[k], settings2[k], key=k,-                                                                 overwrite=overwrite)-                 sub_upgraded = did_upgrade if did_upgrade else sub_upgraded-             elif settings1[k] != settings2[k] and overwrite:-                 merged = settings1-                 sub_upgraded = True-     elif isinstance(settings1, list) and key:-         for v in settings1:-             is_remote = is_remote_entry(v)-             might_not_want_it = len(settings2) > 0-             if v not in settings2 and not is_remote and not might_not_want_it:-                 merged.append(v)-                 sub_upgraded = True-                 log.info("Added to setting %r: %s", str(key), str(v))-                 continue- -     return merged, sub_upgraded- - def upgrade_settings(defaults, currents):-     upgraded_settings, upgraded = _inner_upgrade(defaults, currents)-     return upgraded, upgraded_settings- - ############################################################- # MAIN- ############################################################- - if __name__ == "__main__":-     # get playbook dir-     if not len(sys.argv) >= 4:-         print("3 arguments must be supplied, playbook_dir default_settings current_settings")-         sys.exit(1)-     playbook_dir = sys.argv[1]-     default_file = sys.argv[2]-     current_file = sys.argv[3]- -     # init logging-     log = init_logging(playbook_dir)- -     # load settings-     default_settings = load_settings(os.path.join(playbook_dir, default_file))-     if not default_settings:-         log.error("Failed loading \'%s\'. Aborting...", default_file)-         sys.exit(1)- -     current_settings = load_settings(os.path.join(playbook_dir, current_file))-     if not current_settings:-         log.error("Failed loading \'%s\'. Aborting...", current_file)-         sys.exit(1)- -     # compare/upgrade settings-     did_upgrade, upgraded_settings = upgrade_settings(default_settings, current_settings)-     if not did_upgrade:-         log.info("There were no settings changes to apply.")-         sys.exit(0)-     else:-         if not dump_settings(upgraded_settings, os.path.join(playbook_dir, current_file)):-             log.error("Failed dumping updated \'%s\'.", current_file)-             sys.exit(1)-         log.info("Successfully upgraded: \'%s\'.", current_file)-         sys.exit(2)

removed

roles/settings/tasks/main.yml

- #########################################################################- # Title:         Saltbox: Settings Role                                 #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Settings | Start"-   ansible.builtin.include_tasks: "subtasks/start.yml"- - - name: "Settings | Main 2"-   ansible.builtin.include_tasks: "main2.yml"-   loop: "{{ config_files }}"-   loop_control:-     loop_var: outer_item- - - name: "Settings | Finish"-   ansible.builtin.include_tasks: "subtasks/finish.yml"

removed

roles/settings/tasks/main2.yml

- #########################################################################- # Title:         Saltbox: Settings | Main 2                             #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Settings | Copy"-   ansible.builtin.include_tasks: "subtasks/copy.yml"-   vars:-     file: "{{ outer_item }}"- - - name: "Settings | Migrator"-   ansible.builtin.include_tasks: "subtasks/migrator.yml"-   vars:-     file: "{{ outer_item }}"- - - name: "Settings | Updater"-   ansible.builtin.include_tasks: "subtasks/updater.yml"-   vars:-     file: "{{ outer_item }}"

removed

roles/settings/tasks/subtasks/copy.yml

- #########################################################################- # Title:         Saltbox: Settings | Copy                               #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- # Check for config files and import they are missing- - name: "Copy | Check if '{{ file }}' exists"-   ansible.builtin.stat:-     path: "{{ playbook_dir }}/{{ file }}"-   register: file0- - - name: "Copy | Copy '{{ file }}.default' to '{{ file }}'"-   ansible.builtin.copy:-     src: "{{ playbook_dir }}/defaults/{{ file }}.default"-     dest: "{{ playbook_dir }}/{{ file }}"-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"-   when: (not file0.stat.exists)

removed

roles/settings/tasks/subtasks/finish.yml

- #########################################################################- # Title:         Saltbox: Settings | Finish                             #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Finish | Check 'settings-updater.py' for new settings"-   ansible.builtin.debug: # noqa jinja[invalid]-     msg:-       - "The 'settings_updater.py' script updated the following-           file{{ 's' if (files_updated_successfully | length > 1) else '' }}: '{{ files_updated_successfully | join(', ') | trim }}'"-       - "Please check {{ 'these files' if (files_updated_successfully | length > 1) else 'this file' }} for the newly added settings"-       - "You can also review the log file: 'settings-updater.log'"-   when: (files_updated_successfully | length > 0)- - - name: Traefik 3.0 Migration block-   when: traefik3_migration-   block:-     - name: Provide link to migration docs # Update to main docs page when docs are updated-       ansible.builtin.pause:-         prompt: "Make sure you read the migration docs (press enter to continue): https://docs.saltbox.dev/saltbox/upgrade/traefik3/"- - # Make sure accounts.yml has been filled in by user- - name: "Finish | Get stats on 'accounts.yml' for hash check"-   ansible.builtin.stat:-     path: "{{ playbook_dir }}/accounts.yml"-   register: accounts_yml- - - name: "Finish | Get stats on 'accounts.yml.default' for hash check"-   ansible.builtin.stat:-     path: "{{ playbook_dir }}/defaults/accounts.yml.default"-   register: accounts_yml_default- - # Sanity Checks- - name: "Finish | Ensure that 'accounts.yml' is configured"-   ansible.builtin.assert:-     that:-       - accounts_yml.stat.exists-       - accounts_yml.stat.checksum != accounts_yml_default.stat.checksum-       - user.domain != "testsaltbox.ml"-     msg: "You must configure 'accounts.yml' before running the Saltbox installer"- - # Exit playbook When necessary- - name: Finish | Exit Tasks-   when: exit_is_necessary-   block:-     - name: "Finish | Check 'settings-updater.py' run status for errors"-       ansible.builtin.debug:-         msg:-           - "The 'settings_updater.py' script exited with an error when updating the following-               file{{ 's' if (files_updated_unsuccessfully | length > 1) else '' }}: '{{ files_updated_unsuccessfully | join(', ') | trim }}'"-           - "Please check 'settings-updater.log' for details"-       when: (files_updated_unsuccessfully | length > 0)- -     - name: "Finish | Exit so that user can check updated config files"-       ansible.builtin.debug:-         msg: "Saltbox Installer will now exit."- -     - name: "Finish | Exit"-       ansible.builtin.meta: end_play

removed

roles/settings/tasks/subtasks/migrator.yml

- #########################################################################- # Title:         Saltbox: Settings | Migrator                           #- # Author(s):     desimaniac, salty                                      #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Migrator | Migrations for all config files-   block:-     - name: Migrator | All | Migration 01-       ansible.builtin.include_tasks: "migrator/all/migration_01.yml"-       when: (file != "backup_config.yml")- - - name: Migrator | Migrations for 'accounts.yml'-   when: (file == "accounts.yml")-   block:-     - name: Migrator | 'accounts.yml' | Migration 01-       ansible.builtin.include_tasks: "migrator/accounts_yml/migration_01.yml"- - - name: Migrator | Migrations for 'adv_settings.yml'-   when: (file == "adv_settings.yml")-   block:-     - name: Migrator | 'adv_settings.yml' | Migration 01-       ansible.builtin.include_tasks: "migrator/adv_settings_yml/migration_01.yml"- - - name: Migrator | Migrations for 'backup_config.yml'-   when: (file == "backup_config.yml")-   block:-     - name: Migrator | 'backup_config.yml' | Migration 01-       ansible.builtin.include_tasks: "migrator/backup_config_yml/migration_01.yml"- - - name: Migrator | Migrations for 'providers.yml'-   when: (file == "providers.yml")-   block:-     - name: Migrator | 'providers.yml' | Migration 01-       ansible.builtin.include_tasks: "migrator/providers_yml/migration_01.yml"- - - name: Migrator | Migrations for 'settings.yml'-   when: (file == "settings.yml")-   block:-     - name: Migrator | 'settings.yml' | Migration 01-       ansible.builtin.include_tasks: "migrator/settings_yml/migration_01.yml"

removed

roles/settings/tasks/subtasks/migrator/accounts_yml/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | 'accounts.yml' | Migration 01          #- # Author(s):     desimaniac                                                            #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- ---- - name: "Migrator | 'accounts.yml' | Migration 01 | Set variables"-   ansible.builtin.set_fact:-     plex_settings: "{{ not ((plex is undefined)-                             or-                             (plex is none)-                             or-                             (plex | trim | length == 0)) }}"- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'plex' dict-   ansible.builtin.shell: |-     yyq -i 'del(.plex)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: plex_settings- - - name: Migrator | 'accounts.yml' | Migration 01 | Remove 'null' values-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(?<=: )\bnull\s*$'-     replace: ''-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | 'accounts.yml' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/migrator/adv_settings_yml/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | 'adv_settings.yml' | Migration 01      #- # Author(s):     desimaniac, salty                                                     #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- - ---- - name: "Migrator | 'adv_settings.yml' | Migration 01 | Set variables"-   ansible.builtin.set_fact:-     old_traefik_tls_settings: "{{ not ((traefik is undefined)-                                   or-                                   (traefik is none)-                                   or-                                   (traefik | trim | length == 0)-                                   or-                                   (traefik.tls is undefined)-                                   or-                                   (traefik.tls is none)-                                   or-                                   (traefik.tls | trim | length == 0)) }}"-     old_traefik_http_settings: "{{ not ((traefik is undefined)-                                    or-                                    (traefik is none)-                                    or-                                    (traefik | trim | length == 0)-                                    or-                                    (traefik.http is undefined)-                                    or-                                    (traefik.http is none)-                                    or-                                    (traefik.http | trim | length == 0)) }}"-     old_zerossl_settings: "{{ not ((dns is undefined)-                               or-                               (dns is none)-                               or-                               (dns | trim | length == 0)-                               or-                               (dns.zerossl is undefined)-                               or-                               (dns.zerossl is none)-                               or-                               (dns.zerossl | trim | length == 0)) }}"-     traefik_metrics_settings: "{{ not ((traefik is undefined)-                                   or-                                   (traefik is none)-                                   or-                                   (traefik | trim | length == 0)-                                   or-                                   (traefik.metrics is undefined)-                                   or-                                   (traefik.metrics is none)-                                   or-                                   (traefik.metrics | trim | length == 0)) }}"-     old_dockerhub: "{{ not ((dockerhub is undefined)-                        or-                        (dockerhub is none)-                        or-                        (dockerhub | trim | length == 0)) }}"-     old_dns_enabled: "{{ not ((dns.enabled is undefined)-                          or-                          (dns.enabled is none)-                          or-                          (dns.enabled | trim | length == 0)) }}"-     old_feeder_mount: "{{ not ((mounts.feeder is undefined)-                           or-                           (mounts.feeder is none)-                           or-                           (mounts.feeder | trim | length == 0)) }}"-     old_remote_mount: "{{ not ((mounts.remote is undefined)-                           or-                           (mounts.remote is none)-                           or-                           (mounts.remote | trim | length == 0)) }}"- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'traefik.tls' dict-   ansible.builtin.shell: |-     yyq -i 'del(.traefik.tls)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_traefik_tls_settings- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Rebuild 'traefik.cert.http_validation' dict-   ansible.builtin.shell: |-     yyq -i '.traefik.cert.http_validation = "{{ 'yes' if (traefik.http | default(false)) else 'no' }}"' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_traefik_http_settings- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'traefik.http' dict-   ansible.builtin.shell: |-     yyq -i 'del(.traefik.http)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_traefik_http_settings- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Rebuild 'traefik.cert.zerossl' dict-   ansible.builtin.shell: |-     yyq -i '.traefik.cert.zerossl = "{{ 'yes' if (dns.zerossl | default(false)) else 'no' }}"' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_zerossl_settings- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'dns.zerossl' dict-   ansible.builtin.shell: |-     yyq -i 'del(.dns.zerossl)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_zerossl_settings- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Rebuild 'traefik.metrics' dict-   ansible.builtin.shell: |-     yyq -i '.traefik.metrics = "no"' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: (not traefik_metrics_settings)- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'dockerhub' dict-   ansible.builtin.shell: |-     yyq -i 'del(.dockerhub)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_dockerhub- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'dns.enabled' key-pair-   ansible.builtin.shell: |-     yyq -i 'del(.dns.enabled)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_dns_enabled- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'mounts.feeder' dict-   ansible.builtin.shell: |-     yyq -i 'del(.mounts.feeder)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_feeder_mount- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'mounts.remote' dict-   ansible.builtin.shell: |-     yyq -i 'del(.mounts.remote)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_remote_mount- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'gpu.nvidia' dict-   ansible.builtin.shell: |-     yyq -i 'del(.gpu.nvidia)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: gpu is defined and gpu.nvidia is defined- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'traefik.tracing' dict-   ansible.builtin.shell: |-     yyq -i 'del(.traefik.tracing)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: traefik is defined and traefik.tracing is defined- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Delete 'traefik.subdomains.jaeger' dict-   ansible.builtin.shell: |-     yyq -i 'del(.traefik.subdomains.jaeger)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: traefik is defined and traefik.subdomains is defined and traefik.subdomains.jaeger is defined- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Remove 'null' values-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(?<=: )\bnull\s*$'-     replace: ''-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | 'adv_settings.yml' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/migrator/all/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | All | Migration 01                     #- # Author(s):     desimaniac, salty                                                     #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- ---- - name: Migrator | All | '{{ file }}' | Migration 01 | Add single space after colon (if needed)-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(:)[ \t]*(.*)'-     replace: '\1 \2'-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | All | '{{ file }}' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/migrator/backup_config_yml/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | 'backup_config.yml' | Migration 01     #- # Author(s):     desimaniac, salty                                                     #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- ---- - name: "Migrator | 'backup_config.yml' | Migration 01 | Set variables"-   ansible.builtin.set_fact:-     old_settings: "{{ (backup.cron.enable is defined)-                       or-                       (backup.cron.cron_state is defined) }}"- - - name: Migrator | 'backup_config.yml' | Migration 01 | Rebuild 'backup.cron' dict-   ansible.builtin.shell: |-     yyq -i 'del(.backup.cron.cron_state)' {{ playbook_dir }}/{{ file }}-     yyq -i 'del(.backup.cron.enable)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_settings- - - name: Migrator | 'backup_config.yml' | Migration 01 | Remove 'null' values-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(?<=: )\bnull\s*$'-     replace: ''-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | 'backup_config.yml' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/migrator/providers_yml/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | 'providers.yml' | Migration 01         #- # Author(s):     salty                                                                 #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- ---- - name: "Migrator | 'backup_config.yml' | Migration 01 | Set variables"-   ansible.builtin.set_fact:-     old_godaddy: "{{ (goddady is defined) }}"-     old_godaddy_filled: "{{ (goddady is defined) and-                             (goddady is not none) and-                             (goddady | trim | length > 0) and-                             (goddady.api_key is defined) and-                             (goddady.api_key is not none) and-                             (goddady.api_key | length > 0) and-                             (goddady.api_secret is defined) and-                             (goddady.api_secret is not none) and-                             (goddady.api_secret | length > 0) }}"- - - name: Migrator | 'backup_config.yml' | Migration 01 | Delete 'goddady' dict-   ansible.builtin.shell: |-     yyq -i 'del(.goddady)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_godaddy- - - name: Migrator | 'backup_config.yml' | Migration 01 | Rebuild 'godaddy' dict-   ansible.builtin.shell: |-     yyq -i '.godaddy.api_key = "{{ goddady.api_key }}"' {{ playbook_dir }}/{{ file }}-     yyq -i '.godaddy.api_secret = "{{ goddady.api_secret }}"' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_godaddy_filled- - - name: Migrator | 'backup_config.yml' | Migration 01 | Remove 'null' values-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(?<=: )\bnull\s*$'-     replace: ''-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | 'backup_config.yml' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/migrator/settings_yml/migration_01.yml

- ########################################################################################- # Title:         Saltbox: Settings | Migrator | 'settings.yml' | Migration 01          #- # Author(s):     salty                                                                 #- # URL:           https://github.com/saltyorg/Saltbox                                   #- # --                                                                                   #- ########################################################################################- #                            GNU General Public License v3.0                           #- ########################################################################################- - ---- - name: "Migrator | 'settings.yml' | Migration 01 | Set variables"-   ansible.builtin.set_fact:-     old_download: "{{ not-                       ((downloads.nzbs is undefined)-                       or-                       (downloads.torrents is undefined)) }}"-     old_feeder_mount: "{{ (not ((mounts.feeder is undefined)-                           or-                           (mounts.feeder is none)-                           or-                           (mounts.feeder | trim | length == 0)))-                           and mounts.feeder }}"- - - name: Migrator | 'settings.yml' | Migration 01 | Rebuild 'downloads' dict-   ansible.builtin.shell: |-     yyq -i 'del(.downloads)' {{ playbook_dir }}/{{ file }}-     yyq -i '.downloads = "/mnt/unionfs/downloads"' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_download- - - name: Migrator | 'settings.yml' | Migration 01 | Delete 'rclone.remote' dict-   ansible.builtin.shell: |-     yyq -i 'del(.rclone.remote)' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: rclone.remote is defined- - - name: Migrator | 'settings.yml' | Migration 01 | Create 'rclone.remotes' dict-   ansible.builtin.shell: |-     yyq -i '.rclone.remotes += [{"remote": "{{ rclone.remote }}", "settings": {"mount": true, "template": "google", "union": true, "upload": true, "upload_from": "/mnt/local/Media", "vfs_cache": {"enabled": false, "size": "50G", "max_age": "504h"}}}]' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: (rclone.remotes is undefined) and rclone_old_remote_is_defined- - - name: Migrator | 'settings.yml' | Migration 01 | Create 'rclone.remotes' dict-   ansible.builtin.shell: |-     yyq -i '.rclone.remotes += [{"remote": "google", "settings": {"mount": true, "template": "google", "union": true, "upload": true, "upload_from": "/mnt/local/Media", "vfs_cache": {"enabled": false, "size": "50G", "max_age": "504h"}}}]' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: (rclone.remotes is undefined) and not rclone_old_remote_is_defined- - - name: Migrator | 'settings.yml' | Migration 01 | Add feeder to remotes-   ansible.builtin.shell: |-     yyq -i '.rclone.remotes += [{"remote": "feeder", "settings": {"mount": true, "template": "sftp", "union": true, "upload": false, "upload_from": "/mnt/local/Media", "vfs_cache": {"enabled": false, "size": "50G", "max_age": "504h"}}}]' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: old_feeder_mount- - - name: Migrator | 'settings.yml' | Migration 01 | Create 'rclone.enabled' dict-   ansible.builtin.shell: |-     yyq -i '.rclone.enabled = {{ "true" if (rclone_old_remote_is_defined or rclone_remote_is_defined) else "false" }}' {{ playbook_dir }}/{{ file }}-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   when: (rclone.enabled is undefined)- - - name: Migrator | 'settings.yml' | Migration 01 | Upgrade to new settings format-   when: (rclone.remotes is defined) and (rclone.remotes is not none) and (rclone.remotes | length > 0)-   block:-     - name: Migrator | 'settings.yml' | Migration 01 | Read current config file-       ansible.builtin.slurp:-         src: /srv/git/saltbox/settings.yml-       register: settings_config_content- -     - name: Migrator | 'settings.yml' | Migration 01 | Parse the configuration-       ansible.builtin.set_fact:-         settings_config: "{{ settings_config_content['content'] | b64decode | from_yaml }}"- -     - name: Migrator | 'settings.yml' | Migration 01 | Transform the data structure-       ansible.builtin.set_fact:-         new_remotes: "{{ new_remotes | default([]) + [{'remote': item.remote, 'settings': {'mount': true, 'template': (item.template | default('google')), 'union': true, 'upload': (item.upload | default(false)), 'upload_from': (item.upload_from | default('/mnt/local/Media')), 'vfs_cache': {'enabled': (item.vfs_cache.enabled | default(false)), 'max_age': (item.vfs_cache.max_age | default('504h')), 'size': (item.vfs_cache.size | default('50G'))}}}] }}"-       loop: "{{ settings_config.rclone.remotes }}"-       when: item.template is defined- -     - name: Migrator | 'settings.yml' | Migration 01 | Combine new structure with original config-       ansible.builtin.set_fact:-         new_config: "{{ (settings_config | combine({'rclone': {'remotes': new_remotes}}, recursive=True)) }}"-       when: new_remotes is defined- -     - name: Migrator | 'settings.yml' | Migration 01 | Write the new configuration file-       ansible.builtin.copy:-         dest: /srv/git/saltbox/settings.yml-         content: "{{ new_config | to_nice_yaml }}"-         owner: "{{ saltbox_yml.stat.uid }}"-         group: "{{ saltbox_yml.stat.gid }}"-         mode: "0664"-       when: new_remotes is defined- - - name: Migrator | 'settings.yml' | Migration 01 | Ensure enable_refresh is set correctly for each remote-   when: (settings_config.rclone.remotes is defined) and (settings_config.rclone.remotes is not none) and (settings_config.rclone.remotes | length > 0)-   block:-     - name: Migrator | 'settings.yml' | Migration 01 | Read current config file-       ansible.builtin.slurp:-         src: /srv/git/saltbox/settings.yml-       register: settings_config_content- -     - name: Migrator | 'settings.yml' | Migration 01 | Parse the configuration-       ansible.builtin.set_fact:-         settings_config: "{{ settings_config_content['content'] | b64decode | from_yaml }}"- -     - name: Migrator | 'settings.yml' | Migration 01 | Process each remote-       ansible.builtin.set_fact:-         updated_remotes: "{{ updated_remotes | default([]) + [item | combine({'settings': item.settings | combine({'enable_refresh': (item.settings.template != 'sftp')}, recursive=True)}, recursive=True)-                                                              if 'enable_refresh' not in item.settings-                                                              else item] }}"-       loop: "{{ settings_config.rclone.remotes }}"-       loop_control:-         loop_var: item- -     - name: Migrator | 'settings.yml' | Migration 01 | Update configuration with new remotes-       ansible.builtin.set_fact:-         updated_config: "{{ settings_config | combine({'rclone': {'remotes': updated_remotes}}, recursive=True) }}"- -     - name: Migrator | 'settings.yml' | Migration 01 | Write updated configuration to file-       ansible.builtin.copy:-         dest: /srv/git/saltbox/settings.yml-         content: "{{ updated_config | to_nice_yaml }}"-         owner: "{{ saltbox_yml.stat.uid }}"-         group: "{{ saltbox_yml.stat.gid }}"-         mode: "0664"- - - name: Migrator | 'settings.yml' | Migration 01 | Convert 'true' to 'yes'-   ansible.builtin.command: >-     yyq '-       (.. | select(tag == "!!bool" and . == true)) |= "yes"-     ' /srv/git/saltbox/settings.yml -i- - - name: Migrator | 'settings.yml' | Migration 01 | Convert 'false' to 'no'-   ansible.builtin.command: >-     yyq '-       (.. | select(tag == "!!bool" and . == false)) |= "no"-     ' /srv/git/saltbox/settings.yml -i- - - name: Migrator | 'settings.yml' | Migration 01 | Remove 'null' values-   ansible.builtin.replace:-     path: "{{ playbook_dir }}/{{ file }}"-     regexp: '(?<=: )\bnull\s*$'-     replace: ''-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"- - - name: Migrator | 'settings.yml' | Migration 01 | Re-import Variables-   ansible.builtin.include_vars: "{{ playbook_dir }}/{{ file }}"

removed

roles/settings/tasks/subtasks/start.yml

- #########################################################################- # Title:         Saltbox: Settings | Start                              #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Start | Install yyq"-   ansible.builtin.include_role:-     name: yyq- - - name: "Start | Get 'saltbox.yml' info"-   ansible.builtin.stat:-     path: "{{ playbook_dir }}/saltbox.yml"-   register: saltbox_yml- - - name: "Start | Create list of config files"-   ansible.builtin.set_fact:-     config_files:-       - "accounts.yml"-       - "settings.yml"-       - "adv_settings.yml"-       - "backup_config.yml"-       - "providers.yml"-       - "hetzner_vlan.yml"-     traefik3_migration: "{{ true if (rclone.remotes is undefined) else false }}"- - - name: Start | Initialize vars with empty lists-   ansible.builtin.set_fact:-     files_updated_successfully: []-     files_updated_unsuccessfully: []-     exit_is_necessary: false- - - name: "Start | Check if 'settings-updater.log' exists"-   ansible.builtin.stat:-     path: "{{ playbook_dir }}/settings-updater.log"-   register: settings_updater_log- - - name: "Start | Reset ownership of 'settings-updater.log'"-   ansible.builtin.file:-     path: "{{ playbook_dir }}/settings-updater.log"-     state: file-     owner: "{{ saltbox_yml.stat.uid }}"-     group: "{{ saltbox_yml.stat.gid }}"-     mode: "0664"-   when: settings_updater_log.stat.exists

removed

roles/settings/tasks/subtasks/updater.yml

- #########################################################################- # Title:         Saltbox: Settings | Updater                            #- # Author(s):     desimaniac, l3uddz                                     #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: "Updater | Run 'settings-updater.py' for '{{ file }}'"-   ansible.builtin.script: "'roles/settings/files/settings-updater.py' '{{ playbook_dir }}' 'defaults/{{ file }}.default' '{{ file }}'"-   become: true-   become_user: "{{ saltbox_yml.stat.pw_name }}"-   register: settings_updater-   ignore_errors: true-   changed_when: false-   failed_when: (settings_updater.rc == 1)- - - name: Updater | Build 'files_updated_successfully' list-   ansible.builtin.set_fact:-     files_updated_successfully: "{{ files_updated_successfully + [file] }}"-   when: (settings_updater.rc == 2)- - - name: Updater | Build 'files_updated_unsuccessfully' list-   ansible.builtin.set_fact:-     files_updated_unsuccessfully: "{{ files_updated_unsuccessfully + [file] }}"-   when: (settings_updater.rc == 1)- - - name: Updater | Set 'exit_is_necessary' variable-   ansible.builtin.set_fact:-     exit_is_necessary: true-   when: (settings_updater.rc == 2)- - - name: Updater | Sort Keys-   ansible.builtin.shell: yyq -i 'sort_keys(..)' {{ playbook_dir }}/{{ file }}

removed

roles/sub_zero/defaults/main.yml

- ##########################################################################- # Title:         Saltbox: Plex Plugins / Sub-Zero | Default Variables    #- # Author(s):     desimaniac                                              #- # URL:           https://github.com/saltyorg/Saltbox                     #- # --                                                                     #- ##########################################################################- #                   GNU General Public License v3.0                      #- ##########################################################################- ---- ################################- # Paths- ################################- - plex_plugin_subzero_paths_location: "{{ plex_paths_plugins_location }}/Sub-Zero.bundle"- - plex_plugin_subzero_paths_info_plist_location: "{{ plex_plugin_subzero_paths_location }}/Contents/Info.plist"- - ################################- # Repository- ################################- - plex_plugin_subzero_release_url: "{{ svm }}https://api.github.com/repos/pannal/Sub-Zero.bundle/releases/latest"- - plex_plugin_subzero_download_url_backup: https://github.com/pannal/Sub-Zero.bundle/releases/download/2.6.5.3152/Sub-Zero.bundle-2.6.5.3152.zip

removed

roles/sub_zero/tasks/main.yml

- #########################################################################- # Title:         Saltbox: Plex Plugins / Sub-Zero                       #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Check if Plex instance is defined-   ansible.builtin.set_fact:-     plex_name: "{{ plex_name | default(plex_instances[0]) }}"- - - name: Check for previously installed Sub-Zero Plugin-   ansible.builtin.stat:-     path: "{{ plex_plugin_subzero_paths_info_plist_location }}"-   register: plex_plugin_subzero_bundle_status- - - name: Tasks for previously installed Sub-Zero Plugin-   when: plex_plugin_subzero_bundle_status.stat.exists-   block:-     - name: Set default value for 'plex_plugin_subzero_is_outdated' variable-       ansible.builtin.set_fact:-         plex_plugin_subzero_is_outdated: false- -     # https://stackoverflow.com/a/51109708/10975859-     - name: Check version of previously installed Sub-Zero-       community.general.xml:-         path: "{{ plex_plugin_subzero_paths_info_plist_location }}"-         xpath: /plist/dict/key[.='CFBundleVersion']/following-sibling::*[1]-         content: 'text'-       register: plex_plugin_subzero_info_plist_xmlresp_1- -     - name: Set 'plex_plugin_subzero_previously_installed_version' variable-       ansible.builtin.set_fact:-         plex_plugin_subzero_previously_installed_version: "{{ plex_plugin_subzero_info_plist_xmlresp_1.matches[0].string }}"- -     - name: Check latest available version for Sub-Zero-       ansible.builtin.shell: curl -s {{ plex_plugin_subzero_release_url }} | jq -r .tag_name-       register: plex_plugin_subzero_latest_version-       ignore_errors: true-       changed_when: false- -     - name: Compare installed Sub-Zero Plugin version with latest one-       ansible.builtin.set_fact:-         plex_plugin_subzero_is_outdated: "{{-             (plex_plugin_subzero_latest_version is failed) or-               ((plex_plugin_subzero_latest_version is success) and-               (plex_plugin_subzero_previously_installed_version is version(plex_plugin_subzero_latest_version.stdout, '<'))) }}"- - - name: Install Sub-Zero Plugin-   when: (not plex_plugin_subzero_bundle_status.stat.exists) or-         (plex_plugin_subzero_bundle_status.stat.exists and plex_plugin_subzero_is_outdated) or-         ('plex-plugin-sub-zero-reinstall' in ansible_run_tags) or ('plex-plugin-sub-zero' in ansible_run_tags)-   block:-     - name: Check to see if {{ plex_name | title }} is running-       when: ('plex-plugin-sub-zero' in ansible_run_tags) or ('plex-plugin-sub-zero-reinstall' in ansible_run_tags)-       block:-         - name: Gather list of running Docker containers-           ansible.builtin.shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' | xargs echo -n"-           register: docker_running_containers_list- -         - name: Set 'docker_running_containers_list' variable-           ansible.builtin.set_fact:-             docker_running_containers_list: "{{ (docker_running_containers_list.stdout).split() }}"- -         - name: "Stop {{ plex_name | title }} container"-           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"-           vars:-             var_prefix: "plex"-           when: (plex_docker_container in docker_running_containers_list)- -     - name: Remove outdated Sub-Zero Plugin-       ansible.builtin.file:-         path: "{{ plex_plugin_subzero_paths_location }}"-         state: absent- -     - name: Get latest Sub-Zero Plugin URL-       ansible.builtin.shell: |-         curl -s {{ plex_plugin_subzero_release_url }} \-           | jq -r ".assets[] | select(.name | test(\"Sub-Zero.bundle\")) | .browser_download_url"-       register: plex_plugin_subzero_download_url-       ignore_errors: true-       changed_when: false- -     - name: Set 'plex_plugin_subzero_download_url' variable-       ansible.builtin.set_fact:-         plex_plugin_subzero_download_url: "{{ plex_plugin_subzero_download_url.stdout | default(plex_plugin_subzero_download_url_backup, true) }}"- -     - name: "Create {{ plex_name | title }} 'plug-ins' directory"-       ansible.builtin.file:-         path: "{{ item }}"-         state: directory-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0775"-         recurse: true-       with_items:-         - "{{ plex_paths_plugins_location }}"- -     - name: Install Sub-Zero Plugin-       ansible.builtin.unarchive:-         src: "{{ plex_plugin_subzero_download_url }}"-         dest: "{{ plex_paths_plugins_location }}"-         copy: false-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0775"-         validate_certs: false-       register: plex_plugin_subzero_download_status-       ignore_errors: true- -     - name: Post-Successfull Sub-Zero Plugin Download-       when: (plex_plugin_subzero_download_status is success)-       block:-         - name: Check for newly installed Sub-Zero Plugin-           ansible.builtin.stat:-             path: "{{ plex_plugin_subzero_paths_info_plist_location }}"-           register: plex_plugin_subzero_info_plist_status- -         - name: Post-Successfull Sub-Zero Plugin Install-           when: plex_plugin_subzero_info_plist_status.stat.exists-           block:-             - name: Check version of newly installed Sub-Zero Plugin-               community.general.xml:-                 path: "{{ plex_plugin_subzero_paths_info_plist_location }}"-                 xpath: /plist/dict/key[.='CFBundleVersion']/following-sibling::*[1]-                 content: 'text'-               register: plex_plugin_subzero_info_plist_xmlresp_2- -             - name: Set 'subzero_newly_installed_version' variable-               ansible.builtin.set_fact:-                 plex_plugin_subzero_newly_installed_version: "{{ plex_plugin_subzero_info_plist_xmlresp_2.matches[0].string }}"- -             - name: Display Sub-Zero Plugin version-               ansible.builtin.debug:-                 msg: "Sub-Zero Plugin version {{ plex_plugin_subzero_newly_installed_version }} installed."- -     - name: Sub-Zero Plugin install failed-       ansible.builtin.debug:-         msg: "Sub-Zero Plugin install failed."-       when: (plex_plugin_subzero_download_status is failed) or-             ((plex_plugin_subzero_download_status is success) and (not plex_plugin_subzero_info_plist_status.stat.exists))- -     - name: "Start {{ plex_name | title }} container"-       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"-       vars:-         var_prefix: "plex"-       when: ('plex-plugin-sub-zero' in ansible_run_tags) or-             ('plex-plugin-sub-zero-reinstall' in ansible_run_tags) or-             (plex_docker_container in docker_running_containers_list)- - - name: Sub-Zero Plugin was not updated-   ansible.builtin.debug:-     msg: "Sub-Zero is already the latest version."-   when:-     - plex_plugin_subzero_bundle_status.stat.exists-     - (not plex_plugin_subzero_is_outdated)-     - ('plex-plugin-sub-zero-reinstall' not in ansible_run_tags)

removed

roles/webtools/defaults/main.yml

- ##########################################################################- # Title:         Saltbox: Plex Plugins / WebTools | Default Variables    #- # Author(s):     desimaniac                                              #- # URL:           https://github.com/saltyorg/Saltbox                     #- # --                                                                     #- ##########################################################################- #                   GNU General Public License v3.0                      #- ##########################################################################- ---- ################################- # Paths- ################################- - plex_plugin_webtools_paths_location: "{{ plex_paths_plugins_location }}/WebTools.bundle"- - plex_plugin_webtools_paths_version_location: "{{ plex_plugin_webtools_paths_location }}/VERSION"- - plex_plugin_webtools_paths_preferences_location: "{{ plex_paths_plugin_support_location }}/Preferences/com.plexapp.plugins.WebTools.xml"- - ################################- # Repository- ################################- - plex_plugin_webtools_release_url: "{{ svm }}https://api.github.com/repos/ukdtom/WebTools.bundle/releases/latest"- - plex_plugin_webtools_download_url_backup: https://github.com/ukdtom/WebTools.bundle/releases/download/3.0.0/WebTools.bundle.zip

removed

roles/webtools/tasks/main.yml

- #########################################################################- # Title:         Saltbox: Plex Plugins / WebTools                       #- # Author(s):     desimaniac                                             #- # URL:           https://github.com/saltyorg/Saltbox                    #- # --                                                                    #- #########################################################################- #                   GNU General Public License v3.0                     #- #########################################################################- ---- - name: Check if Plex instance is defined-   ansible.builtin.set_fact:-     plex_name: "{{ plex_name | default(plex_instances[0]) }}"- - - name: Check for previously installed WebTools Plugin-   ansible.builtin.stat:-     path: "{{ plex_plugin_webtools_paths_version_location }}"-   register: plex_plugin_webtools_bundle_status- - - name: Tasks for previously installed WebTools Plugin-   when: plex_plugin_webtools_bundle_status.stat.exists-   block:-     - name: Set default value for 'plex_plugin_webtools_is_outdated' variable-       ansible.builtin.set_fact:-         plex_plugin_webtools_is_outdated: false- -     - name: Check version of previously installed WebTools Plugin-       ansible.builtin.shell: cat '{{ plex_plugin_webtools_paths_version_location }}' |  head -n 1 | awk '{ print }'-       register: plex_plugin_webtools_previously_installed_version-       changed_when: false- -     - name: Set 'plex_plugin_webtools_previously_installed_version' variable-       ansible.builtin.set_fact:-         plex_plugin_webtools_previously_installed_version: "{{ plex_plugin_webtools_previously_installed_version.stdout }}"- -     - name: Check latest available version for WebTools-       ansible.builtin.shell: curl -s {{ plex_plugin_webtools_release_url }} | jq -r .tag_name-       register: plex_plugin_webtools_latest_version-       ignore_errors: true-       changed_when: false- -     - name: Compare installed WebTools Plugin version with latest one-       ansible.builtin.set_fact:-         plex_plugin_webtools_is_outdated: "{{-             (plex_plugin_webtools_latest_version is failed) or-               ((plex_plugin_webtools_latest_version is success) and-               (plex_plugin_webtools_previously_installed_version is version(plex_plugin_webtools_latest_version.stdout, '<', strict=True))) }}"- - - name: Install WebTools Plugin-   when: (not plex_plugin_webtools_bundle_status.stat.exists) or-         (plex_plugin_webtools_bundle_status.stat.exists and plex_plugin_webtools_is_outdated) or-         ('plex-plugin-webtools-reinstall' in ansible_run_tags)-   block:-     - name: Check to see if {{ plex_name | title }} is running-       when: ('plex-plugin-webtools' in ansible_run_tags) or ('plex-plugin-webtools-reinstall' in ansible_run_tags)-       block:-         - name: Gather list of running Docker containers-           ansible.builtin.shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' | xargs echo -n"-           register: docker_running_containers_list-           changed_when: false- -         - name: Set 'docker_running_containers_list' variable-           ansible.builtin.set_fact:-             docker_running_containers_list: "{{ (docker_running_containers_list.stdout).split() }}"- -         - name: Stop {{ plex_name | title }} container-           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"-           vars:-             var_prefix: "plex"- -           when: (plex_docker_container in docker_running_containers_list)- -     - name: Remove outdated WebTools Plugin-       ansible.builtin.file:-         path: "{{ plex_plugin_webtools_paths_location }}"-         state: absent- -     - name: Get latest WebTools Plugin URL-       ansible.builtin.shell: |-         curl -s {{ plex_plugin_webtools_release_url }} \-           | jq -r ".assets[] | select(.name | test(\"WebTools.bundle.zip\")) | .browser_download_url"-       register: plex_plugin_webtools_download_url-       ignore_errors: true-       changed_when: false- -     - name: Set 'plex_plugin_webtools_download_url' variable-       ansible.builtin.set_fact:-         plex_plugin_webtools_download_url: "{{ plex_plugin_webtools_download_url.stdout | default(plex_plugin_webtools_download_url_backup, true) }}"- -     - name: "Create {{ plex_name | title }} 'plug-ins' directory"-       ansible.builtin.file:-         path: "{{ item }}"-         state: directory-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0775"-         recurse: true-       with_items:-         - "{{ plex_paths_plugins_location }}"- -     - name: Install WebTools Plugin-       ansible.builtin.unarchive:-         src: "{{ plex_plugin_webtools_download_url }}"-         dest: "{{ plex_paths_plugins_location }}"-         copy: false-         owner: "{{ user.name }}"-         group: "{{ user.name }}"-         mode: "0775"-         validate_certs: false-       register: plex_plugin_webtools_download_status-       ignore_errors: true- -     - name: Post-Successfull WebTools Plugin Download-       when: (plex_plugin_webtools_download_status is success)-       block:-         - name: Check for newly installed WebTools Plugin-           ansible.builtin.stat:-             path: "{{ plex_plugin_webtools_paths_version_location }}"-           register: plex_plugin_webtools_version_status- -         - name: Post-Successfull WebTools Plugin Install-           when: plex_plugin_webtools_version_status.stat.exists-           block:-             - name: Check version of newly installed WebTools Plugin-               ansible.builtin.shell: cat '{{ plex_plugin_webtools_paths_version_location }}' |  head -n 1 | awk '{ print }'-               register: plex_plugin_webtools_newly_installed_version-               changed_when: false- -             - name: Set 'plex_plugin_webtools_previously_installed_version' variable-               ansible.builtin.set_fact:-                 plex_plugin_webtools_newly_installed_version: "{{ plex_plugin_webtools_newly_installed_version.stdout }}"- -             - name: Display WebTools Plugin version-               ansible.builtin.debug:-                 msg: "WebTools Plugin version {{ plex_plugin_webtools_newly_installed_version }} installed."- -     - name: WebTools Plugin install failed-       ansible.builtin.debug:-         msg: "WebTools Plugin install failed."-       when: (plex_plugin_webtools_download_status is failed) or-             ((plex_plugin_webtools_download_status is success) and (not plex_plugin_webtools_version_status.stat.exists))- -     - name: Start {{ plex_name | title }} container-       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"-       vars:-         var_prefix: "plex"-       when:-         - ('plex-plugin-webtools' in ansible_run_tags) or ('plex-plugin-webtools-reinstall' in ansible_run_tags)-         - (plex_docker_container in docker_running_containers_list)- - - name: WebTools Plugin was not updated-   ansible.builtin.debug:-     msg: "WebTools is already the latest version."-   when:-     - plex_plugin_webtools_bundle_status.stat.exists-     - (not plex_plugin_webtools_is_outdated)-     - ('plex-plugin-webtools-reinstall' not in ansible_run_tags)

removed

scripts/salty-linter.py

- import os- import sys- - def lint_ansible_defaults(content, file_path):-     errors = []-     lines = content.split('\n')-     -     multi_line_jinja_start = None-     within_multi_line_jinja = False- -     for line_no, line in enumerate(lines, start=1):-         stripped_line = line.strip()- -         if stripped_line == '---':-             continue- -         if '{{' in stripped_line and not within_multi_line_jinja:-             multi_line_jinja_start = line.find('{{')-             within_multi_line_jinja = '}}' not in stripped_line- -         elif within_multi_line_jinja:-             if 'if' in stripped_line or 'else' in stripped_line:-                 if line.find('if') < multi_line_jinja_start and line.find('else') < multi_line_jinja_start:-                     message = f"'if/else' within Jinja expression should align with the start."-                     errors.append((line_no, message))- -             if '}}' in stripped_line:-                 within_multi_line_jinja = False- -         if '}}' in stripped_line and within_multi_line_jinja:-             within_multi_line_jinja = False- -     for error in errors:-         line_no, message = error-         print(f"::warning file={file_path},line={line_no},endLine={line_no},title=Salty Lint Error::{message}")- -     return len(errors) > 0- - def crawl_and_lint_ansible_roles(roles_dir):-     errors_found = False- -     if not os.path.exists(roles_dir):-         print("Roles directory does not exist.")-         return- -     for role_name in os.listdir(roles_dir):-         defaults_main_path = os.path.join(roles_dir, role_name, "defaults", "main.yml")-         if os.path.isfile(defaults_main_path):-             with open(defaults_main_path, 'r') as file:-                 content = file.read()-                 if lint_ansible_defaults(content, defaults_main_path):-                     errors_found = True- -     sys.exit(1 if errors_found else 0)- - if len(sys.argv) < 2:-     print("Usage: python script.py /path/to/your/ansible/roles")-     sys.exit(1)- - roles_directory_path = sys.argv[1]- crawl_and_lint_ansible_roles(roles_directory_path)

modified

.ansible-lint

@@ -12,20 +12,17 @@ offline: false  skip_list:-  - braces-  - git-latest-  - no-changed-when-  - ignore-errors-  - risky-shell-pipe-  - package-latest-  - no-handler   - command-instead-of-module   - command-instead-of-shell-  - deprecated-command-syntax-  - yaml[line-length]-  - yaml[truthy]-  - schema[tasks]+  - ignore-errors+  - latest[git]   - name[casing]   - name[template]+  - no-changed-when+  - no-handler+  - package-latest+  - risky-shell-pipe+  - schema[playbook]+  - schema[tasks]   - var-naming[no-role-prefix]-  - schema[playbook]+  - yaml[line-length]

modified

.github/workflows/contributors.yml

@@ -8,7 +8,7 @@   add-contributors:     runs-on: ubuntu-24.04     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6        - uses: BobAnkh/add-contributors@master         with:

modified

.github/workflows/notify.yml

@@ -14,7 +14,7 @@     runs-on: ubuntu-24.04     if: github.event.repository.fork == false && (github.event.workflow_run.conclusion == 'success' || (github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt >= 3) || github.event.workflow_run.conclusion == 'cancelled')     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6        - name: Send notification         env:

modified

.github/workflows/requirements.yml

@@ -13,12 +13,12 @@     runs-on: ubuntu-24.04     steps:       - name: Checkout-        uses: actions/checkout@v5+        uses: actions/checkout@v6         with:           path: saltbox        - name: Checkout tools repo-        uses: actions/checkout@v5+        uses: actions/checkout@v6         with:           repository: saltyorg/sb           path: sb

modified

.github/workflows/retry.yml

@@ -30,13 +30,30 @@             echo "attempt_allowed=false" >> $GITHUB_OUTPUT           fi +      - name: Check for lint failures+        id: check_lint+        if: steps.check_attempts.outputs.attempt_allowed == 'true'+        env:+          GH_TOKEN: ${{ github.token }}+          GH_REPO: ${{ github.repository }}+        run: |+          failed_jobs=$(gh run view ${{ github.event.workflow_run.id }} --json jobs -q '.jobs[] | select(.conclusion == "failure") | .name')++          if echo "$failed_jobs" | grep -qE '^(ansible-lint|defaults-lint)$'; then+            echo "Lint job failed - skipping retry"+            echo "skip_retry=true" >> $GITHUB_OUTPUT+          else+            echo "No lint failures detected"+            echo "skip_retry=false" >> $GITHUB_OUTPUT+          fi+       - name: Sleep for 60 seconds-        if: steps.check_attempts.outputs.attempt_allowed == 'true'+        if: steps.check_attempts.outputs.attempt_allowed == 'true' && steps.check_lint.outputs.skip_retry != 'true'         run: sleep 60s         shell: bash        - name: rerun ${{ github.event.workflow_run.id }}-        if: steps.check_attempts.outputs.attempt_allowed == 'true'+        if: steps.check_attempts.outputs.attempt_allowed == 'true' && steps.check_lint.outputs.skip_retry != 'true'         env:           GH_REPO: ${{ github.repository }}           GH_TOKEN: ${{ github.token }}

modified

.github/workflows/saltbox-os.yml

@@ -8,11 +8,11 @@     if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')     runs-on: ubuntu-24.04     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6        - uses: actions/setup-python@v6         with:-          python-version: '3.13'+          python-version: '3.14'           cache: 'pip'           cache-dependency-path: 'requirements/requirements-saltbox.txt' @@ -23,60 +23,74 @@         working-directory: ${{ github.workspace }}         run: ansible-lint +  defaults-lint:+    if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')+    runs-on: ubuntu-24.04+    steps:+      - uses: actions/checkout@v6++      - uses: actions/setup-python@v6+        with:+          python-version: '3.14'++      - name: Run Defaults Linter+        run: python3 scripts/saltbox-defaults-linter.py roles/+   find-roles:     if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')     runs-on: ubuntu-24.04     outputs:       matrix: ${{ steps.set-matrix.outputs.matrix }}     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6       - id: set-matrix         run: |-          ROLES=$(awk '/# Core/{flag=1;next}/# Apps End/{flag=0}flag' saltbox.yml | awk '!/#/' | awk -F'[][]' '{print $2}' | tr '\n' ',' | sed 's/,*$//' | awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' | awk '{ gsub(/ /,""); print }'| sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' | sed "s/.\(roles\|common\|hetzner\|kernel\|motd\|mounts\|nvidia\|nvidia-purge\|preinstall\|rclone\|scripts\|shell\|system\|traefik\|traefik-reset-certs\|user\|cloudflare\|plex-db\|arr-db\|ddns\|cloudplow\|cloudplow-reset\|btrfsmaintenance\|download-clients\|download-indexers\|media-server\|python\|yyq\|crowdsec\).,//g")-          echo "matrix={\"roles\":[$ROLES],\"os\":[\"20.04\",\"22.04\",\"24.04\"]}" >> $GITHUB_OUTPUT+          ROLES=$(awk '/# Core/{flag=1;next}/# Apps End/{flag=0}flag' saltbox.yml | awk '!/#/' | awk -F'[][]' '{print $2}' | tr '\n' ',' | sed 's/,*$//' | awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' | awk '{ gsub(/ /,""); print }'| sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' | sed "s/.\(roles\|common\|hetzner\|kernel\|motd\|mounts\|nvidia\|nvidia-purge\|preinstall\|rclone\|scripts\|shell\|system\|traefik\|traefik-reset-certs\|user\|cloudflare\|plex-db\|arr-db\|ddns\|cloudplow\|cloudplow-reset\|btrfsmaintenance\|download-clients\|download-indexers\|media-server\|python\|yyq\|crowdsec\|postgres-host\).,//g")+          echo "matrix={\"roles\":[$ROLES],\"os\":[\"22.04\",\"24.04\"]}" >> $GITHUB_OUTPUT    install:     name: '${{ matrix.roles }}-${{ matrix.os }}'     runs-on: ubuntu-${{ matrix.os }}-    needs: [ansible-lint, find-roles]+    needs: [ansible-lint, defaults-lint, find-roles]     strategy:       matrix: ${{ fromJson(needs.find-roles.outputs.matrix) }}       fail-fast: false     steps:-      - uses: actions/checkout@v5--      - name: Create Directories-        run: sudo mkdir -p /srv/ansible /srv/git/sb--      - name: Copy requirements.txt-        run: sudo cp ./requirements/requirements-saltbox.txt /srv/git/sb/requirements-saltbox.txt--      - name: Chown /srv/git-        run: sudo chown -R runner:runner /srv/git+      - uses: actions/checkout@v6        - name: Tune GitHub-hosted runner network         run: sudo ethtool -K eth0 tx off rx off        - name: Print pip dependencies-        run: cat /srv/git/sb/requirements-saltbox.txt+        run: cat ./requirements/requirements-saltbox.txt -      - name: Install Dependencies-        run: curl https://raw.githubusercontent.com/saltyorg/sb/master/sb_dep.sh --output sb_dep.sh && sudo bash sb_dep.sh -v && /srv/ansible/venv/bin/ansible --version+      - name: Install sb binary+        uses: jaxxstorm/action-install-gh-release@v2.1.0+        with:+          repo: saltyorg/sb-go+          tag: latest+          extension-matching: disable+          platform: linux+          arch: amd64+          rename-to: sb+          chmod: "0755" -      - name: Symlink cloned repository to /srv/git/saltbox-        run: sudo ln -s $GITHUB_WORKSPACE /srv/git/saltbox+      - name: Check sb version+        run: |+          sudo mv /opt/hostedtoolcache/saltyorg/sb-go/latest/linux-amd64/sb /usr/local/bin/sb+          /usr/local/bin/sb version -      - name: Install saltbox.fact-        run: |-          mkdir -p $GITHUB_WORKSPACE/ansible_facts.d-          curl -fsSL https://github.com/saltyorg/ansible-facts/releases/latest/download/saltbox-facts -o $GITHUB_WORKSPACE/ansible_facts.d/saltbox.fact-          chmod +x $GITHUB_WORKSPACE/ansible_facts.d/saltbox.fact+      - name: Create Directories+        run: sudo mkdir -p /srv/git        - name: Chown /srv/git         run: sudo chown -R runner:runner /srv/git -      - name: Import default configuration-        run: for i in defaults/*; do cp -n $i "$(basename "${i%.*}")"; done+      - name: Symlink cloned repository to /srv/git/saltbox+        run: ln -s $GITHUB_WORKSPACE /srv/git/saltbox++      - name: Install Dependencies+        run: /usr/local/bin/sb gha && /srv/ansible/venv/bin/ansible --version        - name: Edit accounts.yml         run: sed -i 's/seed/runner/g' accounts.yml@@ -90,6 +104,8 @@       - name: Create basic vars file         run: |           echo "continuous_integration: true" > vars.yml+          echo "server_appdata_path: /opt2" >> vars.yml+          sudo mkdir -p /opt2        - name: Add Docker Hub info to vars file         if: github.repository == 'saltyorg/Saltbox' && github.event.repository.fork == false@@ -98,9 +114,59 @@           echo "  token: ${{ secrets.DOCKERHUB_TOKEN }}" >> vars.yml           echo "  user: ${{ secrets.DOCKERHUB_USERNAME }}" >> vars.yml +      - name: Install Saltbox Preinstall+        run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "preinstall" --skip-tags "settings" --extra-vars "@vars.yml"++      - name: Run saltbox.fact+        run: /srv/git/saltbox/ansible_facts.d/saltbox.fact+       - name: Install Saltbox Core         run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "core" --skip-tags "settings" --extra-vars "@vars.yml"         if: ${{ !(contains(matrix.roles, 'saltbox') || contains(matrix.roles, 'feederbox') || contains(matrix.roles, 'mediabox') || contains(matrix.roles, 'core')) }}        - name: Install ${{ matrix.roles }}         run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "${{ matrix.roles }}" --skip-tags "settings" --extra-vars "@vars.yml"++      - name: Run Tree on app data folder+        run: sudo tree -aug /opt2++      - name: Inspect all Docker containers+        run: |+          echo "=== Inspecting all Docker containers ==="++          # Get list of all containers (running and stopped)+          ALL_CONTAINERS=$(docker ps -a -q)++          if [ -z "$ALL_CONTAINERS" ]; then+            echo "No containers found on this system"+            exit 0+          fi++          echo "Found containers: $ALL_CONTAINERS"+          echo ""++          # Loop through each container and inspect it+          for container_id in $ALL_CONTAINERS; do+            echo "========================================="+            echo "Inspecting container: $container_id"+            echo "========================================="++            # Get container name and status for better readability+            CONTAINER_NAME=$(docker inspect --format='{{.Name}}' $container_id | sed 's/^\///')+            CONTAINER_STATUS=$(docker inspect --format='{{.State.Status}}' $container_id)++            echo "Container Name: $CONTAINER_NAME"+            echo "Container Status: $CONTAINER_STATUS"+            echo ""+            echo "Full inspection details:"+            echo "----------------------------------------"++            # Print full inspection details+            docker inspect $container_id++            echo ""+            echo "========================================="+            echo ""+          done++          echo "=== Container inspection completed ==="

modified

.github/workflows/saltbox.yml

@@ -40,11 +40,11 @@     if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')     runs-on: ubuntu-24.04     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6        - uses: actions/setup-python@v6         with:-          python-version: '3.13'+          python-version: '3.14'           cache: 'pip'           cache-dependency-path: 'requirements/requirements-saltbox.txt' @@ -55,58 +55,72 @@         working-directory: ${{ github.workspace }}         run: ansible-lint +  defaults-lint:+    if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')+    runs-on: ubuntu-24.04+    steps:+      - uses: actions/checkout@v6++      - uses: actions/setup-python@v6+        with:+          python-version: '3.14'++      - name: Run Defaults Linter+        run: python3 scripts/saltbox-defaults-linter.py roles/+   find-roles:     if: github.event_name == 'pull_request' || !(github.event_name == 'push' && github.actor == 'renovate[bot]')     runs-on: ubuntu-24.04     outputs:       matrix: ${{ steps.set-matrix.outputs.matrix }}     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6       - id: set-matrix-        run: echo "matrix={\"roles\":[$(awk '/# Core/{flag=1;next}/# Apps End/{flag=0}flag' saltbox.yml | awk '!/#/' | awk -F'[][]' '{print $2}' | tr '\n' ',' | sed 's/,*$//' | awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' | awk '{ gsub(/ /,""); print }'| sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' | sed "s/.\(roles\|common\|hetzner\|kernel\|motd\|motd-generate-config\|mounts\|nvidia\|nvidia-purge\|preinstall\|rclone\|scripts\|shell\|system\|traefik\|traefik-reset-certs\|user\|cloudflare\|plex-db\|arr-db\|ddns\|cloudplow\|cloudplow-reset\|btrfsmaintenance\|download-clients\|download-indexers\|media-server\|python\|yyq\|crowdsec\).,//g")]}" >> $GITHUB_OUTPUT+        run: echo "matrix={\"roles\":[$(awk '/# Core/{flag=1;next}/# Apps End/{flag=0}flag' saltbox.yml | awk '!/#/' | awk -F'[][]' '{print $2}' | tr '\n' ',' | sed 's/,*$//' | awk -F',' '{ for( i=1; i<=NF; i++ ) print $i }' | awk '{ gsub(/ /,""); print }'| sort -u | awk -vORS=, '{ print $1 }' | sed 's/,$/\n/' | sed "s/.\(roles\|common\|docker\|hetzner\|kernel\|motd\|motd-generate-config\|mounts\|nvidia\|nvidia-purge\|preinstall\|rclone\|scripts\|shell\|system\|traefik\|traefik-reset-certs\|user\|cloudflare\|plex-db\|arr-db\|ddns\|cloudplow\|cloudplow-reset\|btrfsmaintenance\|download-clients\|download-indexers\|media-server\|python\|yyq\|crowdsec\|postgres-host\).,//g")]}" >> $GITHUB_OUTPUT    install:     name: '${{ matrix.roles }}'     runs-on: ubuntu-24.04-    needs: [ansible-lint, find-roles]+    needs: [ansible-lint, defaults-lint, find-roles]     strategy:       matrix: ${{ fromJson(needs.find-roles.outputs.matrix) }}       fail-fast: false     steps:-      - uses: actions/checkout@v5+      - uses: actions/checkout@v6++      - name: Tune GitHub-hosted runner network+        run: sudo ethtool -K eth0 tx off rx off++      - name: Print pip dependencies+        run: cat ./requirements/requirements-saltbox.txt++      - name: Install sb binary+        uses: jaxxstorm/action-install-gh-release@v2.1.0+        with:+          repo: saltyorg/sb-go+          tag: latest+          extension-matching: disable+          platform: linux+          arch: amd64+          rename-to: sb+          chmod: "0755"++      - name: Check sb version+        run: |+          sudo mv /opt/hostedtoolcache/saltyorg/sb-go/latest/linux-amd64/sb /usr/local/bin/sb+          /usr/local/bin/sb version        - name: Create Directories-        run: sudo mkdir -p /srv/ansible /srv/git/sb--      - name: Copy requirements.txt-        run: sudo cp ./requirements/requirements-saltbox.txt /srv/git/sb/requirements-saltbox.txt+        run: sudo mkdir -p /srv/git        - name: Chown /srv/git         run: sudo chown -R runner:runner /srv/git -      - name: Tune GitHub-hosted runner network-        run: sudo ethtool -K eth0 tx off rx off--      - name: Print pip dependencies-        run: cat /srv/git/sb/requirements-saltbox.txt+      - name: Symlink cloned repository to /srv/git/saltbox+        run: ln -s $GITHUB_WORKSPACE /srv/git/saltbox        - name: Install Dependencies-        run: curl https://raw.githubusercontent.com/saltyorg/sb/master/sb_dep.sh --output sb_dep.sh && sudo bash sb_dep.sh -v && /srv/ansible/venv/bin/ansible --version--      - name: Symlink cloned repository to /srv/git/saltbox-        run: sudo ln -s $GITHUB_WORKSPACE /srv/git/saltbox--      - name: Install saltbox.fact-        run: |-          mkdir -p $GITHUB_WORKSPACE/ansible_facts.d-          curl -fsSL https://github.com/saltyorg/ansible-facts/releases/latest/download/saltbox-facts -o $GITHUB_WORKSPACE/ansible_facts.d/saltbox.fact-          chmod +x $GITHUB_WORKSPACE/ansible_facts.d/saltbox.fact--      - name: Chown /srv/git-        run: sudo chown -R runner:runner /srv/git--      - name: Import default configuration-        run: for i in defaults/*; do cp -n $i "$(basename "${i%.*}")"; done+        run: /usr/local/bin/sb gha && /srv/ansible/venv/bin/ansible --version        - name: Edit accounts.yml         run: sed -i 's/seed/runner/g' accounts.yml@@ -120,6 +134,8 @@       - name: Create basic vars file         run: |           echo "continuous_integration: true" > vars.yml+          echo "server_appdata_path: /opt2" >> vars.yml+          sudo mkdir -p /opt2        - name: Add Docker Hub info to vars file         if: github.repository == 'saltyorg/Saltbox' && github.event.repository.fork == false@@ -128,9 +144,59 @@           echo "  token: ${{ secrets.DOCKERHUB_TOKEN }}" >> vars.yml           echo "  user: ${{ secrets.DOCKERHUB_USERNAME }}" >> vars.yml +      - name: Install Saltbox Preinstall+        run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "preinstall" --skip-tags "settings" --extra-vars "@vars.yml"++      - name: Run saltbox.fact+        run: /srv/git/saltbox/ansible_facts.d/saltbox.fact+       - name: Install Saltbox Core         run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "core" --skip-tags "settings" --extra-vars "@vars.yml"         if: ${{ !(contains(matrix.roles, 'saltbox') || contains(matrix.roles, 'feederbox') || contains(matrix.roles, 'mediabox') || contains(matrix.roles, 'core')) }}        - name: Install ${{ matrix.roles }}         run: sudo /srv/ansible/venv/bin/ansible-playbook saltbox.yml --tags "${{ matrix.roles }}" --skip-tags "settings" --extra-vars "@vars.yml"++      - name: Run Tree on app data folder+        run: sudo tree -aug /opt2++      - name: Inspect all Docker containers+        run: |+          echo "=== Inspecting all Docker containers ==="++          # Get list of all containers (running and stopped)+          ALL_CONTAINERS=$(docker ps -a -q)++          if [ -z "$ALL_CONTAINERS" ]; then+            echo "No containers found on this system"+            exit 0+          fi++          echo "Found containers: $ALL_CONTAINERS"+          echo ""++          # Loop through each container and inspect it+          for container_id in $ALL_CONTAINERS; do+            echo "========================================="+            echo "Inspecting container: $container_id"+            echo "========================================="++            # Get container name and status for better readability+            CONTAINER_NAME=$(docker inspect --format='{{.Name}}' $container_id | sed 's/^\///')+            CONTAINER_STATUS=$(docker inspect --format='{{.State.Status}}' $container_id)++            echo "Container Name: $CONTAINER_NAME"+            echo "Container Status: $CONTAINER_STATUS"+            echo ""+            echo "Full inspection details:"+            echo "----------------------------------------"++            # Print full inspection details+            docker inspect $container_id++            echo ""+            echo "========================================="+            echo ""+          done++          echo "=== Container inspection completed ==="

modified

.gitignore

@@ -3,6 +3,13 @@  ### Python ### *.pyc+*.py[cod]+*$py.class+/__pycache__/+/library/__pycache__/+/scripts/__pycache__/+/lookup_plugins/__pycache__/+/filter_plugins/__pycache__/  ### Ansible ### /backup.lock@@ -34,4 +41,5 @@ /.idea /*.log /*.log.*-.vscode/settings.json+.vscode/+.claude/

modified

README.md

@@ -32,7 +32,6 @@ - Lidarr - Rclone - SABnzbd-- ruTorrent - Tautulli - NZBHydra2 - Jackett@@ -101,19 +100,63 @@         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/jonathanfinley>+            <img src=https://avatars.githubusercontent.com/u/23283167?v=4 width="100;"  alt=jonathanfinley/>+            <br />+            <sub style="font-size:14px"><b>jonathanfinley</b></sub>+        </a>+    </td>+</tr>+<tr>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">         <a href=https://github.com/chazlarson>             <img src=https://avatars.githubusercontent.com/u/3865541?v=4 width="100;"  alt=Chaz Larson/>             <br />             <sub style="font-size:14px"><b>Chaz Larson</b></sub>         </a>     </td>-</tr>-<tr>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/jonathanfinley>-            <img src=https://avatars.githubusercontent.com/u/23283167?v=4 width="100;"  alt=jonathanfinley/>-            <br />-            <sub style="font-size:14px"><b>jonathanfinley</b></sub>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/RXWatcher>+            <img src=https://avatars.githubusercontent.com/u/14085001?v=4 width="100;"  alt=RXWatcher/>+            <br />+            <sub style="font-size:14px"><b>RXWatcher</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/JigSawFr>+            <img src=https://avatars.githubusercontent.com/u/5781907?v=4 width="100;"  alt=JigSaw/>+            <br />+            <sub style="font-size:14px"><b>JigSaw</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/andrewkhunn>+            <img src=https://avatars.githubusercontent.com/u/116436?v=4 width="100;"  alt=Andrew Hunn/>+            <br />+            <sub style="font-size:14px"><b>Andrew Hunn</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/BeansIsFat>+            <img src=https://avatars.githubusercontent.com/u/24848012?v=4 width="100;"  alt=Beans Baxter/>+            <br />+            <sub style="font-size:14px"><b>Beans Baxter</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/maximuskowalski>+            <img src=https://avatars.githubusercontent.com/u/13492750?v=4 width="100;"  alt=Max Kowalski/>+            <br />+            <sub style="font-size:14px"><b>Max Kowalski</b></sub>+        </a>+    </td>+</tr>+<tr>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/TABLE272>+            <img src=https://avatars.githubusercontent.com/u/11992630?v=4 width="100;"  alt=TABLE272/>+            <br />+            <sub style="font-size:14px"><b>TABLE272</b></sub>         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">@@ -124,54 +167,17 @@         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/kbgvirus>-            <img src=https://avatars.githubusercontent.com/u/20810766?v=4 width="100;"  alt=Alon Nitzan/>-            <br />-            <sub style="font-size:14px"><b>Alon Nitzan</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/RXWatcher>-            <img src=https://avatars.githubusercontent.com/u/14085001?v=4 width="100;"  alt=RXWatcher/>-            <br />-            <sub style="font-size:14px"><b>RXWatcher</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/JigSawFr>-            <img src=https://avatars.githubusercontent.com/u/5781907?v=4 width="100;"  alt=JigSaw/>-            <br />-            <sub style="font-size:14px"><b>JigSaw</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/BeansIsFat>-            <img src=https://avatars.githubusercontent.com/u/24848012?v=4 width="100;"  alt=Beans Baxter/>-            <br />-            <sub style="font-size:14px"><b>Beans Baxter</b></sub>-        </a>-    </td>-</tr>-<tr>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/TABLE272>-            <img src=https://avatars.githubusercontent.com/u/11992630?v=4 width="100;"  alt=TABLE272/>-            <br />-            <sub style="font-size:14px"><b>TABLE272</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/maximuskowalski>-            <img src=https://avatars.githubusercontent.com/u/13492750?v=4 width="100;"  alt=Max Kowalski/>-            <br />-            <sub style="font-size:14px"><b>Max Kowalski</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/andrewkhunn>-            <img src=https://avatars.githubusercontent.com/u/116436?v=4 width="100;"  alt=Andrew Hunn/>-            <br />-            <sub style="font-size:14px"><b>Andrew Hunn</b></sub>+        <a href=https://github.com/lonix>+            <img src=https://avatars.githubusercontent.com/u/2330355?v=4 width="100;"  alt=Stian Buch Larsen/>+            <br />+            <sub style="font-size:14px"><b>Stian Buch Larsen</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/Migz93>+            <img src=https://avatars.githubusercontent.com/u/33037112?v=4 width="100;"  alt=Migz93/>+            <br />+            <sub style="font-size:14px"><b>Migz93</b></sub>         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">@@ -182,28 +188,14 @@         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/Migz93>-            <img src=https://avatars.githubusercontent.com/u/33037112?v=4 width="100;"  alt=Migz93/>-            <br />-            <sub style="font-size:14px"><b>Migz93</b></sub>-        </a>-    </td>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">-        <a href=https://github.com/lonix>-            <img src=https://avatars.githubusercontent.com/u/2330355?v=4 width="100;"  alt=Stian Buch Larsen/>-            <br />-            <sub style="font-size:14px"><b>Stian Buch Larsen</b></sub>-        </a>-    </td>-</tr>-<tr>-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">         <a href=https://github.com/Aethenn>             <img src=https://avatars.githubusercontent.com/u/58144688?v=4 width="100;"  alt=Aethenn/>             <br />             <sub style="font-size:14px"><b>Aethenn</b></sub>         </a>     </td>+</tr>+<tr>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">         <a href=https://github.com/horjulf>             <img src=https://avatars.githubusercontent.com/u/6215635?v=4 width="100;"  alt=Filipe/>@@ -226,6 +218,13 @@         </a>     </td>     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">+        <a href=https://github.com/bobaiep>+            <img src=https://avatars.githubusercontent.com/u/5251385?v=4 width="100;"  alt=Boba/>+            <br />+            <sub style="font-size:14px"><b>Boba</b></sub>+        </a>+    </td>+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">         <a href=https://github.com/patricksindelka>             <img src=https://avatars.githubusercontent.com/u/9056550?v=4 width="100;"  alt=Patrick Sindelka/>             <br />

modified

ansible.cfg

@@ -2,6 +2,7 @@ inventory = ./inventories/local roles_path = roles:resources/roles filter_plugins = ./filter_plugins+lookup_plugins = ./lookup_plugins library = ./library log_path = ./saltbox.log callbacks_enabled = profile_tasks

modified

filter_plugins/rclone_filters.py

@@ -1,4 +1,6 @@ def filter_rclone_remote_name(item):+    # 'name' is an optional field in settings.yml, only used when template is 'nfs'.+    # If not provided, falls back to extracting the name from the remote string.     if 'settings' in item and 'name' in item['settings'] and item['settings']['template'] == 'nfs':         return item['settings']['name']     else:

modified

inventories/group_vars/all.yml

@@ -22,6 +22,12 @@ resources_path: "/srv/git/saltbox/resources"  ################################+# Role Variables+################################++role_var_role: "{{ role_var_override if role_var_override is defined else None }}"++################################ # Continuous Integration ################################ @@ -43,7 +49,7 @@  cloudflare_records_enabled: "{{ cloudflare_is_enabled }}" -plex_account_lookup: "{{ '/opt/saltbox/plex.ini' | check_plex_ini(plex_instances[0]) }}"+plex_account_lookup: "{{ (server_appdata_path + '/saltbox/plex.ini') | check_plex_ini(plex_instances[0]) }}"  plex_account_is_enabled: "{{ plex_account_lookup.exists and                              (plex_account_lookup.identifier | length > 0) and@@ -83,12 +89,12 @@                                   (rclone.remote is not none) and                                   (rclone.remote | trim | length > 0) }}" +rclone_mounts_ipv4_only: "{{ mounts.ipv4_only | bool }}"+ use_cloudplow: "{{ rclone_remote_is_defined and use_remote }}"- use_remote: "{{ (rclone.enabled | bool) and not continuous_integration }}"- use_motd: "{{ motd_install | bool }}"-+use_intel: "{{ gpu.intel | bool }}" use_nvidia: "{{ nvidia_enabled | bool }}"  ################################@@ -96,8 +102,8 @@ ################################  server_root_path: "/"- server_appdata_path: "{{ server_root_path | regex_replace('\\/$', '') + '/opt' }}"+server_local_folder_path: "/mnt/local"  ################################ # Paths@@ -119,20 +125,24 @@ # User ################################ -uid: "{{ ansible_local.saltbox.users[user.name].uid }}"-gid: "{{ ansible_local.saltbox.users[user.name].gid }}"-vgid: "{{ ansible_local.saltbox.groups.video.gid }}"-rgid: "{{ ansible_local.saltbox.groups.render.gid }}"-dockergid: "{{ ansible_local.saltbox.groups.docker.gid }}"+uid: "{{ ansible_facts['ansible_local']['saltbox']['users'][user.name]['uid'] }}"+gid: "{{ ansible_facts['ansible_local']['saltbox']['users'][user.name]['gid'] }}"+vgid: "{{ ansible_facts['ansible_local']['saltbox']['groups']['video']['gid'] }}"+rgid: "{{ ansible_facts['ansible_local']['saltbox']['groups']['render']['gid'] }}"+dockergid: "{{ ansible_facts['ansible_local']['saltbox']['groups']['docker']['gid'] }}"  ################################ # Timezone ################################  tz: "{{ system.timezone-     if system is defined and system.timezone is defined and 'auto' not in system.timezone | lower-     else ansible_local.saltbox.timezone.timezone-          if ansible_local is defined and ansible_local.saltbox.timezone is defined and ansible_local.saltbox.timezone.timezone is defined and ansible_local.saltbox.timezone.timezone | trim | length > 0+     if (system is defined) and (system.timezone is defined) and ('auto' not in system.timezone | lower)+     else ansible_facts['ansible_local']['saltbox']['timezone']['timezone']+          if (ansible_facts['ansible_local'])+             and (ansible_facts['ansible_local']['saltbox'] is defined)+             and (ansible_facts['ansible_local']['saltbox']['timezone'] is defined)+             and (ansible_facts['ansible_local']['saltbox']['timezone']['timezone'] is defined)+             and (ansible_facts['ansible_local']['saltbox']['timezone']['timezone'] | trim | length > 0)           else 'Etc/UTC' }}"  ################################@@ -141,12 +151,16 @@  ip_address_host: "0.0.0.0" ip_address_localhost: "127.0.0.1"-ip_address_public: "{{ ansible_local.saltbox.ip.public_ip }}"-ip_address_public_is_valid: "{{ false if ansible_local.saltbox.ip.failed_ipv4 else true }}"-ip_address_public_error: "{{ ansible_local.saltbox.ip.error_ipv4 }}"-ipv6_address_public: "{{ ansible_local.saltbox.ip.public_ipv6 }}"-ipv6_address_public_is_valid: "{{ false if ansible_local.saltbox.ip.failed_ipv6 else true }}"-ipv6_address_public_error: "{{ ansible_local.saltbox.ip.error_ipv6 }}"+ip_address_public: "{{ ansible_facts['ansible_local']['saltbox']['ip']['public_ip'] }}"+ip_address_public_is_valid: "{{ false+                             if ansible_facts['ansible_local']['saltbox']['ip']['failed_ipv4']+                             else true }}"+ip_address_public_error: "{{ ansible_facts['ansible_local']['saltbox']['ip']['error_ipv4'] }}"+ipv6_address_public: "{{ ansible_facts['ansible_local']['saltbox']['ip']['public_ipv6'] }}"+ipv6_address_public_is_valid: "{{ false+                               if ansible_facts['ansible_local']['saltbox']['ip']['failed_ipv6']+                               else true }}"+ipv6_address_public_error: "{{ ansible_facts['ansible_local']['saltbox']['ip']['error_ipv6'] }}"  ################################ # Theme@@ -191,37 +205,39 @@ traefik_default_certresolver: "{{ traefik_default_certprovider                                if (not (traefik_http | bool))                                else (traefik_default_resolver if not zerossl_is_enabled else traefik_default_zerossl_resolver) }}"+traefik_role_wildcard_enabled: "{{ lookup('role_var', '_traefik_wildcard_enabled', role=role_var_role, default=(not traefik_http)) | bool }}"+  traefik_error_pages_enabled: "{{ traefik.error_pages | bool }}"-traefik_error_pages_role_enabled: "{{ lookup('vars', traefik_role_var + '_traefik_error_pages_enabled', default=lookup('vars', role_name + '_traefik_error_pages_enabled', default=false)) | bool }}"-traefik_error_pages_middleware: "{{ 'error-pages-middleware@docker,'-                                 if traefik_error_pages_enabled and traefik_error_pages_role_enabled+traefik_error_pages_role_enabled: "{{ lookup('role_var', '_traefik_error_pages_enabled', role=role_var_role, default=false) | bool }}"+traefik_error_pages_middleware: "{{ 'error-pages-middleware@docker'+                                 if (traefik_error_pages_enabled and traefik_error_pages_role_enabled)                                  else '' }}"  traefik_default_robot: true traefik_default_gzip: false traefik_default_autodetect: false-traefik_default_cloudflarewarp: "{{ lookup('vars', traefik_role_var + '_dns_proxy', default=lookup('vars', role_name + '_dns_proxy', default=dns.proxied)) and cloudflare_is_enabled and traefik_plugin_cloudflarewarp_enabled }}"+traefik_default_cloudflarewarp: "{{ lookup('role_var', '_dns_proxy', role=role_var_role, default=dns_proxied) and cloudflare_is_enabled and traefik_plugin_cloudflarewarp_enabled }}"  traefik_default_middleware_default: "{{ traefik_error_pages_middleware                                         + 'globalHeaders@file,secureHeaders@file'                                         + (',autodetect@docker'-                                          if (lookup('vars', traefik_role_var + '_traefik_autodetect_enabled', default=lookup('vars', role_name + '_traefik_autodetect_enabled', default=traefik_default_autodetect)) | bool)+                                          if (lookup('role_var', '_traefik_autodetect_enabled', role=role_var_role, default=traefik_default_autodetect) | bool)                                           else '')                                         + (',gzip@docker'-                                          if (lookup('vars', traefik_role_var + '_traefik_gzip_enabled', default=lookup('vars', role_name + '_traefik_gzip_enabled', default=traefik_default_gzip)) | bool)+                                          if (lookup('role_var', '_traefik_gzip_enabled', role=role_var_role, default=traefik_default_gzip) | bool)                                           else '')                                         + (',robotHeaders@file'-                                          if (lookup('vars', traefik_role_var + '_traefik_robot_enabled', default=lookup('vars', role_name + '_traefik_robot_enabled', default=traefik_default_robot)) | bool)+                                          if (lookup('role_var', '_traefik_robot_enabled', role=role_var_role, default=traefik_default_robot) | bool)                                           else '')                                         + (',hsts@file'                                           if (traefik.hsts | bool)                                           else '')                                         + (',cloudflarewarp@docker'-                                          if (traefik_default_cloudflarewarp | bool)+                                          if traefik_default_cloudflarewarp                                           else '')                                         + (',crowdsec@docker'-                                          if (lookup('vars', traefik_role_var + '_traefik_crowdsec_enabled', default=lookup('vars', role_name + '_traefik_crowdsec_enabled', default=crowdsec_is_enabled)))+                                          if (lookup('role_var', '_traefik_crowdsec_enabled', role=role_var_role, default=crowdsec_is_enabled))                                           else '')                                         + (',' if (traefik_role_middleware_sso | length > 0)                                                else '')@@ -232,71 +248,80 @@                                   if (not traefik_default_middleware_custom.startswith(',') and traefik_default_middleware_custom | length > 0)                                   else traefik_default_middleware_custom) }}" -traefik_role_middleware_sso: "{{ lookup('vars', traefik_role_var + '_traefik_sso_middleware', default=lookup('vars', role_name + '_traefik_sso_middleware', default='')) }}"-traefik_role_middleware_default: "{{ lookup('vars', traefik_role_var + '_traefik_middleware_default', default=lookup('vars', role_name + '_traefik_middleware_default', default='')) }}"-traefik_role_middleware_custom: "{{ lookup('vars', traefik_role_var + '_traefik_middleware_custom', default=lookup('vars', role_name + '_traefik_middleware_custom', default='')) }}"+traefik_role_middleware_sso: "{{ lookup('role_var', '_traefik_sso_middleware', role=role_var_role, default='') }}"+traefik_role_middleware_default: "{{ lookup('role_var', '_traefik_middleware_default', role=role_var_role, default='') }}"+traefik_role_middleware_custom: "{{ lookup('role_var', '_traefik_middleware_custom', role=role_var_role, default='') }}"  traefik_middleware: "{{ traefik_role_middleware_default                         + (',' + traefik_role_middleware_custom                           if (not traefik_role_middleware_custom.startswith(',') and traefik_role_middleware_custom | length > 0)                           else traefik_role_middleware_custom) }}" -traefik_default_middleware_default_http: "{{ traefik_error_pages_middleware }}globalHeaders@file,redirect-to-https@docker"+traefik_default_middleware_default_http:+  - "{{ traefik_error_pages_middleware }}"+  - "globalHeaders@file"+  - "{{ (''+     if (lookup('role_var', '_traefik_middleware_http_insecure', role=role_var_role, default=false) | bool)+     else 'redirect-to-https@docker') }}" traefik_default_middleware_custom_http: ""-traefik_default_middleware_http: "{{ traefik_default_middleware_default_http+traefik_default_middleware_http: "{{ (traefik_default_middleware_default_http | select() | join(','))                                      + (',' + traefik_default_middleware_custom_http                                        if (not traefik_default_middleware_custom_http.startswith(',') and traefik_default_middleware_custom_http | length > 0)                                        else traefik_default_middleware_custom_http)                                      + (',autodetect@docker'-                                       if (lookup('vars', traefik_role_var + '_traefik_autodetect_enabled', default=lookup('vars', role_name + '_traefik_autodetect_enabled', default=traefik_default_autodetect)) | bool)+                                       if (lookup('role_var', '_traefik_autodetect_enabled', role=role_var_role, default=traefik_default_autodetect) | bool)                                        else '')                                      + (',gzip@docker'-                                       if (lookup('vars', traefik_role_var + '_traefik_gzip_enabled', default=lookup('vars', role_name + '_traefik_gzip_enabled', default=traefik_default_gzip)) | bool)+                                       if (lookup('role_var', '_traefik_gzip_enabled', role=role_var_role, default=traefik_default_gzip) | bool)                                        else '')                                      + (',robotHeaders@file'-                                       if (lookup('vars', traefik_role_var + '_traefik_robot_enabled', default=lookup('vars', role_name + '_traefik_robot_enabled', default=traefik_default_robot)) | bool)+                                       if (lookup('role_var', '_traefik_robot_enabled', role=role_var_role, default=traefik_default_robot) | bool)                                        else '')                                      + (',cloudflarewarp@docker'                                        if (traefik_default_cloudflarewarp | bool)                                        else '')                                      + (',crowdsec@docker'-                                       if (lookup('vars', traefik_role_var + '_traefik_crowdsec_enabled', default=lookup('vars', role_name + '_traefik_crowdsec_enabled', default=crowdsec_is_enabled)) | bool)+                                       if (lookup('role_var', '_traefik_crowdsec_enabled', role=role_var_role, default=crowdsec_is_enabled) | bool)                                        else '')                                      + (',' if (traefik_role_middleware_sso | length > 0)                                        else '')                                      + traefik_role_middleware_sso }}" -traefik_default_middleware_default_http_api: "globalHeaders@file,redirect-to-https@docker"+traefik_default_middleware_default_http_api:+  - "globalHeaders@file"+  - "{{ (''+     if (lookup('role_var', '_traefik_middleware_http_api_insecure', role=role_var_role, default=false) | bool)+     else 'redirect-to-https@docker') }}" traefik_default_middleware_custom_http_api: ""-traefik_default_middleware_http_api: "{{ traefik_default_middleware_default_http_api+traefik_default_middleware_http_api: "{{ (traefik_default_middleware_default_http_api | select() | join(','))                                          + (',' + traefik_default_middleware_custom_http_api                                            if (not traefik_default_middleware_custom_http_api.startswith(',') and traefik_default_middleware_custom_http_api | length > 0)                                            else traefik_default_middleware_custom_http_api)                                          + (',autodetect@docker'-                                           if (lookup('vars', traefik_role_var + '_traefik_autodetect_enabled', default=lookup('vars', role_name + '_traefik_autodetect_enabled', default=traefik_default_autodetect)) | bool)+                                           if (lookup('role_var', '_traefik_autodetect_enabled', role=role_var_role, default=traefik_default_autodetect) | bool)                                            else '')                                          + (',gzip@docker'-                                           if (lookup('vars', traefik_role_var + '_traefik_gzip_enabled', default=lookup('vars', role_name + '_traefik_gzip_enabled', default=traefik_default_gzip)) | bool)+                                           if (lookup('role_var', '_traefik_gzip_enabled', role=role_var_role, default=traefik_default_gzip) | bool)                                            else '')                                           + (',robotHeaders@file'-                                           if (lookup('vars', traefik_role_var + '_traefik_robot_enabled', default=lookup('vars', role_name + '_traefik_robot_enabled', default=traefik_default_robot)) | bool)+                                           if (lookup('role_var', '_traefik_robot_enabled', role=role_var_role, default=traefik_default_robot) | bool)                                            else '')                                          + (',cloudflarewarp@docker'                                            if (traefik_default_cloudflarewarp | bool)                                            else '')                                          + (',crowdsec@docker'-                                           if (lookup('vars', traefik_role_var + '_traefik_crowdsec_enabled', default=lookup('vars', role_name + '_traefik_crowdsec_enabled', default=crowdsec_is_enabled)) | bool)+                                           if (lookup('role_var', '_traefik_crowdsec_enabled', role=role_var_role, default=crowdsec_is_enabled) | bool)                                            else '') }}"  traefik_default_middleware_default_api: "{{ 'globalHeaders@file,secureHeaders@file'                                             + (',autodetect@docker'-                                              if (lookup('vars', traefik_role_var + '_traefik_autodetect_enabled', default=lookup('vars', role_name + '_traefik_autodetect_enabled', default=traefik_default_autodetect)) | bool)+                                              if (lookup('role_var', '_traefik_autodetect_enabled', role=role_var_role, default=traefik_default_autodetect) | bool)                                               else '')                                             + (',gzip@docker'-                                              if (lookup('vars', traefik_role_var + '_traefik_gzip_enabled', default=lookup('vars', role_name + '_traefik_gzip_enabled', default=traefik_default_gzip)) | bool)+                                              if (lookup('role_var', '_traefik_gzip_enabled', role=role_var_role, default=traefik_default_gzip) | bool)                                               else '')                                             + (',robotHeaders@file'-                                              if (lookup('vars', traefik_role_var + '_traefik_robot_enabled', default=lookup('vars', role_name + '_traefik_robot_enabled', default=traefik_default_robot)) | bool)+                                              if (lookup('role_var', '_traefik_robot_enabled', role=role_var_role, default=traefik_default_robot) | bool)                                               else '')                                             + (',hsts@file'                                               if (traefik.hsts | bool)@@ -305,7 +330,7 @@                                               if (traefik_default_cloudflarewarp | bool)                                               else '')                                             + (',crowdsec@docker'-                                              if (lookup('vars', traefik_role_var + '_traefik_crowdsec_enabled', default=lookup('vars', role_name + '_traefik_crowdsec_enabled', default=crowdsec_is_enabled)) | bool)+                                              if (lookup('role_var', '_traefik_crowdsec_enabled', role=role_var_role, default=crowdsec_is_enabled) | bool)                                               else '') }}" traefik_default_middleware_custom_api: "" traefik_default_middleware_api: "{{ traefik_default_middleware_default_api@@ -315,52 +340,52 @@  traefik_default_sso_middleware: "authelia@docker" -traefik_role_enabled: "{{ lookup('vars', traefik_role_var + '_traefik_enabled', default=lookup('vars', role_name + '_traefik_enabled', default=false)) | bool }}"-traefik_role_api_enabled: "{{ lookup('vars', traefik_role_var + '_traefik_api_enabled', default=lookup('vars', role_name + '_traefik_api_enabled', default=false)) | bool }}"+traefik_role_enabled: "{{ lookup('role_var', '_traefik_enabled', role=role_var_role, default=false) | bool }}"+traefik_role_api_enabled: "{{ lookup('role_var', '_traefik_api_enabled', role=role_var_role, default=false) | bool }}"  traefik_http: "{{ false                if ((traefik_challenge_provider != 'cloudflare') or cloudflare_is_enabled)                else true }}" -traefik_subdomain: "{{ lookup('vars', traefik_role_var + '_web_subdomain', default=lookup('vars', role_name + '_web_subdomain', default=omit)) }}"-traefik_domain: "{{ lookup('vars', traefik_role_var + '_web_domain', default=lookup('vars', role_name + '_web_domain', default=omit)) }}"+traefik_subdomain: "{{ lookup('role_var', '_web_subdomain', role=role_var_role, default=omit) }}"+traefik_domain: "{{ lookup('role_var', '_web_domain', role=role_var_role, default=omit) }}" traefik_router: "{{ lookup('vars', traefik_role_var + '_name', default=lookup('vars', role_name + '_name', default=omit)) }}" -traefik_loadbalancer_port: "{{ lookup('vars', traefik_role_var + '_web_port', default=lookup('vars', role_name + '_web_port', default=omit)) }}"-traefik_loadbalancer_scheme: "{{ lookup('vars', traefik_role_var + '_web_scheme', default=lookup('vars', role_name + '_web_scheme', default=omit)) }}"+traefik_loadbalancer_port: "{{ lookup('role_var', '_web_port', role=role_var_role, default=omit) }}"+traefik_loadbalancer_scheme: "{{ lookup('role_var', '_web_scheme', role=role_var_role, default=omit) }}"  traefik_host: "{{ traefik_subdomain + '.' + traefik_domain                if (traefik_subdomain | length > 0)                else traefik_domain }}" -traefik_host_override_lookup: "{{ lookup('vars', traefik_role_var + '_web_host_override', default=lookup('vars', role_name + '_web_host_override', default='')) }}"-traefik_fqdn_override_lookup: "{{ lookup('vars', traefik_role_var + '_web_fqdn_override', default=lookup('vars', role_name + '_web_fqdn_override', default='')) }}"+traefik_host_override_lookup: "{{ lookup('role_var', '_web_host_override', role=role_var_role, default='') }}"+traefik_fqdn_override_lookup: "{{ lookup('role_var', '_web_fqdn_override', role=role_var_role, default=[]) }}" traefik_host_template: "{{ traefik_host | traefik_host_rule(traefik_host_override_lookup, traefik_fqdn_override_lookup) }}" -traefik_entrypoint_web_default: "{{ 'web' if not (lookup('vars', traefik_role_var + '_traefik_tailscale_enabled', default=false) | bool) else 'tailscale-web' }}"-traefik_entrypoint_web: "{{ lookup('vars', traefik_role_var + '_traefik_entrypoint_web', default=traefik_entrypoint_web_default) }}"-traefik_entrypoint_websecure_default: "{{ 'websecure' if not (lookup('vars', traefik_role_var + '_traefik_tailscale_enabled', default=false) | bool) else 'tailscale-websecure' }}"-traefik_entrypoint_websecure: "{{ lookup('vars', traefik_role_var + '_traefik_entrypoint_websecure', default=traefik_entrypoint_websecure_default) }}"+traefik_entrypoint_tailscale_default: false+traefik_entrypoint_web_default: "{{ 'web' if not (lookup('role_var', '_traefik_tailscale_enabled', role=role_var_role, default=traefik_entrypoint_tailscale_default) | bool) else 'tailscale-web' }}"+traefik_entrypoint_web: "{{ lookup('role_var', '_traefik_entrypoint_web', role=role_var_role, default=traefik_entrypoint_web_default) }}"+traefik_entrypoint_websecure_default: "{{ 'websecure' if not (lookup('role_var', '_traefik_tailscale_enabled', role=role_var_role, default=traefik_entrypoint_tailscale_default) | bool) else 'tailscale-websecure' }}"+traefik_entrypoint_websecure: "{{ lookup('role_var', '_traefik_entrypoint_websecure', role=role_var_role, default=traefik_entrypoint_websecure_default) }}"  traefik_url: "{{ 'https://'-                 + (lookup('vars', traefik_role_var + '_web_subdomain', default=lookup('vars', role_name + '_web_subdomain', default='')) + '.'-                 + lookup('vars', traefik_role_var + '_web_domain', default=lookup('vars', role_name + '_web_domain', default=''))-              if (lookup('vars', traefik_role_var + '_web_subdomain', default=lookup('vars', role_name + '_web_subdomain', default='')) | length > 0)-              else lookup('vars', traefik_role_var + '_web_domain', default=lookup('vars', role_name + '_web_domain', default=''))) }}"--traefik_themepark_labels:-  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.app": "{{ lookup("vars", traefik_role_var + "_themepark_app", default=role_name) }}" }'-  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.theme": "{{ lookup("vars", traefik_role_var + "_themepark_theme", default=lookup("vars", role_name + "_themepark_theme", default="")) }}" }'-  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.addons": "{{ (lookup("vars", traefik_role_var + "_themepark_addons", default=lookup("vars", role_name + "_themepark_addons", default="")) | join(","))-                                                                                           if lookup("vars", traefik_role_var + "_themepark_addons", default=lookup("vars", role_name + "_themepark_addons", default="")) | length > 0+                 + ((lookup('role_var', '_web_subdomain', role=role_var_role, default='') + '.'+                 + lookup('role_var', '_web_domain', role=role_var_role, default=''))+              if (lookup('role_var', '_web_subdomain', role=role_var_role, default='') | length > 0)+              else lookup('role_var', '_web_domain', role=role_var_role, default='')) }}"++traefik_themepark_labels_tmp:+  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.app": "{{ lookup("role_var", "_themepark_app", role=role_var_role, default=role_name) }}" }'+  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.theme": "{{ lookup("role_var", "_themepark_theme", role=role_var_role, default="") }}" }'+  - '{ "traefik.http.middlewares.themepark-{{ traefik_router }}.plugin.themepark.addons": "{{ (lookup("role_var", "_themepark_addons", role=role_var_role, default="") | join(","))+                                                                                           if lookup("role_var", "_themepark_addons", role=role_var_role, default="") | length > 0                                                                                            else omit }}" }' +traefik_themepark_labels: "{{ traefik_themepark_labels_tmp | map('from_json') | combine | dict2items | rejectattr('value', 'equalto', '') | items2dict }}"+ ################################ # Docker ################################--# Toggles pruning of dangling images after container creation.-docker_create_image_prune: true  docker_volumes_downloads_nzbs: "{{ [downloads_usenet_path + ':/downloads/nzbs']                                 if nzbs_downloads_path_is_defined@@ -378,87 +403,111 @@   - "/mnt:/mnt:rslave"  docker_volumes_common: "{{ docker_volumes_common_folders + docker_volumes_downloads_common-                        if (lookup('vars', traefik_role_var + '_docker_volumes_download', default=true) | bool)+                        if (lookup('role_var', '_docker_volumes_download', role=role_var_role, default=true) | bool)                         else docker_volumes_common_folders }}"  docker_hosts_common: {}  docker_labels_docker_depends_on_template:-  com.github.saltbox.depends_on: "{{ lookup('vars', traefik_role_var + '_depends_on', default=lookup('vars', role_name + '_depends_on', default=docker_container_network_mode_lookup))+  com.github.saltbox.depends_on: "{{ lookup('role_var', '_depends_on', role=role_var_role, default=docker_container_network_mode_lookup)                                   if docker_container_network_mode-                                  else lookup('vars', traefik_role_var + '_depends_on', default=lookup('vars', role_name + '_depends_on')) }}"+                                  else lookup('role_var', '_depends_on', role=role_var_role) }}"  docker_labels_docker_depends_on_delay_template:-  com.github.saltbox.depends_on.delay: "{{ lookup('vars', traefik_role_var + '_depends_on_delay', default=lookup('vars', role_name + '_depends_on_delay', default='0'))+  com.github.saltbox.depends_on.delay: "{{ lookup('role_var', '_depends_on_delay', role=role_var_role, default='0')                                         if docker_container_network_mode-                                        else lookup('vars', traefik_role_var + '_depends_on_delay', default=lookup('vars', role_name + '_depends_on_delay')) }}"+                                        else lookup('role_var', '_depends_on_delay', role=role_var_role) }}"  docker_labels_docker_depends_on_healthchecks_template:-  com.github.saltbox.depends_on.healthchecks: "{{ lookup('vars', traefik_role_var + '_depends_on_healthchecks', default=lookup('vars', role_name + '_depends_on_healthchecks', default='true'))+  com.github.saltbox.depends_on.healthchecks: "{{ lookup('role_var', '_depends_on_healthchecks', role=role_var_role, default='true')                                                if docker_container_network_mode-                                               else lookup('vars', traefik_role_var + '_depends_on_healthchecks', default=lookup('vars', role_name + '_depends_on_healthchecks')) }}"+                                               else lookup('role_var', '_depends_on_healthchecks', role=role_var_role) }}"++docker_labels_diun_enabled: true+docker_labels_autoheal_enabled: true+docker_labels_autoheal_timeout: "10"  docker_labels_diun_template:   diun.enable: "true"  docker_labels_autoheal_template:   autoheal: "true"-  autoheal.stop.timeout: "{{ lookup('vars', role_name + '_docker_stop_timeout', default='10') }}"+  autoheal.stop.timeout: "{{ lookup('role_var', '_docker_stop_timeout', role=role_var_role, default=docker_labels_autoheal_timeout) }}"  docker_labels_custom_common: {}  docker_labels_saltbox_tmp:   - com.github.saltbox.saltbox_managed: "true"-  - "{{ docker_labels_diun_template if (lookup('vars', role_name + '_diun_enabled', default=true) | bool) else omit }}"-  - "{{ docker_labels_autoheal_template if (lookup('vars', role_name + '_autoheal_enabled', default=true) | bool) else omit }}"-  - "{{ docker_labels_docker_depends_on_template if ((lookup('vars', role_name + '_depends_on', default='') | length > 0) or docker_container_network_mode) else omit }}"-  - "{{ docker_labels_docker_depends_on_delay_template if ((lookup('vars', role_name + '_depends_on_delay', default='') | length > 0) or docker_container_network_mode) else omit }}"-  - "{{ docker_labels_docker_depends_on_healthchecks_template if ((lookup('vars', role_name + '_depends_on_healthchecks', default='') | length > 0) or docker_container_network_mode) else omit }}"+  - com.github.saltbox.saltbox_controller: "{{ 'true' if (lookup('role_var', '_docker_controller', role=role_var_role, default=true) | bool) else 'false' }}"+  - "{{ docker_labels_diun_template if (lookup('role_var', '_diun_enabled', role=role_var_role, default=docker_labels_diun_enabled) | bool) else omit }}"+  - "{{ docker_labels_autoheal_template if (lookup('role_var', '_autoheal_enabled', role=role_var_role, default=docker_labels_autoheal_enabled) | bool) else omit }}"+  - "{{ docker_labels_docker_depends_on_template if ((lookup('role_var', '_depends_on', role=role_var_role, default='') | length > 0) or docker_container_network_mode) else omit }}"+  - "{{ docker_labels_docker_depends_on_delay_template if ((lookup('role_var', '_depends_on_delay', role=role_var_role, default='') | length > 0) or docker_container_network_mode) else omit }}"+  - "{{ docker_labels_docker_depends_on_healthchecks_template if ((lookup('role_var', '_depends_on_healthchecks', role=role_var_role, default='') | length > 0) or docker_container_network_mode) else omit }}"   - "{{ docker_labels_custom_common }}" -docker_container_network_mode: "{{ 'container:' in lookup('vars', traefik_role_var + '_docker_network_mode', default=lookup('vars', role_name + '_docker_network_mode', default=docker_networks_name_common)) }}"-docker_container_network_mode_lookup: "{{ lookup('vars', traefik_role_var + '_docker_network_mode', default=lookup('vars', role_name + '_docker_network_mode', default=docker_networks_name_common)) | split(':') | last }}"--docker_labels_saltbox: "{{ docker_labels_saltbox_tmp | reject('equalto', omit) | list }}"+docker_labels_wildcard_template:+  - '{ "traefik.http.routers.{{ traefik_router }}.tls.domains[0].main": "{{ traefik_domain }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}.tls.domains[0].sans": "{{ "*." + traefik_domain }}" }'+docker_labels_wildcard_dict: "{{ (docker_labels_wildcard_template | map('from_json') | combine) if traefik_role_wildcard_enabled else {} }}"++docker_labels_wildcard_api_template:+  - '{ "traefik.http.routers.{{ traefik_router }}-api.tls.domains[0].main": "{{ traefik_domain }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api.tls.domains[0].sans": "{{ "*." + traefik_domain }}" }'+docker_labels_wildcard_api_dict: "{{ (docker_labels_wildcard_api_template | map('from_json') | combine) if traefik_role_wildcard_enabled else {} }}"++docker_container_network_mode: "{{ 'container:' in lookup('role_var', '_docker_network_mode', role=role_var_role, default=docker_networks_name_common) }}"+docker_container_network_mode_lookup: "{{ lookup('role_var', '_docker_network_mode', role=role_var_role, default=docker_networks_name_common) | split(':') | last }}"++docker_labels_saltbox: "{{ docker_labels_saltbox_tmp | flatten | select('mapping') | combine }}"  docker_labels_traefik_main:-  - traefik.enable: "true"+  - '{ "traefik.enable": "true" }'   - '{ "traefik.http.routers.{{ traefik_router }}-http.entrypoints": "{{ traefik_entrypoint_web }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-http.service": "{{ traefik_router }}-http" }'   - '{ "traefik.http.routers.{{ traefik_router }}-http.rule": "{{ traefik_host_template }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-http.priority": "20" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-http.middlewares": "{{ lookup("vars", traefik_role_var + "_traefik_middleware_http", default=lookup("vars", role_name + "_traefik_middleware_http", default=traefik_default_middleware_http)) }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-http.middlewares": "{{ lookup("role_var", "_traefik_middleware_http", role=role_var_role, default=traefik_default_middleware_http) }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}.entrypoints": "{{ traefik_entrypoint_websecure }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}.service": "{{ traefik_router }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}.rule": "{{ traefik_host_template }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}.priority": "{{ lookup("vars", traefik_role_var + "_traefik_priority", default=lookup("vars", role_name + "_traefik_priority", default="20")) }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}.tls.certresolver": "{{ lookup("vars", traefik_role_var + "_traefik_certresolver", default=lookup("vars", role_name + "_traefik_certresolver", default=traefik_default_certresolver)) }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}.priority": "{{ lookup("role_var", "_traefik_priority", role=role_var_role, default="20") }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}.tls.certresolver": "{{ lookup("role_var", "_traefik_certresolver", role=role_var_role, default=traefik_default_certresolver) }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}.tls.options": "securetls@file" }'   - '{ "traefik.http.routers.{{ traefik_router }}.middlewares": "{{ traefik_middleware }}" }'-  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.server.port": "{{ lookup("vars", traefik_role_var + "_web_http_port", default=lookup("vars", role_name + "_web_http_port", default=traefik_loadbalancer_port)) }}" }'-  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.server.scheme": "{{ lookup("vars", traefik_role_var + "_web_http_scheme", default=lookup("vars", role_name + "_web_http_scheme", default=traefik_loadbalancer_scheme)) }}" }'-  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.serverstransport": "{{ lookup("vars", traefik_role_var + "_web_http_serverstransport", default=lookup("vars", role_name + "_web_http_serverstransport", default=omit)) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.server.port": "{{ lookup("role_var", "_web_http_port", role=role_var_role, default=traefik_loadbalancer_port) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.server.scheme": "{{ lookup("role_var", "_web_http_scheme", role=role_var_role, default=traefik_loadbalancer_scheme) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-http.loadbalancer.serverstransport": "{{ lookup("role_var", "_web_http_serverstransport", role=role_var_role, default=omit) }}" }'   - '{ "traefik.http.services.{{ traefik_router }}.loadbalancer.server.port": "{{ traefik_loadbalancer_port }}" }'   - '{ "traefik.http.services.{{ traefik_router }}.loadbalancer.server.scheme": "{{ traefik_loadbalancer_scheme }}" }'-  - '{ "traefik.http.services.{{ traefik_router }}.loadbalancer.serverstransport": "{{ lookup("vars", traefik_role_var + "_web_serverstransport", default=lookup("vars", role_name + "_web_serverstransport", default=omit)) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}.loadbalancer.serverstransport": "{{ lookup("role_var", "_web_serverstransport", role=role_var_role, default=omit) }}" }'  docker_labels_traefik_api:   - '{ "traefik.http.routers.{{ traefik_router }}-api-http.entrypoints": "{{ traefik_entrypoint_web }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.service": "{{ traefik_router }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.rule": "{{ traefik_host_template }} && ({{ lookup("vars", traefik_role_var + "_traefik_api_endpoint", default=lookup("vars", role_name + "_traefik_api_endpoint", default=omit)) }})" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.service": "{{ traefik_router }}-api-http" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.rule": "{{ traefik_host_template }} && ({{ lookup("role_var", "_traefik_api_endpoint", role=role_var_role, default=omit) }})" }'   - '{ "traefik.http.routers.{{ traefik_router }}-api-http.priority": "30" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.middlewares": "{{ lookup("vars", traefik_role_var + "_traefik_api_middleware_http", default=lookup("vars", role_name + "_traefik_api_middleware_http", default=traefik_default_middleware_http_api)) }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api-http.middlewares": "{{ lookup("role_var", "_traefik_api_middleware_http", role=role_var_role, default=traefik_default_middleware_http_api) }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-api.entrypoints": "{{ traefik_entrypoint_websecure }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api.service": "{{ traefik_router }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api.rule": "{{ traefik_host_template }} && ({{ lookup("vars", traefik_role_var + "_traefik_api_endpoint", default=lookup("vars", role_name + "_traefik_api_endpoint", default=omit)) }})" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api.service": "{{ traefik_router }}-api" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api.rule": "{{ traefik_host_template }} && ({{ lookup("role_var", "_traefik_api_endpoint", role=role_var_role, default=omit) }})" }'   - '{ "traefik.http.routers.{{ traefik_router }}-api.priority": "30" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api.tls.certresolver": "{{ lookup("vars", traefik_role_var + "_traefik_certresolver", default=lookup("vars", role_name + "_traefik_certresolver", default=traefik_default_certresolver)) }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-api.tls.certresolver": "{{ lookup("role_var", "_traefik_certresolver", role=role_var_role, default=traefik_default_certresolver) }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-api.tls.options": "securetls@file" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-api.middlewares": "{{ lookup("vars", traefik_role_var + "_traefik_api_middleware", default=lookup("vars", role_name + "_traefik_api_middleware", default=traefik_default_middleware_api)) }}" }'--docker_labels_traefik: "{{ docker_labels_traefik_main | combine(docker_labels_traefik_api)+  - '{ "traefik.http.routers.{{ traefik_router }}-api.middlewares": "{{ lookup("role_var", "_traefik_api_middleware", role=role_var_role, default=traefik_default_middleware_api) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api-http.loadbalancer.server.port": "{{ lookup("role_var", "_web_api_http_port", role=role_var_role, default=lookup("role_var", "_web_api_port", role=role_var_role, default=traefik_loadbalancer_port)) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api-http.loadbalancer.server.scheme": "{{ lookup("role_var", "_web_api_http_scheme", role=role_var_role, default=lookup("role_var", "_web_api_scheme", role=role_var_role, default=traefik_loadbalancer_scheme)) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api-http.loadbalancer.serverstransport": "{{ lookup("role_var", "_web_api_http_serverstransport", role=role_var_role, default=omit) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api.loadbalancer.server.port": "{{ lookup("role_var", "_web_api_port", role=role_var_role, default=traefik_loadbalancer_port) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api.loadbalancer.server.scheme": "{{ lookup("role_var", "_web_api_scheme", role=role_var_role, default=traefik_loadbalancer_scheme) }}" }'+  - '{ "traefik.http.services.{{ traefik_router }}-api.loadbalancer.serverstransport": "{{ lookup("role_var", "_web_api_serverstransport", role=role_var_role, default=omit) }}" }'++docker_labels_traefik_main_dict: "{{ docker_labels_traefik_main | map('from_json') | combine | dict2items | rejectattr('value', 'equalto', '') | items2dict }}"+docker_labels_traefik_api_dict: "{{ docker_labels_traefik_api | map('from_json') | combine | dict2items | rejectattr('value', 'equalto', '') | items2dict }}"++docker_labels_traefik: "{{ (docker_labels_traefik_main_dict | combine(docker_labels_traefik_api_dict, docker_labels_wildcard_dict, docker_labels_wildcard_api_dict)                         if traefik_role_api_enabled-                        else docker_labels_traefik_main }}"+                        else docker_labels_traefik_main_dict) | combine(docker_labels_wildcard_dict) }}"  docker_labels_common: "{{ docker_labels_saltbox | combine(docker_labels_traefik)                        if traefik_role_enabled@@ -466,8 +515,8 @@  docker_networks_name_common: saltbox -docker_networks_alias_template: "{{ (lookup('vars', role_name + '_docker_networks_alias') | split(' '))-                                    + (lookup('vars', lookup('vars', role_name + '_name', default=role_name) + '_docker_networks_alias_custom', default=[])) }}"+docker_networks_alias_template: "{{ [lookup('role_var', '_docker_networks_alias', role=role_var_role)]+                                    + lookup('role_var', '_docker_networks_alias_custom', role=role_var_role, default=[]) }}"  docker_networks_common:   - name: "{{ docker_networks_name_common }}"@@ -486,14 +535,14 @@ docker_log_driver_json: "json-file"  docker_log_driver: "{{ docker_log_driver_json-                    if docker.json_driver+                    if (docker.json_driver | bool)                     else 'default' }}"  docker_log_options_json:   tag: "{% raw %}'{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}'{% endraw %}" # noqa jinja[spacing]  docker_log_options: "{{ docker_log_options_json-                     if docker.json_driver+                     if (docker.json_driver | bool)                      else 'default' }}"  docker_network_container_health_delay: 5@@ -511,8 +560,11 @@ ################################  reboot_is_necessary: false-skip_dns: "{{ not (dns.ipv4 or dns.ipv6) }}"-role_dns_enabled: "{{ lookup('vars', role_name + '_dns_enabled', default=true) | bool }}"+dns_proxied: "{{ dns.proxied | bool }}"+skip_dns: "{{ not (dns_ipv4_enabled or dns_ipv6_enabled) }}"+role_dns_enabled: "{{ lookup('role_var', '_dns_enabled', role=role_var_role, default=true) | bool }}"+dns_ipv4_enabled: "{{ dns.ipv4 | bool }}"+dns_ipv6_enabled: "{{ dns.ipv6 | bool }}" docker_legacy_volume: false ansible_retry_count: "2" ansible_retry_count_ci: "5"@@ -524,15 +576,22 @@ backup_rclone_transfers: 4 backup_rclone_drive_chunk_size: 128M backup_rclone_dropbox_chunk_size: 128M+backup_local_enabled: "{{ backup.local.enable | bool }}"+backup_rclone_enabled: "{{ backup.rclone.enable | bool }}"+backup_rsync_enabled: "{{ backup.rsync.enable | bool }}"+backup_snapshot_enabled: "{{ backup.misc.snapshot | bool }}"  reverse_proxy_apps:   - traefik -torrent_apps:-  - deluge-  - delugevpn-  - qbittorrent-  - qbittorrentvpn-  - rutorrent-  - transmission-  - transmissionvpn+torrent_apps_saltbox:+  - "{{ deluge_instances | default('deluge') }}"+  - "{{ qbittorrent_instances | default('qbittorrent') }}"++torrent_apps_sandbox:+  - "{{ delugevpn_name | default('delugevpn') }}"+  - "{{ qbittorrentvpn_instances | default('qbittorrentvpn') }}"+  - "{{ transmission_instances | default('transmission') }}"+  - "{{ transmissionvpn_name | default('transmissionvpn') }}"++torrent_apps: "{{ (torrent_apps_saltbox + torrent_apps_sandbox) | flatten | unique | sort }}"

modified

library/find_open_port.py

@@ -1,15 +1,13 @@-#!/usr/bin/python+# -*- coding: utf-8 -*- -from ansible.module_utils.basic import AnsibleModule-import subprocess-import json+from __future__ import annotations  DOCUMENTATION = """ --- module: find_open_port-short_description: Find an available port in a given range description:     - "This module finds an available port between a low and high bound."+author: salty options:     low_bound:         description:@@ -34,8 +32,23 @@     protocol: tcp """ -def find_port(module, low_bound, high_bound, protocol):+RETURN = """+meta:+    description: Result metadata including the selected port.+    type: dict+    returned: success+    sample: {"port": 5432}+"""++from ansible.module_utils.basic import AnsibleModule+import subprocess++def find_port(module: AnsibleModule, low_bound: int, high_bound: int, protocol: str) -> tuple[bool, dict[str, object]]:     try:+        if low_bound < 1:+            module.fail_json(msg="Low bound must be at least 1")+        if high_bound > 65535:+            module.fail_json(msg="High bound must be at most 65535")         if high_bound <= low_bound:             module.fail_json(msg="High bound must be higher than low bound") @@ -46,14 +59,23 @@         if protocol == 'tcp':             cmd = "ss -Htan"             awk_cmd = "awk '{print $4}'"+            state_filter = "grep LISTEN"         elif protocol == 'udp':             cmd = "ss -Huan"             awk_cmd = "awk '{print $4}'"+            state_filter = ""         else:  # both             cmd = "ss -Htuan"             awk_cmd = "awk '{print $5}'"+            state_filter = "grep -E '^(udp|tcp +LISTEN)'" -        cmd += " | grep LISTEN | " + awk_cmd + " | grep -Eo '[0-9]+$' | sort -u"+        cmd_parts = [cmd]+        if state_filter:+            cmd_parts.append(state_filter)+        cmd_parts.append(awk_cmd)+        cmd_parts.append("grep -Eo '[0-9]+$'")+        cmd_parts.append("sort -u")+        cmd = " | ".join(cmd_parts)          # Run command to get ports in use         ports_in_use = subprocess.check_output(cmd, shell=True)@@ -67,12 +89,14 @@             candidate = min(available_ports)             return False, {"port": candidate}         else:-            return False, {"msg": "No available port found in the specified range"}+            return True, {"msg": "No available port found in the specified range"} -    except Exception as e:-        module.fail_json(msg=str(e))+    except subprocess.CalledProcessError as e:+        module.fail_json(msg=f"Failed to execute ss command: {e}")+    except ValueError as e:+        module.fail_json(msg=f"Failed to parse port numbers: {e}") -def main():+def main() -> None:     module = AnsibleModule(         argument_spec=dict(             low_bound=dict(type='int', required=True),

modified

library/migrate_folder.py

@@ -1,14 +1,10 @@-#!/usr/bin/python- # -*- coding: utf-8 -*- -from __future__ import absolute_import, division, print_function-__metaclass__ = type--DOCUMENTATION = r'''+from __future__ import annotations++DOCUMENTATION = """ --- module: migrate_folder-short_description: Migrate a directory from one location to another description:     - Ensures a directory exists at the new location, migrating from old location if needed.     - If the legacy path exists, it is moved to the new path.@@ -17,6 +13,7 @@     - Errors if both old and new locations exist to prevent potential data merging issues or loss.     - Errors if the legacy path exists but is not a directory.     - Errors if the new path exists but is not a directory.+author: salty options:     legacy_path:         description: Old directory path to migrate from.@@ -52,11 +49,9 @@         required: false         type: bool         default: false-author:-    - Salty-'''--EXAMPLES = r'''+"""++EXAMPLES = """ - name: Migrate error pages directory with recursive ownership   migrate_folder:     legacy_path: /opt/error_pages@@ -65,9 +60,9 @@     group: www-data     mode: '0775'     recurse: true-'''--RETURN = r'''+"""++RETURN = """ moved:     description: Whether the directory was moved from legacy_path to new_path.     type: bool@@ -97,20 +92,21 @@     description: Permissions of the directory as an octal string.     type: str     returned: on success-    sample: '0775'-'''+    sample: "0775"+"""  import os import pwd import grp import stat import traceback+from typing import Any, Optional, Tuple  from ansible.module_utils.basic import AnsibleModule-from ansible.module_utils.pycompat24 import get_exception+  # Helper to safely get UID/GID-def get_id_info(module, owner=None, group=None):+def get_id_info(module: AnsibleModule, owner: Optional[str] = None, group: Optional[str] = None) -> Tuple[int, int]:     uid = -1     gid = -1     if owner is not None:@@ -126,21 +122,23 @@     return uid, gid  # Helper to validate and convert mode-def validate_mode(module, mode_str):+def validate_mode(module: AnsibleModule, mode_str: Optional[str]) -> Optional[int]:     if mode_str is None:         return None     try:         # Ensure it's treated as octal-        if not isinstance(mode_str, str):-             mode_str = str(mode_str)-        if not mode_str.startswith('0'):-             mode_str = '0' + mode_str # Ensure octal interpretation for int()-        return int(mode_str, 8)+        mode_value = mode_str+        if not isinstance(mode_value, str):+            mode_value = str(mode_value)+        if not mode_value.startswith('0'):+            mode_value = '0' + mode_value  # Ensure octal interpretation for int()+        return int(mode_value, 8)     except (ValueError, TypeError):         module.fail_json(msg=f"Invalid mode '{mode_str}' specified. Must be an octal number string (e.g., '0775').")---def run_module():+        return None  # This line is unreachable but satisfies type checker+++def run_module() -> None:     module_args = dict(         legacy_path=dict(type='str', required=True),         new_path=dict(type='str', required=True),@@ -150,7 +148,7 @@         recurse=dict(type='bool', required=False, default=False)     ) -    result = dict(+    result: dict[str, Any] = dict(         changed=False,         moved=False,         created=False,@@ -161,8 +159,7 @@     )      module = AnsibleModule(-        argument_spec=module_args,-        supports_check_mode=True+        argument_spec=module_args     )      legacy_path = module.params['legacy_path']@@ -179,52 +176,25 @@     uid, gid = get_id_info(module, owner, group)      # Check path statuses and types+    legacy_path_normalized = os.path.normpath(os.path.abspath(legacy_path))+    new_path_normalized = os.path.normpath(os.path.abspath(new_path))+    if legacy_path_normalized == new_path_normalized:+        module.fail_json(msg=f"Legacy path '{legacy_path}' and new path '{new_path}' refer to the same location.")++    if os.path.islink(legacy_path) or os.path.islink(new_path):+        module.fail_json(msg="Symlink paths are not supported for migration.")+     legacy_exists = os.path.lexists(legacy_path)     new_exists = os.path.lexists(new_path)-    legacy_is_dir = False-    new_is_dir = False--    if legacy_exists:-        if not os.path.isdir(legacy_path):-             module.fail_json(msg=f"Legacy path '{legacy_path}' exists but is not a directory.")-        legacy_is_dir = True--    if new_exists:-        if not os.path.isdir(new_path):-             module.fail_json(msg=f"New path '{new_path}' exists but is not a directory.")-        new_is_dir = True--    # --- Check Mode Early Exit ----    if module.check_mode:-        # Predict changes-        if legacy_exists and new_exists:-            # This is an error condition, but check mode shouldn't fail-            result['skipped'] = True-            result['msg'] = f"Both paths exist ({legacy_path}, {new_path}). Migration cannot proceed."-            module.exit_json(**result)--        changed = False-        if legacy_is_dir and not new_exists:-            changed = True # Will move-            result['moved'] = True-        elif not legacy_exists and not new_exists:-            changed = True # Will create-            result['created'] = True-        else: # new_path exists, legacy_path doesn't-             # Check if attributes need changing-            try:-                current_stat = os.stat(new_path)-                current_mode = stat.S_IMODE(current_stat.st_mode)-                if (uid != -1 and current_stat.st_uid != uid) or \-                   (gid != -1 and current_stat.st_gid != gid) or \-                   (mode_int is not None and current_mode != mode_int):-                    changed = True-            except OSError:-                 # Handle case where stat fails (e.g. permissions) - assume change needed-                 changed = True--        result['changed'] = changed-        module.exit_json(**result)++    if legacy_exists and not os.path.isdir(legacy_path):+        module.fail_json(msg=f"Legacy path '{legacy_path}' exists but is not a directory.")++    if new_exists and not os.path.isdir(new_path):+        module.fail_json(msg=f"New path '{new_path}' exists but is not a directory.")++    legacy_is_dir = legacy_exists and os.path.isdir(legacy_path)+    new_is_dir = new_exists and os.path.isdir(new_path)      # --- Main Logic --- @@ -241,20 +211,19 @@         try:             # Ensure all parent directories exist before moving             parent_dir = os.path.dirname(new_path)-            created_dirs = []-            +             if parent_dir and not os.path.exists(parent_dir):                 # Find which directories we'll need to create                 path_to_create = parent_dir-                dirs_to_create = []-                +                dirs_to_create: list[str] = []+                 while path_to_create and path_to_create != '/' and path_to_create != '' and not os.path.exists(path_to_create):                     dirs_to_create.append(path_to_create)                     path_to_create = os.path.dirname(path_to_create)-                +                 # Create parent directories                 os.makedirs(parent_dir, exist_ok=True)-                +                 # Apply ownership and permissions only to directories we just created                 if (owner is not None or group is not None or mode_int is not None) and dirs_to_create:                     for created_dir in dirs_to_create:@@ -262,7 +231,7 @@                             try:                                 if owner is not None or group is not None:                                     current_stat = os.stat(created_dir)-                                    os.chown(created_dir, +                                    os.chown(created_dir,                                             uid if uid != -1 else current_stat.st_uid,                                             gid if gid != -1 else current_stat.st_gid)                                 if mode_int is not None:@@ -349,7 +318,7 @@     # --- Exit ---     module.exit_json(**result) -def main():+def main() -> None:     run_module()  if __name__ == '__main__':

modified

library/qbittorrent_passwd.py

@@ -1,40 +1,119 @@-#!/usr/bin/python-from ansible.module_utils.basic import AnsibleModule+# -*- coding: utf-8 -*-++from __future__ import annotations++DOCUMENTATION = """+---+module: qbittorrent_passwd+description:+    - Takes a plain text password and generates a salted hash using the PBKDF2-HMAC-SHA512 algorithm.+    - Uses 100,000 iterations and a 16-byte random salt, matching qBittorrent's expected format.+    - The output format is "@ByteArray(SALT_BASE64:HASH_BASE64)".+    - This module is useful for generating password hashes to be placed in qBittorrent configuration files non-interactively.+    - The input password parameter has `no_log=True` set for security.+author: salty+options:+    password:+        description: The plain text password to hash.+        type: str+        required: true+        no_log: true+"""++EXAMPLES = """+- name: Generate qBittorrent password hash+  qbittorrent_passwd:+    password: "supersecretpassword"+  register: qbit_hash_result++- name: Display the generated hash+  debug:+    var: qbit_hash_result.hash+"""++RETURN = """+hash:+    description: The generated qBittorrent-compatible password hash string.+    type: str+    returned: on success+    sample: "@ByteArray(aBcDeFgHiJkLmNoPqRsTuVw==:xYz123AbCdEfGhIjKlMnOpQrStUvWxYz12/abc+def=)"+changed:+    description: Indicates if any state was changed. Always false for this module.+    type: bool+    returned: always+    sample: false+"""+ import base64 import hashlib import os+from typing import Any+from ansible.module_utils.basic import AnsibleModule -def qbittorrent_passwd(plain_passwd):++def generate_qbittorrent_hash(plain_passwd: str) -> str:+    """+    Generates a qBittorrent compatible password hash (PBKDF2-HMAC-SHA512).+    """+    ITERATIONS = 100_000  # Standard iteration count for qBittorrent+    SALT_SIZE = 16        # Standard salt size (bytes)+     try:-        ITERATIONS = 100_000-        SALT_SIZE = 16+        salt = os.urandom(SALT_SIZE)+        # Ensure password is bytes for hashing+        password_bytes = plain_passwd.encode()+        +        # Generate the hash+        derived_key = hashlib.pbkdf2_hmac(+            hash_name='sha512',+            password=password_bytes,+            salt=salt,+            iterations=ITERATIONS+        )+        +        # Encode salt and hash in Base64+        salt_b64 = base64.b64encode(salt).decode()+        hash_b64 = base64.b64encode(derived_key).decode()+        +        # Format according to qBittorrent's expectation+        return f"@ByteArray({salt_b64}:{hash_b64})" -        salt = os.urandom(SALT_SIZE)-        h = hashlib.pbkdf2_hmac("sha512", plain_passwd.encode(), salt, ITERATIONS)-        return "@ByteArray({}:{})".format(base64.b64encode(salt).decode(), base64.b64encode(h).decode())     except Exception as e:-        raise ValueError(f"Error generating password hash: {str(e)}")+        # Wrap underlying exception for better debugging upstream+        raise ValueError(f"Error generating password hash: {str(e)}") from e -def main():++def main() -> None:     module_args = dict(         password=dict(type='str', required=True, no_log=True)     ) -    result = dict(-        changed=False,-        msg=''-    )+    result: dict[str, Any] = {+        'changed': False,+        'hash': '',+    }      module = AnsibleModule(         argument_spec=module_args,-        supports_check_mode=True+        supports_check_mode=False     ) +    plain_password: str = module.params['password']+     try:-        result['msg'] = qbittorrent_passwd(module.params['password'])+        # Generate the hash using the dedicated function+        generated_hash = generate_qbittorrent_hash(plain_password)+        result['hash'] = generated_hash+         except ValueError as err:-        module.fail_json(msg=str(err))+        # If the hashing function raised ValueError, fail the module+        module.fail_json(msg=f"Failed to generate qBittorrent hash: {str(err)}", **result)+    except Exception as e:+         # Catch any other unexpected errors during execution+         module.fail_json(msg=f"An unexpected error occurred: {str(e)}", **result) ++    # Exit successfully, returning the hash     module.exit_json(**result)  if __name__ == '__main__':

modified

library/saltbox_facts.py

@@ -1,111 +1,178 @@-#!/usr/bin/python+# -*- coding: utf-8 -*-++from __future__ import annotations++DOCUMENTATION = """+---+module: saltbox_facts+description:+    - Loads, saves, or deletes configuration facts for Saltbox roles.+    - By default, loads existing values and only saves new keys if they do not exist.+author: salty+options:+    role:+        description:+            - Name of the role.+        required: true+        type: str+    instance:+        description:+            - Instance name for the role.+        required: true+        type: str+    method:+        description:+            - Operation to perform.+            - Use C(delete) to remove facts; omit to save/load.+        required: false+        type: str+        choices:+            - delete+    keys:+        description:+            - Dictionary of key/value pairs to save or delete.+        required: false+        type: dict+        default: {}+    delete_type:+        description:+            - Type of deletion to perform when C(method=delete).+        required: false+        type: str+        choices:+            - role+            - instance+            - key+    owner:+        description:+            - File owner for the facts file.+            - Defaults to the current user when omitted.+        required: false+        type: str+    group:+        description:+            - File group for the facts file.+            - Defaults to the current user when omitted.+        required: false+        type: str+    mode:+        description:+            - File mode as a quoted octal string (e.g., '0640').+        required: false+        type: str+        default: "0640"+    overwrite:+        description:+            - Whether to overwrite existing values instead of preserving them.+        required: false+        type: bool+        default: false+    base_path:+        description:+            - Base directory path for storing configuration files.+        required: true+        type: str """-Ansible module for managing Saltbox configuration facts.--This module provides functionality to load, save, and delete configuration facts-for Saltbox roles. By default, it loads existing values and only saves new ones-if the keys don't exist yet.--Example Usage:-    # Save facts (loads existing, only saves new keys)-    - name: Save facts for role-      saltbox_facts:-        role: myapp-        instance: instance1-        keys:-          key1: value1-          key2: value2-        owner: user1-        group: group1-        mode: "0640"-      register: register_var--    # Save facts with overwrite (ignores existing values)-    - name: Save facts with overwrite-      saltbox_facts:-        role: myapp-        instance: instance1-        keys:-          key1: value1-          key2: value2-        overwrite: true-      register: register_var--    # Delete specific keys from instance-    - name: Delete specific keys-      saltbox_facts:-        role: myapp-        instance: instance1-        method: delete-        delete_type: key-        keys:-          key1: ""-          key2: ""--    # Delete entire instance-    - name: Delete instance-      saltbox_facts:-        role: myapp-        instance: instance1-        method: delete-        delete_type: instance--    # Delete entire role (removes configuration file)-    - name: Delete role-      saltbox_facts:-        role: myapp-        instance: instance1-        method: delete-        delete_type: role--    # Save with default owner/group (current user)-    - name: Save facts with defaults-      saltbox_facts:-        role: myapp-        instance: instance1-        keys:-          key1: value1-      register: register_var--    # Save with specific file permissions-    - name: Save facts with custom permissions-      saltbox_facts:-        role: myapp-        instance: instance1-        keys:-          key1: value1-        mode: "0600"-      register: register_var--Return Values:-    facts:-        description: Dictionary containing the loaded or saved facts-        type: dict-        returned: When method is 'save' or when keys are processed-    changed:-        description: Whether any changes were made-        type: bool-        returned: always-    message:-        description: Informational or error message-        type: str-        returned: when applicable-    warnings:-        description: List of warning messages-        type: list-        returned: when applicable++EXAMPLES = """+- name: Save facts for role+  saltbox_facts:+    role: myapp+    instance: instance1+    keys:+      key1: value1+      key2: value2+    owner: user1+    group: group1+    mode: "0640"+    base_path: "{{ server_appdata_path }}"+  register: register_var++- name: Save facts with overwrite+  saltbox_facts:+    role: myapp+    instance: instance1+    keys:+      key1: value1+      key2: value2+    base_path: "{{ server_appdata_path }}"+    overwrite: true+  register: register_var++- name: Delete specific keys from instance+  saltbox_facts:+    role: myapp+    instance: instance1+    method: delete+    delete_type: key+    keys:+      key1: ""+      key2: ""+    base_path: "{{ server_appdata_path }}"++- name: Delete instance+  saltbox_facts:+    role: myapp+    instance: instance1+    method: delete+    delete_type: instance+    base_path: "{{ server_appdata_path }}"++- name: Delete role+  saltbox_facts:+    role: myapp+    instance: instance1+    method: delete+    delete_type: role+    base_path: "{{ server_appdata_path }}"++- name: Save facts with defaults+  saltbox_facts:+    role: myapp+    instance: instance1+    keys:+      key1: value1+    base_path: "{{ server_appdata_path }}"+  register: register_var++- name: Save facts with custom permissions+  saltbox_facts:+    role: myapp+    instance: instance1+    keys:+      key1: value1+    mode: "0600"+    base_path: "{{ server_appdata_path }}"+  register: register_var """ -from ansible.module_utils.basic import AnsibleModule+RETURN = """+facts:+    description: Dictionary containing the loaded or saved facts+    type: dict+    returned: When method is 'save' or when keys are processed+changed:+    description: Whether any changes were made+    type: bool+    returned: always+message:+    description: Informational or error message+    type: str+    returned: when applicable+"""+ import configparser+import grp import os import pwd-import grp+import shutil import tempfile-import shutil from io import StringIO--def validate_instance_name(instance):+from typing import Any++from ansible.module_utils.basic import AnsibleModule++def validate_instance_name(instance: Any) -> None:     """     Validate that the instance name is a string. @@ -118,7 +185,7 @@     if not isinstance(instance, str):         raise ValueError("Instance name must be a string") -def validate_keys(keys):+def validate_keys(keys: Any) -> None:     """     Validate configuration keys and values. @@ -130,7 +197,7 @@     """     if not isinstance(keys, dict):         raise ValueError("Keys must be a dictionary")-    +     for key, value in keys.items():         if not isinstance(key, str):             raise ValueError(f"Invalid key '{key}': must be a string")@@ -139,12 +206,13 @@                 f"Invalid value type for key '{key}': must be string, number, or boolean"             ) -def get_file_path(role):+def get_file_path(role: str, base_path: str) -> str:     """     Get the configuration file path for a role.      Args:         role (str): Name of the role+        base_path (str): Base directory path      Returns:         str: Full path to the configuration file@@ -154,9 +222,13 @@     """     if not isinstance(role, str):         raise ValueError("Role name must be a string")-    return f"/opt/saltbox/{role}.ini"--def atomic_write(file_path, content, mode, owner, group):+    if os.path.sep in role or (os.path.altsep and os.path.altsep in role):+        raise ValueError("Role name must not contain path separators")+    if role in ('.', '..') or role.strip() == '':+        raise ValueError("Role name must be a non-empty name")+    return f"{base_path}/saltbox/{role}.ini"++def atomic_write(file_path: str, content: str, mode: int, owner: str, group: str) -> None:     """     Write content to file atomically with proper permissions. @@ -173,24 +245,24 @@     """     directory = os.path.dirname(file_path)     os.makedirs(directory, exist_ok=True)-    +     temp_fd, temp_path = tempfile.mkstemp(dir=directory)     try:         with os.fdopen(temp_fd, 'w') as temp_file:             temp_file.write(content)-        +         os.chmod(temp_path, mode)-        os.chown(temp_path, +        os.chown(temp_path,                 pwd.getpwnam(owner).pw_uid,                 grp.getgrnam(group).gr_gid)-        +         shutil.move(temp_path, file_path)     except Exception:         if os.path.exists(temp_path):             os.unlink(temp_path)         raise -def load_existing_facts(file_path, instance):+def load_existing_facts(file_path: str, instance: str) -> dict[str, str]:     """     Load existing facts from configuration file for a specific instance. @@ -206,7 +278,7 @@     """     try:         validate_instance_name(instance)-        +         config = configparser.ConfigParser(             interpolation=None,             comment_prefixes=('#',),@@ -215,11 +287,11 @@             delimiters=('=',),             empty_lines_in_values=False         )-        -        config.optionxform = str-        -        existing_facts = {}-        ++        config.optionxform = lambda optionstr: optionstr  # Preserve case sensitivity for config keys++        existing_facts: dict[str, str] = {}+         if os.path.exists(file_path):             config.read(file_path)             if config.has_section(instance):@@ -228,15 +300,15 @@                         value = config.get(instance, key)                         if value != 'None':                             existing_facts[key] = value-                +         return existing_facts-        +     except configparser.Error as e:         raise Exception(f"Configuration parsing error: {str(e)}")     except Exception as e:         raise Exception(f"Unexpected error: {str(e)}") -def process_facts(file_path, instance, keys, owner, group, mode, overwrite=False):+def process_facts(file_path: str, instance: str, keys: dict[str, Any], owner: str, group: str, mode: int, overwrite: bool = False) -> tuple[dict[str, str], bool]:     """     Process facts by loading existing values and saving new ones as needed. @@ -258,14 +330,14 @@     try:         validate_instance_name(instance)         validate_keys(keys)-        +         # Load existing facts first         existing_facts = load_existing_facts(file_path, instance)-        +         # Determine final facts based on overwrite setting-        final_facts = {}-        keys_to_save = {}-        +        final_facts: dict[str, str] = {}+        keys_to_save: dict[str, str] = {}+         if overwrite:             # Overwrite mode: use provided keys, keep existing keys not in provided keys             final_facts.update(existing_facts)@@ -275,16 +347,16 @@             # Default mode: keep existing values, only add new keys             final_facts.update({k: str(v) for k, v in keys.items()})             final_facts.update(existing_facts)  # Existing values override new ones-            +             # Only save keys that don't exist yet             for key, value in keys.items():                 if key not in existing_facts:                     keys_to_save[key] = str(value)-        +         # If no new keys to save, return existing facts without changes         if not keys_to_save:             return final_facts, False-        +         # Save new/updated keys         config = configparser.ConfigParser(             interpolation=None,@@ -294,21 +366,21 @@             delimiters=('=',),             empty_lines_in_values=False         )-        -        config.optionxform = str-        ++        config.optionxform = lambda optionstr: optionstr  # Preserve case sensitivity for config keys+         if os.path.exists(file_path):             config.read(file_path)          changed = False-        +         if not config.has_section(instance):             config.add_section(instance)             changed = True          for key, value in keys_to_save.items():-            if (not config.has_section(instance) or -                not config.has_option(instance, key) or +            if (not config.has_section(instance) or+                not config.has_option(instance, key) or                 config.get(instance, key) != str(value)):                 config.set(instance, key, str(value))                 changed = True@@ -317,11 +389,11 @@             with StringIO() as string_buffer:                 config.write(string_buffer)                 config_str = string_buffer.getvalue()-            +             atomic_write(file_path, config_str, mode, owner, group)          return final_facts, changed-        +     except (OSError, IOError) as e:         raise Exception(f"File operation error: {str(e)}")     except configparser.Error as e:@@ -329,7 +401,7 @@     except Exception as e:         raise Exception(f"Unexpected error: {str(e)}") -def delete_facts(file_path, delete_type, instance, keys):+def delete_facts(file_path: str, delete_type: str, instance: str, keys: dict[str, Any]) -> bool:     """     Delete facts from configuration file. @@ -356,7 +428,7 @@             return False          config = configparser.ConfigParser(interpolation=None)-        config.optionxform = str+        config.optionxform = lambda optionstr: optionstr  # Preserve case sensitivity for config keys         config.read(file_path)         changed = False @@ -374,14 +446,14 @@             with StringIO() as string_buffer:                 config.write(string_buffer)                 config_str = string_buffer.getvalue()-            +             stat = os.stat(file_path)-            atomic_write(file_path, config_str, stat.st_mode, +            atomic_write(file_path, config_str, stat.st_mode,                         pwd.getpwuid(stat.st_uid).pw_name,                         grp.getgrgid(stat.st_gid).gr_name)          return changed-        +     except (OSError, IOError) as e:         raise Exception(f"File operation error: {str(e)}")     except configparser.Error as e:@@ -389,7 +461,7 @@     except Exception as e:         raise Exception(f"Unexpected error: {str(e)}") -def parse_mode(mode):+def parse_mode(mode: Any) -> int:     """     Parse and validate file mode. @@ -413,7 +485,7 @@     else:         raise ValueError("Mode must be a quoted octal number starting with '0' (e.g., '0640').") -def get_current_user():+def get_current_user() -> str:     """     Get current user name. @@ -422,7 +494,7 @@     """     return pwd.getpwuid(os.getuid()).pw_name -def run_module():+def run_module() -> None:     """     Main module execution. @@ -440,6 +512,7 @@     - group (str): File group (default: current user)     - mode (str): File mode in octal string format (default: '0640')     - overwrite (bool): If True, overwrite existing values; if False, keep existing (default: False)+    - base_path (str): Base directory path for storing configuration files (required)     """     module_args = dict(         role=dict(type='str', required=True),@@ -450,35 +523,35 @@         owner=dict(type='str', required=False),         group=dict(type='str', required=False),         mode=dict(type='str', required=False, default='0640'),-        overwrite=dict(type='bool', required=False, default=False)+        overwrite=dict(type='bool', required=False, default=False),+        base_path=dict(type='str', required=True)     )      result = dict(         changed=False,         message='',-        facts={},-        warnings=[]+        facts={}     )      module = AnsibleModule(-        argument_spec=module_args,-        supports_check_mode=True+        argument_spec=module_args     )      try:-        role = module.params['role']-        instance = module.params['instance']-        method = module.params.get('method')-        keys = module.params['keys']-        delete_type = module.params.get('delete_type')-        overwrite = module.params['overwrite']-        +        role: str = module.params['role']+        instance: str = module.params['instance']+        method: str | None = module.params.get('method')+        keys: dict[str, Any] = module.params['keys']+        delete_type: str | None = module.params.get('delete_type')+        overwrite: bool = module.params['overwrite']+        base_path: str = module.params['base_path']+         current_user = get_current_user()-        owner = module.params.get('owner') or current_user-        group = module.params.get('group') or current_user+        owner: str = module.params.get('owner') or current_user+        group: str = module.params.get('group') or current_user          mode = parse_mode(module.params['mode'])-        file_path = get_file_path(role)+        file_path = get_file_path(role, base_path)          if method == 'delete':             if not delete_type:@@ -495,7 +568,7 @@     except Exception as e:         module.fail_json(msg=str(e)) -def main():+def main() -> None:     """     Module entry point.     """

modified

requirements/requirements-saltbox.txt

@@ -1,20 +1,23 @@-ansible==11.11.0-ansible-lint==25.9.2-apprise==1.9.5+aiohttp==3.13.3+ansible==13.2.0+ansible-lint==26.1.1+apprise==1.9.7 argon2_cffi==25.1.0-certbot==5.1.0+certbot==5.2.2+cloudflare==4.3.1 dnspython==2.8.0 docker==7.1.0 jinja2==3.1.6-jmespath==1.0.1+jmespath==1.1.0 lxml==6.0.2 ndg-httpsclient==0.5.1 netaddr==1.3.0 passlib==1.7.4 pexpect==4.9.0+psycopg[binary]==3.3.2 PyMySQL==1.1.2 pyOpenSSL==25.3.0 requests==2.32.5-ruamel.yaml==0.18.16+ruamel.yaml==0.19.1 tld==0.13.1-uv==0.9.6+uv==0.9.26

modified

resources/roles/dns/defaults/main.yml

@@ -8,12 +8,3 @@ ######################################################################### --- cloudflare_allow_nested_proxy: false-cloudflare_reinstall: false-cloudflare_path: "/srv/cloudflare-helper"-cloudflare_venv_path: "{{ cloudflare_path }}/venv"-cloudflare_python_version: "3.10"-cloudflare_script_path: "{{ cloudflare_path }}/fetch_cloudflare_records.py"-cloudflare_requirements_path: "{{ cloudflare_path }}/requirements.txt"-cloudflare_files:-  - "fetch_cloudflare_records.py"-  - "requirements.txt"

modified

resources/roles/dns/tasks/cloudflare/main.yml

@@ -7,39 +7,26 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Cloudflare | Cleanup legacy folder+- name: Cloudflare | Cleanup legacy folders   ansible.builtin.file:-    path: "/srv/cloudflare"+    path: "{{ item }}"     state: absent+  loop:+    - "/srv/cloudflare"+    - "/srv/cloudflare-helper" -- name: Cloudflare | Check if '{{ cloudflare_path }}' folder exists-  ansible.builtin.stat:-    path: "{{ cloudflare_path }}"-  register: cloudflare_folder--- name: Cloudflare | Check if Python symlink exists-  ansible.builtin.stat:-    path: "{{ cloudflare_path }}/venv/bin/python{{ cloudflare_python_version }}"-  register: cloudflare_folder_symlink--- name: Cloudflare | Python Migration-  ansible.builtin.include_tasks: "subtasks/python.yml"-  when: cloudflare_folder_symlink.stat.exists--- name: Cloudflare | Checksum-  ansible.builtin.include_tasks: "subtasks/checksum.yml"--- name: Cloudflare | Setup-  ansible.builtin.include_tasks: "subtasks/setup.yml"-  when: (not cloudflare_folder.stat.exists) or (not cloudflare_folder_symlink.stat.exists) or (cloudflare_reinstall | bool)+- name: Set IP variables+  ansible.builtin.set_fact:+    ipv4_address_public_template: "{{ lookup('vars', ansible_parent_role_names | first + '_dns_ipv4', default=lookup('vars', ansible_parent_role_names | first + '_role_dns_ipv4', default=ip_address_public)) }}"+    ipv6_address_public_template: "{{ lookup('vars', ansible_parent_role_names | first + '_dns_ipv4', default=lookup('vars', ansible_parent_role_names | first + '_role_dns_ipv6', default=ipv6_address_public)) }}"  - name: Cloudflare | Tailscale block-  when: traefik_tailscale_enabled and lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=false)+  when: traefik_tailscale_enabled and lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=lookup('vars', ansible_parent_role_names | first + '_role_traefik_tailscale_enabled', default=false))   block:     - name: Get Tailscale IPs       ansible.builtin.shell: "tailscale ip"       register: dns_tailscale_ips-      failed_when: dns_tailscale_ips.rc != 0+      failed_when: (dns_tailscale_ips.rc != 0)      - name: Set Tailscale variables       ansible.builtin.set_fact:@@ -48,8 +35,8 @@  - name: Cloudflare | Add DNS Record   ansible.builtin.include_tasks: "subtasks/add_dns_record.yml"-  when: dns_action != 'remove'+  when: (dns_action != 'remove')  - name: Cloudflare | Remove DNS Record   ansible.builtin.include_tasks: "subtasks/remove_dns_record.yml"-  when: dns_action == 'remove'+  when: (dns_action == 'remove')

modified

resources/roles/dns/tasks/cloudflare/subtasks/add_dns_record.yml

@@ -15,18 +15,16 @@   when: (not cloudflare_allow_nested_proxy) and ("." in dns_record) and dns_proxy  - name: Cloudflare | Add DNS Record | Fetch Record information-  ansible.builtin.shell: "{{ cloudflare_path }}/venv/bin/python3 {{ cloudflare_script_path }} --auth_key '{{ cloudflare.api }}' --auth_email '{{ cloudflare.email }}' --zone_name '{{ dns_zone }}' --record '{{ dns_record }}.{{ dns_zone }}'"+  cloudflare_dns_records:+    auth_email: "{{ cloudflare.email }}"+    auth_key: "{{ cloudflare.api }}"+    zone_name: "{{ dns_zone }}"+    record: "{{ dns_record }}.{{ dns_zone }}"   register: cloudflare_record-  ignore_errors: true -- name: Cloudflare | Add DNS Record | Print Failure Output-  ansible.builtin.fail:-    msg: "{{ cloudflare_record.stderr }}"-  when: cloudflare_record.rc != 0--- name: Cloudflare | Add DNS Record | Convert JSON to Dictionary+- name: Cloudflare | Add DNS Record | Set variables   ansible.builtin.set_fact:-    cloudflare_record_dict: "{{ cloudflare_record.stdout | from_json }}"+    cloudflare_record_dict: "{{ cloudflare_record.records }}"     cloudflare_ipv4_record: []     cloudflare_ipv6_record: [] @@ -45,7 +43,7 @@     label: "{{ item.name }} - {{ item.type }}"  - name: Cloudflare | Add DNS Record | Tasks on success-  when: cloudflare_dns_record_removal_status is succeeded and cloudflare_dns_record_removal_status.changed+  when: (cloudflare_dns_record_removal_status is succeeded) and cloudflare_dns_record_removal_status.changed   block:     - name: Cloudflare | Add DNS Record | Set 'dns_record_print' variable       ansible.builtin.set_fact:@@ -73,20 +71,20 @@  - name: Cloudflare | Add DNS Record | IPv4 Tasks   ansible.builtin.include_tasks: "add_dns_record/ipv4_enabled.yml"-  when: dns.ipv4 and-        ((not ((cloudflare_ipv4_record is defined and (cloudflare_ipv4_record | length > 0)) and (cloudflare_ipv4_record.content == ip_address_public) and (cloudflare_ipv4_record.proxied == dns_proxy)))-         or not (cloudflare_ipv4_record is defined and (cloudflare_ipv4_record | length > 0)))+  when: dns_ipv4_enabled and+        ((not (((cloudflare_ipv4_record is defined) and (cloudflare_ipv4_record | length > 0)) and (cloudflare_ipv4_record.content == ipv4_address_public_template) and (cloudflare_ipv4_record.proxied == dns_proxy)))+         or not ((cloudflare_ipv4_record is defined) and (cloudflare_ipv4_record | length > 0)))  - name: Cloudflare | Add DNS Record | IPv4 Disable Tasks   ansible.builtin.include_tasks: "add_dns_record/ipv4_disabled.yml"-  when: (not dns.ipv4) and (cloudflare_ipv4_record is defined and (cloudflare_ipv4_record | length > 0))+  when: (not dns_ipv4_enabled) and ((cloudflare_ipv4_record is defined) and (cloudflare_ipv4_record | length > 0))  - name: Cloudflare | Add DNS Record | IPv6 Enabled Block   ansible.builtin.include_tasks: "add_dns_record/ipv6_enabled.yml"-  when: dns.ipv6 and-        ((not ((cloudflare_ipv6_record is defined and (cloudflare_ipv6_record | length > 0)) and (cloudflare_ipv6_record.content == ipv6_address_public) and (cloudflare_ipv6_record.proxied == dns_proxy)))-         or not (cloudflare_ipv6_record is defined and (cloudflare_ipv6_record | length > 0)))+  when: dns_ipv6_enabled and+        ((not (((cloudflare_ipv6_record is defined) and (cloudflare_ipv6_record | length > 0)) and (cloudflare_ipv6_record.content == ipv6_address_public_template) and (cloudflare_ipv6_record.proxied == dns_proxy)))+         or not ((cloudflare_ipv6_record is defined) and (cloudflare_ipv6_record | length > 0)))  - name: Cloudflare | Add DNS Record | IPv6 Disable Block   ansible.builtin.include_tasks: "add_dns_record/ipv6_disabled.yml"-  when: (not dns.ipv6) and (cloudflare_ipv6_record is defined and (cloudflare_ipv6_record | length > 0))+  when: (not dns_ipv6_enabled) and ((cloudflare_ipv6_record is defined) and (cloudflare_ipv6_record | length > 0))

modified

resources/roles/dns/tasks/cloudflare/subtasks/add_dns_record/ipv4_enabled.yml

@@ -10,7 +10,7 @@ - name: Cloudflare | Add DNS Record | IPv4 | Validate IP variable   ansible.builtin.fail:     msg: "{{ ip_address_public_error }}"-  when: (not ip_address_public_is_valid)+  when: (not ip_address_public_is_valid) and (ipv4_address_public_template == ip_address_public)  - name: Cloudflare | Add DNS Record | IPv4 | Add DNS Record   community.general.cloudflare_dns:@@ -21,8 +21,8 @@     solo: true     proxied: "{{ dns_proxy }}"     type: A-    value: "{{ ip_address_public-            if not lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=false)+    value: "{{ ipv4_address_public_template+            if not lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=lookup('vars', ansible_parent_role_names | first + '_role_traefik_tailscale_enabled', default=false))             else dns_tailscale_ipv4 }}"     record: "{{ dns_record }}"   register: cloudflare_dns_record_creation_status@@ -36,4 +36,4 @@      - name: Cloudflare | Add DNS Record | IPv4 | Display DNS Record creation status       ansible.builtin.debug:-        msg: "DNS A Record for '{{ dns_record_print }}' set to '{{ ip_address_public }}' was added. Proxy: {{ dns_proxy }}"+        msg: "DNS A Record for '{{ dns_record_print }}' set to '{{ ipv4_address_public_template }}' was added. Proxy: {{ dns_proxy }}"

modified

resources/roles/dns/tasks/cloudflare/subtasks/add_dns_record/ipv6_enabled.yml

@@ -10,7 +10,7 @@ - name: Cloudflare | Add DNS Record | IPv6 | Validate IPv6 variable   ansible.builtin.fail:     msg: "{{ ipv6_address_public_error }}"-  when: (not ipv6_address_public_is_valid)+  when: (not ipv6_address_public_is_valid) and (ipv6_address_public_template == ipv6_address_public)  - name: Cloudflare | Add DNS Record | IPv6 | Add DNS Record   community.general.cloudflare_dns:@@ -21,8 +21,8 @@     solo: true     proxied: "{{ dns_proxy }}"     type: AAAA-    value: "{{ ipv6_address_public-            if not lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=false)+    value: "{{ ipv6_address_public_template+            if (not lookup('vars', ansible_parent_role_names | first + '_traefik_tailscale_enabled', default=lookup('vars', ansible_parent_role_names | first + '_role_traefik_tailscale_enabled', default=false)))             else dns_tailscale_ipv6 }}"     record: "{{ dns_record }}"   register: cloudflare_dns_v6_record_creation_status@@ -36,4 +36,4 @@      - name: Cloudflare | Add DNS Record | IPv6 | Display DNS Record creation status       ansible.builtin.debug:-        msg: "DNS AAAA Record for '{{ dns_record_print }}' set to '{{ ipv6_address_public }}' was added. Proxy: {{ dns_proxy }}"+        msg: "DNS AAAA Record for '{{ dns_record_print }}' set to '{{ ipv6_address_public_template }}' was added. Proxy: {{ dns_proxy }}"

modified

resources/roles/dns/tasks/cloudflare/subtasks/remove_dns_record.yml

@@ -18,7 +18,7 @@   register: cloudflare_dns_record_removal_status  - name: Cloudflare | Remove DNS Record | IPv4 | Tasks on success-  when: cloudflare_dns_record_removal_status is succeeded+  when: (cloudflare_dns_record_removal_status is succeeded)   block:     - name: Cloudflare | Remove DNS Record | IPv4 | Set 'dns_record_print' variable       ansible.builtin.set_fact:@@ -39,7 +39,7 @@   register: cloudflare_dns_v6_record_removal_status  - name: Cloudflare | Remove DNS Record | IPv6 | Tasks on success-  when: cloudflare_dns_v6_record_removal_status is succeeded+  when: (cloudflare_dns_v6_record_removal_status is succeeded)   block:     - name: Cloudflare | Remove DNS Record | IPv6 | Set 'dns_record_print' variable       ansible.builtin.set_fact:

modified

resources/tasks/directories/create_directories.yml

@@ -11,9 +11,9 @@   ansible.builtin.file:     path: "{{ item }}"     state: directory-    owner: "{{ lookup('vars', role_name + '_paths_owner', default=user.name) }}"-    group: "{{ lookup('vars', role_name + '_paths_group', default=user.name) }}"-    mode: "{{ lookup('vars', role_name + '_paths_permissions', default='0775') }}"-    recurse: "{{ lookup('vars', role_name + '_paths_recursive', default=false) }}"-  with_items: "{{ lookup('vars', role_name + '_paths_folders_list')-                  + lookup('vars', role_name + '_paths_folders_list_custom', default=[]) }}"+    owner: "{{ lookup('role_var', '_paths_owner', default=user.name) }}"+    group: "{{ lookup('role_var', '_paths_group', default=user.name) }}"+    mode: "{{ lookup('role_var', '_paths_permissions', default='0775') }}"+    recurse: "{{ lookup('role_var', '_paths_recursive', default=false) }}"+  with_items: "{{ lookup('role_var', '_paths_folders_list')+                  + lookup('role_var', '_paths_folders_list_custom', default=[]) }}"

modified

resources/tasks/dns/tasker2.yml

@@ -7,49 +7,18 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Resources | Tasks | DNS | Tasker | Get FLD-  ansible.builtin.shell: |-    {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ dns_zone | default(user.domain) }}\", as_object=True); print(res.fld)"-  register: fld--- name: Resources | Tasks | DNS | Tasker | Get subdomain-  when: dns_record | length > 0-  block:-    - name: Resources | Tasks | DNS | Tasker | Set subdomain var-      ansible.builtin.set_fact:-        subdomain_block: 1--    - name: Resources | Tasks | DNS | Tasker | Get subdomain-      ansible.builtin.shell: |-        {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ dns_record }}.{{ dns_zone | default(user.domain) }}\", as_object=True); print(res.subdomain)"-      register: subdomain_notempty--- name: Resources | Tasks | DNS | Tasker | Get subdomain-  when: dns_record | length == 0-  block:-    - name: Resources | Tasks | DNS | Tasker | Set subdomain var-      ansible.builtin.set_fact:-        subdomain_block: 0--    - name: Resources | Tasks | DNS | Tasker | Get subdomain-      ansible.builtin.shell: |-        {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ dns_zone | default(user.domain) }}\", as_object=True); print(res.subdomain)"-      register: subdomain_empty--- name: Resources | Tasks | DNS | Tasker | Set subdomain var-  ansible.builtin.set_fact:-    subdomain: "{{ subdomain_notempty.stdout-                if (subdomain_block)-                else subdomain_empty.stdout }}"+- name: Resources | Tasks | DNS | Tasker | Parse domain+  tld_parse:+    url: "{{ dns_zone | default(user.domain) }}"+    record: "{{ dns_record | default('') }}"+  register: domain_parsed  - name: Resources | Tasks | DNS | Tasker | Set '_dns_*' variables   ansible.builtin.set_fact:-    _dns_tasker_zone: "{{ fld.stdout }}"-    _dns_tasker_record: "{{ subdomain-                         if (subdomain | length > 0)-                         else '@' }}"+    _dns_tasker_zone: "{{ domain_parsed.fld }}"+    _dns_tasker_record: "{{ domain_parsed.record }}"     _dns_tasker_action: "{{ dns_action | default('add') }}"-    _dns_tasker_proxy: "{{ dns_proxy | default(dns.proxied) }}"+    _dns_tasker_proxy: "{{ dns_proxy | default(dns_proxied) }}"  - name: Resources | Tasks | DNS | Tasker | Sent task to DNS Role   ansible.builtin.include_role:

modified

resources/tasks/docker/create_docker_container.yml

@@ -13,126 +13,360 @@                   if (var_prefix is defined)                   else role_name }}" +- name: Resources | Tasks | Docker | Create Docker Container | Set instance name+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"++- name: Resources | Tasks | Docker | Create Docker Container | Resolve docker vars (bulk)+  ansible.builtin.set_fact:+    _docker_vars: "{{ lookup('docker_vars', specs=_docker_var_specs) }}"+  vars:+    _docker_var_specs:+      _docker_commands:+        default: []+      _docker_cpus:+        default: "{{ docker_cpus_default }}"+      _docker_envs:+        default: {}+      _docker_hosts_use_common:+        default: true+      _docker_hosts:+        default: {}+      _docker_network_mode:+        default: "{{ docker_networks_name_common }}"+      _docker_exposed_ports:+        default: []+      _docker_hostname:+        default: ""+      _docker_labels_use_common:+        default: true+      _docker_labels:+        default: {}+      _docker_log_driver:+        default: ""+      _docker_log_options:+        default: {}+      _docker_memory:+        default: "{{ docker_memory_default }}"+      _docker_networks:+        default: []+      _docker_ports:+        default: []+      _docker_volumes:+        default: []+      _docker_volumes_global:+        default: true+      _docker_auto_remove:+        omit: true+      _docker_blkio_weight:+        omit: true+      _docker_cap_drop:+        omit: true+      _docker_capabilities:+        omit: true+      _docker_cgroup_parent:+        omit: true+      _docker_cgroupns_mode:+        omit: true+      _docker_cleanup:+        omit: true+      _docker_cpu_period:+        omit: true+      _docker_cpu_quota:+        omit: true+      _docker_cpu_shares:+        omit: true+      _docker_cpuset_cpus:+        omit: true+      _docker_cpuset_mems:+        omit: true+      _docker_device_cgroup_rules:+        omit: true+      _docker_device_read_bps:+        omit: true+      _docker_device_read_iops:+        omit: true+      _docker_device_requests:+        omit: true+      _docker_device_write_bps:+        omit: true+      _docker_device_write_iops:+        omit: true+      _docker_devices:+        omit: true+      _docker_dns_opts:+        omit: true+      _docker_dns_search_domains:+        omit: true+      _docker_dns_servers:+        omit: true+      _docker_domainname:+        omit: true+      _docker_entrypoint:+        omit: true+      _docker_env_file:+        omit: true+      _docker_groups:+        omit: true+      _docker_healthcheck:+        omit: true+      _docker_healthy_wait_timeout:+        default: 300+      _docker_image:+        required: true+      _docker_init:+        omit: true+      _docker_ipc_mode:+        omit: true+      _docker_keep_volumes:+        omit: true+      _docker_kernel_memory:+        omit: true+      _docker_kill_signal:+        omit: true+      _docker_links:+        omit: true+      _docker_memory_reservation:+        omit: true+      _docker_memory_swap:+        omit: true+      _docker_memory_swappiness:+        omit: true+      _docker_mounts:+        omit: true+      _docker_container:+        default: "{{ _instance_name }}"+      _docker_oom_killer:+        omit: true+      _docker_oom_score_adj:+        omit: true+      _docker_output_logs:+        omit: true+      _docker_paused:+        omit: true+      _docker_pid_mode:+        omit: true+      _docker_privileged:+        omit: true+      _docker_image_pull:+        default: true+      _docker_read_only:+        omit: true+      _docker_recreate:+        omit: true+      _docker_restart_policy:+        default: "unless-stopped"+      _docker_restart_retries:+        omit: true+      _docker_runtime:+        omit: true+      _docker_security_opts:+        omit: true+      _docker_shm_size:+        omit: true+      _docker_stop_signal:+        omit: true+      _docker_stop_timeout:+        default: "10"+      _docker_storage_opts:+        omit: true+      _docker_sysctls:+        omit: true+      _docker_tmpfs:+        omit: true+      _docker_ulimits:+        omit: true+      _docker_user:+        omit: true+      _docker_userns_mode:+        omit: true+      _docker_uts:+        omit: true+      _docker_volume_driver:+        omit: true+      _docker_volumes_from:+        omit: true+      _docker_working_dir:+        omit: true+      _docker_create_timeout:+        default: 120++- name: Resources | Tasks | Docker | Create Docker Container | Set variables that need omit handling+  ansible.builtin.set_fact:+    _docker_command: "{{ (_docker_vars['_docker_commands']['value'] | reject('equalto', omit) | list) }}"+    _docker_cpus: "{{ _docker_vars['_docker_cpus']['value'] }}"+    _docker_env: "{{ (nvidia_docker_env if use_nvidia else {}) | combine(_docker_vars['_docker_envs']['value']) }}"+    _docker_etc_hosts: "{{ (docker_hosts_common if _docker_vars['_docker_hosts_use_common']['value'] else {}) | combine(_docker_vars['_docker_hosts']['value'])+                        if not ('container:' in _docker_vars['_docker_network_mode']['value'])+                        else {} }}"+    _docker_exposed_ports: "{{ (_docker_vars['_docker_exposed_ports']['value'] | unique | reject('equalto', omit) | list)+                            if not ('container:' in _docker_vars['_docker_network_mode']['value'])+                            else [] }}"+    _docker_hostname: "{{ _docker_vars['_docker_hostname']['value']+                       if (_docker_vars['_docker_network_mode']['value'] == docker_networks_name_common)+                       else '' }}"+    _docker_labels: "{{ (docker_labels_common if _docker_vars['_docker_labels_use_common']['value'] else {}) | combine(_docker_vars['_docker_labels']['value']) }}"+    _docker_log_driver: "{{ docker_log_driver if (docker_log_driver != 'default') else _docker_vars['_docker_log_driver']['value'] }}"+    _docker_log_options: "{{ docker_log_options if (docker_log_options != 'default') else _docker_vars['_docker_log_options']['value'] }}"+    _docker_memory: "{{ _docker_vars['_docker_memory']['value'] }}"+    _docker_networks: "{{ _docker_vars['_docker_networks']['value']+                       if not ((_docker_vars['_docker_network_mode']['value'] == 'host') or ('container' in _docker_vars['_docker_network_mode']['value']))+                       else [] }}"+    _docker_published_ports: "{{ (_docker_vars['_docker_ports']['value'] | unique | reject('equalto', omit) | list)+                              if not ('container:' in _docker_vars['_docker_network_mode']['value'])+                              else [] }}"+    _docker_volumes: "{{ ((docker_volumes_common + _docker_vars['_docker_volumes']['value'])+                      if (_docker_vars['_docker_volumes_global']['value'] | bool)+                      else _docker_vars['_docker_volumes']['value']) | unique | reject('equalto', omit) | list }}"+ - name: Resources | Tasks | Docker | Create Docker Container | Network Container Health Status   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/network_container_health_status.yml"-  when: ('container:' in lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common))+  when: ('container:' in _docker_vars['_docker_network_mode']['value'])  - name: Resources | Tasks | Docker | Create Docker Container | Create Docker Container # noqa args[module]   community.docker.docker_container:-    auto_remove: "{{ lookup('vars', _var_prefix + '_docker_auto_remove', default=omit) }}"-    blkio_weight: "{{ lookup('vars', _var_prefix + '_docker_blkio_weight', default=omit) }}"-    cap_drop: "{{ lookup('vars', _var_prefix + '_docker_cap_drop', default=omit) }}"-    capabilities: "{{ lookup('vars', _var_prefix + '_docker_capabilities', default=omit) }}"-    cgroup_parent: "{{ lookup('vars', _var_prefix + '_docker_cgroup_parent', default=omit) }}"-    cleanup: "{{ lookup('vars', _var_prefix + '_docker_cleanup', default=omit) }}"-    command: "{{ lookup('vars', _var_prefix + '_docker_commands', default=omit) | reject('equalto', omit) | list }}"+    auto_remove: "{{ (_docker_vars['_docker_auto_remove']['value'] if not _docker_vars['_docker_auto_remove']['omit'] else omit) }}"+    blkio_weight: "{{ (_docker_vars['_docker_blkio_weight']['value'] if not _docker_vars['_docker_blkio_weight']['omit'] else omit) }}"+    cap_drop: "{{ (_docker_vars['_docker_cap_drop']['value'] if not _docker_vars['_docker_cap_drop']['omit'] else omit) }}"+    capabilities: "{{ (_docker_vars['_docker_capabilities']['value'] if not _docker_vars['_docker_capabilities']['omit'] else omit) }}"+    cgroup_parent: "{{ (_docker_vars['_docker_cgroup_parent']['value'] if not _docker_vars['_docker_cgroup_parent']['omit'] else omit) }}"+    cgroupns_mode: "{{ (_docker_vars['_docker_cgroupns_mode']['value'] if not _docker_vars['_docker_cgroupns_mode']['omit'] else omit) }}"+    cleanup: "{{ (_docker_vars['_docker_cleanup']['value'] if not _docker_vars['_docker_cleanup']['omit'] else omit) }}"+    command: "{{ _docker_command+              if (_docker_command | length > 0)+              else omit }}"     command_handling: compatibility     container_default_behavior: compatibility-    cpu_period: "{{ lookup('vars', _var_prefix + '_docker_cpu_period', default=omit) }}"-    cpu_quota: "{{ lookup('vars', _var_prefix + '_docker_cpu_quota', default=omit) }}"-    cpu_shares: "{{ lookup('vars', _var_prefix + '_docker_cpu_shares', default=omit) }}"-    cpus: "{{ (docker_cpus_default is defined) | ternary(docker_cpus_default, lookup('vars', _var_prefix + '_docker_cpus', default=omit)) }}"-    cpuset_cpus: "{{ lookup('vars', _var_prefix + '_docker_cpuset_cpus', default=omit) }}"-    cpuset_mems: "{{ lookup('vars', _var_prefix + '_docker_cpuset_mems', default=omit) }}"+    cpu_period: "{{ (_docker_vars['_docker_cpu_period']['value'] if not _docker_vars['_docker_cpu_period']['omit'] else omit) }}"+    cpu_quota: "{{ (_docker_vars['_docker_cpu_quota']['value'] if not _docker_vars['_docker_cpu_quota']['omit'] else omit) }}"+    cpu_shares: "{{ (_docker_vars['_docker_cpu_shares']['value'] if not _docker_vars['_docker_cpu_shares']['omit'] else omit) }}"+    cpus: "{{ _docker_cpus+           if (_docker_cpus | length > 0)+           else omit }}"+    cpuset_cpus: "{{ (_docker_vars['_docker_cpuset_cpus']['value'] if not _docker_vars['_docker_cpuset_cpus']['omit'] else omit) }}"+    cpuset_mems: "{{ (_docker_vars['_docker_cpuset_mems']['value'] if not _docker_vars['_docker_cpuset_mems']['omit'] else omit) }}"     default_host_ip: ""-    device_read_bps: "{{ lookup('vars', _var_prefix + '_docker_device_read_bps', default=omit) }}"-    device_read_iops: "{{ lookup('vars', _var_prefix + '_docker_device_read_iops', default=omit) }}"-    device_requests: "{{ lookup('vars', _var_prefix + '_docker_device_requests', default=omit) }}"-    device_write_bps: "{{ lookup('vars', _var_prefix + '_docker_device_write_bps', default=omit) }}"-    device_write_iops: "{{ lookup('vars', _var_prefix + '_docker_device_write_iops', default=omit) }}"-    devices: "{{ lookup('vars', _var_prefix + '_docker_devices', default=omit) }}"-    dns_opts: "{{ lookup('vars', _var_prefix + '_docker_dns_opts', default=omit) }}"-    dns_search_domains: "{{ lookup('vars', _var_prefix + '_docker_dns_search_domains', default=omit) }}"-    dns_servers: "{{ lookup('vars', _var_prefix + '_docker_dns_servers', default=omit) }}"-    domainname: "{{ lookup('vars', _var_prefix + '_docker_domainname', default=omit) }}"-    entrypoint: "{{ lookup('vars', _var_prefix + '_docker_entrypoint', default=omit) }}"-    env: "{{ (nvidia_docker_env if use_nvidia else {})-             | combine(lookup('vars', _var_prefix + '_docker_envs', default={}))-             | default(omit) }}"-    env_file: "{{ lookup('vars', _var_prefix + '_docker_env_file', default=omit) }}"-    etc_hosts: "{{ lookup('vars', _var_prefix + '_docker_hosts', default=omit)-                if not ('container:' in lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common))-                else {} }}"-    exposed_ports: "{{ (lookup('vars', _var_prefix + '_docker_exposed_ports', default=[]) | unique | reject('equalto', omit) | list)-                    if not ('container:' in lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common))-                    else [] }}"-    groups: "{{ lookup('vars', _var_prefix + '_docker_groups', default=omit) }}"-    healthcheck: "{{ lookup('vars', _var_prefix + '_docker_healthcheck', default=omit) }}"-    hostname: "{{ lookup('vars', _var_prefix + '_docker_hostname', default=omit)-               if (lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common) == docker_networks_name_common)+    detach: true+    device_cgroup_rules: "{{ (_docker_vars['_docker_device_cgroup_rules']['value'] if not _docker_vars['_docker_device_cgroup_rules']['omit'] else omit) }}"+    device_read_bps: "{{ (_docker_vars['_docker_device_read_bps']['value'] if not _docker_vars['_docker_device_read_bps']['omit'] else omit) }}"+    device_read_iops: "{{ (_docker_vars['_docker_device_read_iops']['value'] if not _docker_vars['_docker_device_read_iops']['omit'] else omit) }}"+    device_requests: "{{ (_docker_vars['_docker_device_requests']['value'] if not _docker_vars['_docker_device_requests']['omit'] else omit) }}"+    device_write_bps: "{{ (_docker_vars['_docker_device_write_bps']['value'] if not _docker_vars['_docker_device_write_bps']['omit'] else omit) }}"+    device_write_iops: "{{ (_docker_vars['_docker_device_write_iops']['value'] if not _docker_vars['_docker_device_write_iops']['omit'] else omit) }}"+    devices: "{{ (_docker_vars['_docker_devices']['value'] if not _docker_vars['_docker_devices']['omit'] else omit) }}"+    dns_opts: "{{ (_docker_vars['_docker_dns_opts']['value'] if not _docker_vars['_docker_dns_opts']['omit'] else omit) }}"+    dns_search_domains: "{{ (_docker_vars['_docker_dns_search_domains']['value'] if not _docker_vars['_docker_dns_search_domains']['omit'] else omit) }}"+    dns_servers: "{{ (_docker_vars['_docker_dns_servers']['value'] if not _docker_vars['_docker_dns_servers']['omit'] else omit) }}"+    domainname: "{{ (_docker_vars['_docker_domainname']['value'] if not _docker_vars['_docker_domainname']['omit'] else omit) }}"+    entrypoint: "{{ (_docker_vars['_docker_entrypoint']['value'] if not _docker_vars['_docker_entrypoint']['omit'] else omit) }}"+    env: "{{ _docker_env+          if (_docker_env | length > 0)+          else omit }}"+    env_file: "{{ (_docker_vars['_docker_env_file']['value'] if not _docker_vars['_docker_env_file']['omit'] else omit) }}"+    etc_hosts: "{{ _docker_etc_hosts+                if (_docker_etc_hosts | length > 0)+                else omit }}"+    exposed_ports: "{{ _docker_exposed_ports+                    if (_docker_exposed_ports | length > 0)+                    else omit }}"+    groups: "{{ (_docker_vars['_docker_groups']['value'] if not _docker_vars['_docker_groups']['omit'] else omit) }}"+    healthcheck: "{{ (_docker_vars['_docker_healthcheck']['value'] if not _docker_vars['_docker_healthcheck']['omit'] else omit) }}"+    healthy_wait_timeout: "{{ _docker_vars['_docker_healthy_wait_timeout']['value'] }}"+    hostname: "{{ _docker_hostname+               if (_docker_hostname | length > 0)                else omit }}"-    image: "{{ lookup('vars', _var_prefix + '_docker_image') }}"-    init: "{{ lookup('vars', _var_prefix + '_docker_init', default=omit) }}"-    ipc_mode: "{{ lookup('vars', _var_prefix + '_docker_ipc_mode', default=omit) }}"-    keep_volumes: "{{ lookup('vars', _var_prefix + '_docker_keep_volumes', default=omit) }}"-    kernel_memory: "{{ lookup('vars', _var_prefix + '_docker_kernel_memory', default=omit) }}"-    labels: "{{ lookup('vars', _var_prefix + '_docker_labels', default=omit) }}"-    links: "{{ lookup('vars', _var_prefix + '_docker_links', default=omit) }}"-    log_driver: "{{ (docker_log_driver != 'default') | ternary(docker_log_driver, lookup('vars', _var_prefix + '_docker_log_driver', default=omit)) }}"-    log_options: "{{ (docker_log_options != 'default') | ternary(docker_log_options, lookup('vars', _var_prefix + '_docker_log_options', default=omit)) }}"-    memory: "{{ (docker_memory_default is defined) | ternary(docker_memory_default, lookup('vars', _var_prefix + '_docker_memory', default=omit)) }}"-    memory_reservation: "{{ lookup('vars', _var_prefix + '_docker_memory_reservation', default=omit) }}"-    memory_swap: "{{ lookup('vars', _var_prefix + '_docker_memory_swap', default=omit) }}"-    memory_swappiness: "{{ lookup('vars', _var_prefix + '_docker_memory_swappiness', default=omit) }}"-    mounts: "{{ lookup('vars', _var_prefix + '_docker_mounts', default=omit) }}"-    name: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }}"-    network_mode: "{{ lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common) }}"-    networks: "{{ omit-               if (lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common) == 'host') or ('container' in lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common))-               else lookup('vars', _var_prefix + '_docker_networks') }}"+    image: "{{ _docker_vars['_docker_image']['value'] }}"+    image_comparison: "desired-image"+    image_label_mismatch: "ignore"+    image_name_mismatch: "recreate"+    init: "{{ (_docker_vars['_docker_init']['value'] if not _docker_vars['_docker_init']['omit'] else omit) }}"+    ipc_mode: "{{ (_docker_vars['_docker_ipc_mode']['value'] if not _docker_vars['_docker_ipc_mode']['omit'] else omit) }}"+    keep_volumes: "{{ (_docker_vars['_docker_keep_volumes']['value'] if not _docker_vars['_docker_keep_volumes']['omit'] else omit) }}"+    kernel_memory: "{{ (_docker_vars['_docker_kernel_memory']['value'] if not _docker_vars['_docker_kernel_memory']['omit'] else omit) }}"+    kill_signal: "{{ (_docker_vars['_docker_kill_signal']['value'] if not _docker_vars['_docker_kill_signal']['omit'] else omit) }}"+    labels: "{{ _docker_labels+             if (_docker_labels | length > 0)+             else omit }}"+    links: "{{ (_docker_vars['_docker_links']['value'] if not _docker_vars['_docker_links']['omit'] else omit) }}"+    log_driver: "{{ _docker_log_driver+                 if (_docker_log_driver | length > 0)+                 else omit }}"+    log_options: "{{ _docker_log_options+                  if (_docker_log_options | length > 0)+                  else omit }}"+    memory: "{{ _docker_memory+             if (_docker_memory | length > 0)+             else omit }}"+    memory_reservation: "{{ (_docker_vars['_docker_memory_reservation']['value'] if not _docker_vars['_docker_memory_reservation']['omit'] else omit) }}"+    memory_swap: "{{ (_docker_vars['_docker_memory_swap']['value'] if not _docker_vars['_docker_memory_swap']['omit'] else omit) }}"+    memory_swappiness: "{{ (_docker_vars['_docker_memory_swappiness']['value'] if not _docker_vars['_docker_memory_swappiness']['omit'] else omit) }}"+    mounts: "{{ (_docker_vars['_docker_mounts']['value'] if not _docker_vars['_docker_mounts']['omit'] else omit) }}"+    name: "{{ _docker_vars['_docker_container']['value'] }}"+    network_mode: "{{ _docker_vars['_docker_network_mode']['value'] }}"+    networks: "{{ _docker_networks+               if (_docker_networks | length > 0)+               else omit }}"     networks_cli_compatible: true-    oom_killer: "{{ lookup('vars', _var_prefix + '_docker_oom_killer', default=omit) }}"-    oom_score_adj: "{{ lookup('vars', _var_prefix + '_docker_oom_score_adj', default=omit) }}"-    output_logs: "{{ lookup('vars', _var_prefix + '_docker_output_logs', default=omit) }}"-    paused: "{{ lookup('vars', _var_prefix + '_docker_paused', default=omit) }}"-    pid_mode: "{{ lookup('vars', _var_prefix + '_docker_pid_mode', default=omit) }}"-    privileged: "{{ lookup('vars', _var_prefix + '_docker_privileged', default=omit) }}"-    published_ports: "{{ (lookup('vars', _var_prefix + '_docker_ports', default=[]) | unique | reject('equalto', omit) | list)-                      if not ('container:' in lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common))-                      else [] }}"-    pull: "{{ lookup('vars', _var_prefix + '_docker_image_pull', default=true) | bool }}"-    read_only: "{{ lookup('vars', _var_prefix + '_docker_read_only', default=omit) }}"-    recreate: "{{ lookup('vars', _var_prefix + '_docker_recreate', default=omit) }}"-    restart_policy: "{{ lookup('vars', _var_prefix + '_docker_restart_policy', default='unless-stopped') }}"-    restart_retries: "{{ lookup('vars', _var_prefix + '_docker_restart_retries', default=omit) }}"-    runtime: "{{ lookup('vars', _var_prefix + '_docker_runtime', default=omit) }}"-    security_opts: "{{ lookup('vars', _var_prefix + '_docker_security_opts', default=omit) }}"-    shm_size: "{{ lookup('vars', _var_prefix + '_docker_shm_size', default=omit) }}"+    oom_killer: "{{ (_docker_vars['_docker_oom_killer']['value'] if not _docker_vars['_docker_oom_killer']['omit'] else omit) }}"+    oom_score_adj: "{{ (_docker_vars['_docker_oom_score_adj']['value'] if not _docker_vars['_docker_oom_score_adj']['omit'] else omit) }}"+    output_logs: "{{ (_docker_vars['_docker_output_logs']['value'] if not _docker_vars['_docker_output_logs']['omit'] else omit) }}"+    paused: "{{ (_docker_vars['_docker_paused']['value'] if not _docker_vars['_docker_paused']['omit'] else omit) }}"+    pid_mode: "{{ (_docker_vars['_docker_pid_mode']['value'] if not _docker_vars['_docker_pid_mode']['omit'] else omit) }}"+    privileged: "{{ (_docker_vars['_docker_privileged']['value'] if not _docker_vars['_docker_privileged']['omit'] else omit) }}"+    published_ports: "{{ _docker_published_ports+                      if (_docker_published_ports | length > 0)+                      else omit }}"+    pull: "{{ _docker_vars['_docker_image_pull']['value'] | bool }}"+    pull_check_mode_behavior: "image_not_present"+    read_only: "{{ (_docker_vars['_docker_read_only']['value'] if not _docker_vars['_docker_read_only']['omit'] else omit) }}"+    recreate: "{{ (_docker_vars['_docker_recreate']['value'] if not _docker_vars['_docker_recreate']['omit'] else omit) }}"+    restart_policy: "{{ _docker_vars['_docker_restart_policy']['value'] }}"+    restart_retries: "{{ (_docker_vars['_docker_restart_retries']['value'] if not _docker_vars['_docker_restart_retries']['omit'] else omit) }}"+    runtime: "{{ (_docker_vars['_docker_runtime']['value'] if not _docker_vars['_docker_runtime']['omit'] else omit) }}"+    security_opts: "{{ (_docker_vars['_docker_security_opts']['value'] if not _docker_vars['_docker_security_opts']['omit'] else omit) }}"+    shm_size: "{{ (_docker_vars['_docker_shm_size']['value'] if not _docker_vars['_docker_shm_size']['omit'] else omit) }}"     state: started-    stop_timeout: "{{ lookup('vars', _var_prefix + '_docker_stop_timeout', default='10') }}"-    storage_opts: "{{ lookup('vars', _var_prefix + '_docker_storage_opts', default=omit) }}"-    sysctls: "{{ lookup('vars', _var_prefix + '_docker_sysctls', default=omit) }}"+    stop_signal: "{{ (_docker_vars['_docker_stop_signal']['value'] if not _docker_vars['_docker_stop_signal']['omit'] else omit) }}"+    stop_timeout: "{{ _docker_vars['_docker_stop_timeout']['value'] }}"+    storage_opts: "{{ (_docker_vars['_docker_storage_opts']['value'] if not _docker_vars['_docker_storage_opts']['omit'] else omit) }}"+    sysctls: "{{ (_docker_vars['_docker_sysctls']['value'] if not _docker_vars['_docker_sysctls']['omit'] else omit) }}"     tls_hostname: localhost-    tmpfs: "{{ lookup('vars', _var_prefix + '_docker_tmpfs', default=omit) }}"-    ulimits: "{{ lookup('vars', _var_prefix + '_docker_ulimits', default=omit) }}"-    user: "{{ lookup('vars', _var_prefix + '_docker_user', default=omit) }}"-    userns_mode: "{{ lookup('vars', _var_prefix + '_docker_userns_mode', default=omit) }}"-    uts: "{{ lookup('vars', _var_prefix + '_docker_uts', default=omit) }}"-    volume_driver: "{{ lookup('vars', _var_prefix + '_docker_volume_driver', default=omit) }}"-    volumes: "{{ ((docker_volumes_common + lookup('vars', _var_prefix + '_docker_volumes', default=omit))-              if (lookup('vars', _var_prefix + '_docker_volumes_global', default=true) | bool)-              else lookup('vars', _var_prefix + '_docker_volumes', default=omit)) | unique | reject('equalto', omit) | list }}"-    volumes_from: "{{ lookup('vars', _var_prefix + '_docker_volumes_from', default=omit) }}"-    working_dir: "{{ lookup('vars', _var_prefix + '_docker_working_dir', default=omit) }}"+    tmpfs: "{{ (_docker_vars['_docker_tmpfs']['value'] if not _docker_vars['_docker_tmpfs']['omit'] else omit) }}"+    ulimits: "{{ (_docker_vars['_docker_ulimits']['value'] if not _docker_vars['_docker_ulimits']['omit'] else omit) }}"+    user: "{{ (_docker_vars['_docker_user']['value'] if not _docker_vars['_docker_user']['omit'] else omit) }}"+    userns_mode: "{{ (_docker_vars['_docker_userns_mode']['value'] if not _docker_vars['_docker_userns_mode']['omit'] else omit) }}"+    uts: "{{ (_docker_vars['_docker_uts']['value'] if not _docker_vars['_docker_uts']['omit'] else omit) }}"+    volume_driver: "{{ (_docker_vars['_docker_volume_driver']['value'] if not _docker_vars['_docker_volume_driver']['omit'] else omit) }}"+    volumes: "{{ _docker_volumes+              if (_docker_volumes | length > 0)+              else omit }}"+    volumes_from: "{{ (_docker_vars['_docker_volumes_from']['value'] if not _docker_vars['_docker_volumes_from']['omit'] else omit) }}"+    working_dir: "{{ (_docker_vars['_docker_working_dir']['value'] if not _docker_vars['_docker_working_dir']['omit'] else omit) }}"   register: create_docker_result   retries: "{{ ansible_retry_count             if (not continuous_integration)             else ansible_retry_count_ci }}"-  timeout: "{{ 300+  timeout: "{{ _docker_vars['_docker_create_timeout']['value']             if continuous_integration             else omit }}"   delay: 10-  until: create_docker_result is succeeded--- name: Resources | Tasks | Docker | Create Docker Container | Prune dangling images+  until: (create_docker_result is succeeded)++- name: "Resources | Tasks | Docker | Create Docker Container | Wait for {{ docker_create_image_prune_delay_timeout }} seconds"+  ansible.builtin.wait_for:+    timeout: "{{ docker_create_image_prune_delay_timeout }}"+  when: docker_create_image_prune and docker_create_image_prune_delay++- name: Resources | Tasks | Docker | Create Docker Container | Prune images   community.docker.docker_prune:     images: true     images_filters:-      dangling: true+      until: 24h+    timeout: 120   when: docker_create_image_prune   register: prune_images_result   retries: "{{ ansible_retry_count             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: prune_images_result is succeeded+  until: (prune_images_result is succeeded)

modified

resources/tasks/docker/network_container_health_status.yml

@@ -11,17 +11,21 @@   ansible.builtin.wait_for:     timeout: "{{ docker_network_container_health_delay }}" -- name: Resources | Tasks | Docker | Network Container Health Status | Check health of network linked container+- name: "Resources | Tasks | Docker | Network Container Health Status | Set instance name"+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"++- name: "Resources | Tasks | Docker | Network Container Health Status | Check health of network linked container"   community.docker.docker_container_info:-    name: "{{ lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }}"+    name: "{{ lookup('docker_var', '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }}"   register: docker_info -- name: Resources | Tasks | Docker | Network Container Health Status | Fail if network linked container does not exist+- name: "Resources | Tasks | Docker | Network Container Health Status | Fail if network linked container does not exist"   ansible.builtin.fail:-    msg: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }} is configured to use {{ lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }} for networking but it does not exist"-  when: not docker_info.exists+    msg: "{{ lookup('docker_var', '_docker_container', default=_var_prefix) }} is configured to use {{ lookup('docker_var', '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }} for networking but it does not exist"+  when: (not docker_info.exists) -- name: Resources | Tasks | Docker | Network Container Health Status | Fail if network linked container is not healthy+- name: "Resources | Tasks | Docker | Network Container Health Status | Fail if network linked container is not healthy"   ansible.builtin.fail:-    msg: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }} is configured to use {{ lookup('vars', _var_prefix + '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }} for networking but it is not healthy"-  when: ('State' not in docker_info.container or 'Health' not in docker_info.container.State or 'Status' not in docker_info.container.State.Health or docker_info.container.State.Health.Status != 'healthy')+    msg: "{{ lookup('docker_var', '_docker_container', default=_var_prefix) }} is configured to use {{ lookup('docker_var', '_docker_network_mode', default=docker_networks_name_common).split(':')[1] }} for networking but it is not healthy"+  when: (('State' not in docker_info.container) or ('Health' not in docker_info.container.State) or ('Status' not in docker_info.container.State.Health) or (docker_info.container.State.Health.Status != 'healthy'))

modified

resources/tasks/docker/remove_docker_container.yml

@@ -13,18 +13,25 @@                   if (var_prefix is defined)                   else role_name }}" +- name: Resources | Tasks | Docker | Remove Docker Container | Set instance name+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"+ - name: Resources | Tasks | Docker | Remove Docker Container | Remove Docker Container   community.docker.docker_container:     container_default_behavior: compatibility-    force_kill: "{{ lookup('vars', _var_prefix + '_docker_force_kill', default=omit) }}"-    kill_signal: "{{ lookup('vars', _var_prefix + '_docker_kill_signal', default=omit) }}"-    name: "{{ var_prefix | default(lookup('vars', _var_prefix + '_docker_container', default=_var_prefix)) }}"+    force_kill: "{{ lookup('docker_var', '_docker_force_kill', default=omit) }}"+    kill_signal: "{{ lookup('docker_var', '_docker_kill_signal', default=omit) }}"+    name: "{{ container_name+           if (container_name is defined)+           else lookup('docker_var', '_docker_container', default=_var_prefix) }}"     state: absent-    stop_timeout: "{{ lookup('vars', _var_prefix + '_docker_stop_timeout', default='10') }}"+    stop_signal: "{{ lookup('docker_var', '_docker_stop_signal', default=omit) }}"+    stop_timeout: "{{ lookup('docker_var', '_docker_stop_timeout', default='180') }}"     tls_hostname: localhost   register: remove_docker_result   retries: "{{ ansible_retry_count             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: remove_docker_result is succeeded+  until: (remove_docker_result is succeeded)

modified

resources/tasks/docker/restart_docker_container.yml

@@ -13,14 +13,21 @@                   if (var_prefix is defined)                   else role_name }}" +- name: Resources | Tasks | Docker | Restart Docker Container | Set instance name+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"+ - name: Resources | Tasks | Docker | Restart Docker Container | Stop Docker Container   community.docker.docker_container:     container_default_behavior: compatibility-    force_kill: "{{ lookup('vars', _var_prefix + '_docker_force_kill', default=omit) }}"-    kill_signal: "{{ lookup('vars', _var_prefix + '_docker_kill_signal', default=omit) }}"-    name: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }}"+    force_kill: "{{ lookup('docker_var', '_docker_force_kill', default=omit) }}"+    kill_signal: "{{ lookup('docker_var', '_docker_kill_signal', default=omit) }}"+    name: "{{ container_name+           if (container_name is defined)+           else lookup('docker_var', '_docker_container', default=_var_prefix) }}"     state: stopped-    stop_timeout: "{{ lookup('vars', _var_prefix + '_docker_stop_timeout', default='180') }}"+    stop_signal: "{{ lookup('docker_var', '_docker_stop_signal', default=omit) }}"+    stop_timeout: "{{ lookup('docker_var', '_docker_stop_timeout', default='180') }}"     tls_hostname: localhost     comparisons:       '*': ignore@@ -29,12 +36,14 @@             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: stop_docker_result is succeeded+  until: (stop_docker_result is succeeded)  - name: Resources | Tasks | Docker | Restart Docker Container | Start Docker Container   community.docker.docker_container:     container_default_behavior: compatibility-    name: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }}"+    name: "{{ container_name+           if (container_name is defined)+           else lookup('docker_var', '_docker_container', default=_var_prefix) }}"     state: started     tls_hostname: localhost     comparisons:@@ -44,4 +53,4 @@             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: start_docker_result is succeeded+  until: (start_docker_result is succeeded)

modified

resources/tasks/docker/set_docker_devices_variable.yml

@@ -21,4 +21,4 @@      - name: Resources | Tasks | Docker | Set Docker Devices Variable | Set 'docker_devices' variable # noqa var-naming[no-jinja]       ansible.builtin.set_fact:-        "{{ docker_devices_var_name }}": "{{ ['/dev/dri:/dev/dri'] + lookup('vars', role_name + '_docker_devices_default', default=[]) }}"+        "{{ docker_devices_var_name }}": "{{ ['/dev/dri:/dev/dri'] + lookup('docker_var', '_docker_devices_default', default=[]) }}"

modified

resources/tasks/docker/start_docker_container.yml

@@ -13,10 +13,16 @@                   if (var_prefix is defined)                   else role_name }}" +- name: Resources | Tasks | Docker | Start Docker Container | Set instance name+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"+ - name: Resources | Tasks | Docker | Start Docker Container | Start Docker Container   community.docker.docker_container:     container_default_behavior: compatibility-    name: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }}"+    name: "{{ container_name+           if (container_name is defined)+           else lookup('docker_var', '_docker_container', default=_var_prefix) }}"     state: started     tls_hostname: localhost     comparisons:@@ -26,4 +32,4 @@             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: start_docker_result is succeeded+  until: (start_docker_result is succeeded)

modified

resources/tasks/docker/start_saltbox_docker_containers.yml

@@ -12,8 +12,8 @@  - name: "Resources | Tasks | Docker | Start Saltbox Docker Containers | Get Docker service state"   ansible.builtin.set_fact:-    start_docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"-    start_docker_containers_docker_controller_service_running: "{{ (services['saltbox_managed_docker_controller.service'] is defined) and (services['saltbox_managed_docker_controller.service']['state'] == 'running') }}"+    start_docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"+    start_docker_containers_docker_controller_service_running: "{{ (ansible_facts['services']['saltbox_managed_docker_controller.service'] is defined) and (ansible_facts['services']['saltbox_managed_docker_controller.service']['state'] == 'running') }}"  - name: Resources | Tasks | Docker | Start Saltbox Docker Containers | Run Controller Tasks   when: start_docker_service_running and start_docker_containers_docker_controller_service_running

modified

resources/tasks/docker/stop_docker_container.yml

@@ -13,14 +13,21 @@                   if (var_prefix is defined)                   else role_name }}" +- name: Resources | Tasks | Docker | Stop Docker Container | Set instance name+  ansible.builtin.set_fact:+    _instance_name: "{{ lookup('vars', _var_prefix + '_name', default=_var_prefix) }}"+ - name: Resources | Tasks | Docker | Stop Docker Container | Stop Docker Container   community.docker.docker_container:     container_default_behavior: compatibility-    force_kill: "{{ lookup('vars', _var_prefix + '_docker_force_kill', default=omit) }}"-    kill_signal: "{{ lookup('vars', _var_prefix + '_docker_kill_signal', default=omit) }}"-    name: "{{ lookup('vars', _var_prefix + '_docker_container', default=_var_prefix) }}"+    force_kill: "{{ lookup('docker_var', '_docker_force_kill', default=omit) }}"+    kill_signal: "{{ lookup('docker_var', '_docker_kill_signal', default=omit) }}"+    name: "{{ container_name+           if (container_name is defined)+           else lookup('docker_var', '_docker_container', default=_var_prefix) }}"     state: stopped-    stop_timeout: "{{ lookup('vars', _var_prefix + '_docker_stop_timeout', default='180') }}"+    stop_signal: "{{ lookup('docker_var', '_docker_stop_signal', default=omit) }}"+    stop_timeout: "{{ lookup('docker_var', '_docker_stop_timeout', default='180') }}"     tls_hostname: localhost     comparisons:       '*': ignore@@ -29,4 +36,4 @@             if (not continuous_integration)             else ansible_retry_count_ci }}"   delay: 10-  until: stop_docker_result is succeeded+  until: (stop_docker_result is succeeded)

modified

resources/tasks/docker/stop_saltbox_docker_containers.yml

@@ -12,8 +12,8 @@  - name: "Resources | Tasks | Docker | Stop Saltbox Docker Containers | Get Docker service state"   ansible.builtin.set_fact:-    stop_docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"-    stop_docker_containers_docker_controller_service_running: "{{ (services['saltbox_managed_docker_controller.service'] is defined) and (services['saltbox_managed_docker_controller.service']['state'] == 'running') }}"+    stop_docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"+    stop_docker_containers_docker_controller_service_running: "{{ (ansible_facts['services']['saltbox_managed_docker_controller.service'] is defined) and (ansible_facts['services']['saltbox_managed_docker_controller.service']['state'] == 'running') }}"  - name: Resources | Tasks | Docker | Stop Saltbox Docker Containers | Run Controller Tasks   when: stop_docker_service_running and stop_docker_containers_docker_controller_service_running

modified

resources/tasks/git/clone_git_repo.yml

@@ -15,10 +15,10 @@  - name: Resources | Tasks | Git | Clone Git Repo | Set '_git_repo_*' variables   ansible.builtin.set_fact:-    _git_repo_url: "{{ lookup('vars', _var_prefix + '_git_repo_url') }}"-    _git_repo_dest: "{{ lookup('vars', _var_prefix + '_git_repo_dest') }}"-    _git_repo_branch_primary: "{{ lookup('vars', _var_prefix + '_git_repo_branch_primary') }}"-    _git_repo_branch_secondary: "{{ lookup('vars', _var_prefix + '_git_repo_branch_secondary', default='master') }}"+    _git_repo_url: "{{ git_repo_url }}"+    _git_repo_dest: "{{ git_repo_dest }}"+    _git_repo_branch_primary: "{{ git_repo_branch_primary }}"+    _git_repo_branch_secondary: "{{ git_repo_branch_secondary | default('main') }}"  - name: Resources | Tasks | Git | Clone Git Repo | Check for existing git folder   ansible.builtin.stat:@@ -28,7 +28,6 @@ - name: Resources | Tasks | Git | Clone Git Repo | Existing repo block   when: _git_repo_dest_stat.stat.exists   block:-     - name: Resources | Tasks | Git | Clone Git Repo | Get current git branch       ansible.builtin.shell: |         cd {{ _git_repo_dest }}@@ -38,7 +37,7 @@     - name: Resources | Tasks | Git | Clone Git Repo | Update target branch       ansible.builtin.set_fact:         _git_repo_branch_primary: "{{ _git_repo_branch_secondary }}"-      when: _git_repo_branch_secondary == _git_repo_dest_current_branch | trim+      when: (_git_repo_branch_secondary == (_git_repo_dest_current_branch | trim))  - name: Resources | Tasks | Git | Clone Git Repo | git clone repo '{{ _git_repo_branch_primary }}'   ansible.builtin.git:@@ -53,9 +52,8 @@   register: _git_clone_status  - name: Resources | Tasks | Git | Clone Git Repo | Tasks when above fails-  when: _git_clone_status is failed+  when: (_git_clone_status is failed)   block:-     - name: Resources | Tasks | Git | Clone Git Repo | git clone repo 'master' if above fails       ansible.builtin.git:         repo: "{{ _git_repo_url }}"@@ -76,4 +74,4 @@         git remote add origin {{ _git_repo_url }}         git fetch origin         git reset --hard origin/{{ _git_repo_branch_primary }}-      when: _git_clone_master_status is failed+      when: (_git_clone_master_status is failed)

modified

resources/tasks/instances/get_info.yml

@@ -7,12 +7,30 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Resources | Tasks | Instances | Get Info | Run Sonarr Tasks-  ansible.builtin.include_tasks: sonarr.yml+- name: Resources | Tasks | Instances | Get Info | Run Lidarr Tasks+  ansible.builtin.include_tasks: lidarr.yml   vars:-    sonarr_name: "{{ item }}"-  with_items: "{{ sonarr_instances }}"-  when: ('sonarr' in get_info_list)+    lidarr_name: "{{ item }}"+  with_items: "{{ lidarr_instances }}"+  when: ('lidarr' in get_info_list)++- name: Resources | Tasks | Instances | Get Info | Run NZBGet Tasks+  ansible.builtin.include_tasks: nzbget.yml+  when: ('nzbget' in get_info_list)++- name: Resources | Tasks | Instances | Get Info | Run Overseerr Tasks+  ansible.builtin.include_tasks: overseerr.yml+  vars:+    overseerr_name: "{{ item }}"+  with_items: "{{ overseerr_instances }}"+  when: ('overseerr' in get_info_list)++- name: Resources | Tasks | Instances | Get Info | Run Plex Tasks+  ansible.builtin.include_tasks: plex.yml+  vars:+    plex_name: "{{ item }}"+  with_items: "{{ plex_instances }}"+  when: ('plex' in get_info_list)  - name: Resources | Tasks | Instances | Get Info | Run Radarr Tasks   ansible.builtin.include_tasks: radarr.yml@@ -21,23 +39,13 @@   with_items: "{{ radarr_instances }}"   when: ('radarr' in get_info_list) -- name: Resources | Tasks | Instances | Get Info | Run Lidarr Tasks-  ansible.builtin.include_tasks: lidarr.yml+- name: Resources | Tasks | Instances | Get Info | Run SABnzbd Tasks+  ansible.builtin.include_tasks: sabnzbd.yml+  when: ('sabnzbd' in get_info_list)++- name: Resources | Tasks | Instances | Get Info | Run Sonarr Tasks+  ansible.builtin.include_tasks: sonarr.yml   vars:-    lidarr_name: "{{ item }}"-  with_items: "{{ lidarr_instances }}"-  when: ('lidarr' in get_info_list)--- name: Resources | Tasks | Instances | Get Info | Run Plex Tasks-  ansible.builtin.include_tasks: plex.yml-  vars:-    plex_name: "{{ item }}"-  with_items: "{{ plex_instances }}"-  when: ('plex' in get_info_list)--- name: Resources | Tasks | Instances | Get Info | Run Overseerr Tasks-  ansible.builtin.include_tasks: overseerr.yml-  vars:-    overseerr_name: "{{ item }}"-  with_items: "{{ overseerr_instances }}"-  when: ('overseerr' in get_info_list)+    sonarr_name: "{{ item }}"+  with_items: "{{ sonarr_instances }}"+  when: ('sonarr' in get_info_list)

modified

resources/tasks/instances/lidarr.yml

@@ -9,7 +9,7 @@ --- - name: Resources | Tasks | Instances | Get Info | Check if Lidarr exists   ansible.builtin.stat:-    path: "{{ lidarr_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='lidarr') }}"   register: lidarr_paths_config_location_stat  - name: Resources | Tasks | Instances | Get Info | Lidarr API Key tasks@@ -17,16 +17,16 @@   block:     - name: Resources | Tasks | Instances | Get Info | Fetch Lidarr API Key       community.general.xml:-        path: "{{ lidarr_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='lidarr') }}"         xpath: /Config/ApiKey         content: text       register: xmlresp      - name: Resources | Tasks | Instances | Get Info | Set 'lidarr_info' variable       ansible.builtin.set_fact:-        lidarr_info: "{{ lidarr_info | default({}) | combine({lidarr_name: {'name': lidarr_name, 'url': lidarr_web_url, 'api_key': xmlresp.matches[0].ApiKey}}) }}"+        lidarr_info: "{{ lidarr_info | default({}) | combine({lidarr_name: {'name': lidarr_name, 'url': lookup('role_var', '_web_url', role='lidarr'), 'api_key': xmlresp.matches[0].ApiKey}}) }}"  - name: Resources | Tasks | Instances | Get Info | Set 'lidarr_info' variable   ansible.builtin.set_fact:-    lidarr_info: "{{ lidarr_info | default({}) | combine({lidarr_name: {'name': lidarr_name, 'url': lidarr_web_url, 'api_key': 'not installed'}}) }}"+    lidarr_info: "{{ lidarr_info | default({}) | combine({lidarr_name: {'name': lidarr_name, 'url': lookup('role_var', '_web_url', role='lidarr'), 'api_key': 'not installed'}}) }}"   when: (not lidarr_paths_config_location_stat.stat.exists)

modified

resources/tasks/instances/overseerr.yml

@@ -9,21 +9,21 @@ --- - name: Resources | Tasks | Instances | Get Info | Check if Overseerr exists   ansible.builtin.stat:-    path: "{{ overseerr_paths_config_location }}"-  register: overseerr_paths_config_location_stat+    path: "{{ lookup('role_var', '_paths_config_location', role='overseerr') }}"+  register: overseerr_role_paths_config_location_stat  - name: Resources | Tasks | Instances | Get Info | Overseerr API Key tasks-  when: overseerr_paths_config_location_stat.stat.exists+  when: overseerr_role_paths_config_location_stat.stat.exists   block:     - name: Resources | Tasks | Instances | Get Info | Fetch Overseerr API Key       ansible.builtin.set_fact:-        jsondata: "{{ lookup('ansible.builtin.file', overseerr_paths_config_location) }}"+        jsondata: "{{ lookup('ansible.builtin.file', lookup('role_var', '_paths_config_location', role='overseerr')) | from_json }}"      - name: Resources | Tasks | Instances | Get Info | Set 'overseerr_info' variable       ansible.builtin.set_fact:-        overseerr_info: "{{ overseerr_info | default({}) | combine({overseerr_name: {'name': overseerr_name, 'url': overseerr_web_url, 'api_key': jsondata.main.apiKey}}) }}"+        overseerr_info: "{{ overseerr_info | default({}) | combine({overseerr_name: {'name': overseerr_name, 'url': lookup('role_var', '_web_url', role='overseerr'), 'api_key': jsondata.main.apiKey}}) }}"  - name: Resources | Tasks | Instances | Get Info | Set 'overseerr_info' variable   ansible.builtin.set_fact:-    overseerr_info: "{{ overseerr_info | default({}) | combine({overseerr_name: {'name': overseerr_name, 'url': overseerr_web_url, 'api_key': 'not installed'}}) }}"-  when: (not overseerr_paths_config_location_stat.stat.exists)+    overseerr_info: "{{ overseerr_info | default({}) | combine({overseerr_name: {'name': overseerr_name, 'url': lookup('role_var', '_web_url', role='overseerr'), 'api_key': 'not installed'}}) }}"+  when: (not overseerr_role_paths_config_location_stat.stat.exists)

modified

resources/tasks/instances/plex.yml

@@ -18,4 +18,4 @@  - name: Resources | Tasks | Instances | Get Info | Set 'plex_info' variable   ansible.builtin.set_fact:-    plex_info: "{{ plex_info | default({}) | combine({plex_name: {'name': plex_name, 'url': plex_web_url, 'token': plex_auth_token}}) }}"+    plex_info: "{{ plex_info | default({}) | combine({plex_name: {'name': plex_name, 'url': lookup('role_var', '_web_url', role='plex'), 'token': plex_auth_token}}) }}"

modified

resources/tasks/instances/radarr.yml

@@ -9,24 +9,24 @@ --- - name: Resources | Tasks | Instances | Get Info | Check if Radarr exists   ansible.builtin.stat:-    path: "{{ radarr_paths_config_location }}"-  register: radarr_paths_config_location_stat+    path: "{{ lookup('role_var', '_paths_config_location', role='radarr') }}"+  register: radarr_role_paths_config_location_stat  - name: Resources | Tasks | Instances | Get Info | Radarr API Key tasks-  when: radarr_paths_config_location_stat.stat.exists+  when: radarr_role_paths_config_location_stat.stat.exists   block:     - name: Resources | Tasks | Instances | Get Info | Fetch Radarr API Key       community.general.xml:-        path: "{{ radarr_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='radarr') }}"         xpath: /Config/ApiKey         content: text       register: xmlresp      - name: Resources | Tasks | Instances | Get Info | Set 'radarr_info' variable       ansible.builtin.set_fact:-        radarr_info: "{{ radarr_info | default({}) | combine({radarr_name: {'name': radarr_name, 'url': radarr_web_url, 'api_key': xmlresp.matches[0].ApiKey}}) }}"+        radarr_info: "{{ radarr_info | default({}) | combine({radarr_name: {'name': radarr_name, 'url': lookup('role_var', '_web_url', role='radarr'), 'api_key': xmlresp.matches[0].ApiKey}}) }}"  - name: Resources | Tasks | Instances | Get Info | Set 'radarr_info' variable   ansible.builtin.set_fact:-    radarr_info: "{{ radarr_info | default({}) | combine({radarr_name: {'name': radarr_name, 'url': radarr_web_url, 'api_key': 'not installed'}}) }}"-  when: (not radarr_paths_config_location_stat.stat.exists)+    radarr_info: "{{ radarr_info | default({}) | combine({radarr_name: {'name': radarr_name, 'url': lookup('role_var', '_web_url', role='radarr'), 'api_key': 'not installed'}}) }}"+  when: (not radarr_role_paths_config_location_stat.stat.exists)

modified

resources/tasks/instances/sonarr.yml

@@ -9,24 +9,24 @@ --- - name: Resources | Tasks | Instances | Get Info | Check if Sonarr exists   ansible.builtin.stat:-    path: "{{ sonarr_paths_config_location }}"-  register: sonarr_paths_config_location_stat+    path: "{{ lookup('role_var', '_paths_config_location', role='sonarr') }}"+  register: sonarr_role_paths_config_location_stat  - name: Resources | Tasks | Instances | Get Info | Sonarr API Key tasks-  when: sonarr_paths_config_location_stat.stat.exists+  when: sonarr_role_paths_config_location_stat.stat.exists   block:     - name: Resources | Tasks | Instances | Get Info | Fetch Sonarr API Key       community.general.xml:-        path: "{{ sonarr_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='sonarr') }}"         xpath: /Config/ApiKey         content: text       register: xmlresp      - name: Resources | Tasks | Instances | Get Info | Set 'sonarr_info' variable       ansible.builtin.set_fact:-        sonarr_info: "{{ sonarr_info | default({}) | combine({sonarr_name: {'name': sonarr_name, 'url': sonarr_web_url, 'api_key': xmlresp.matches[0].ApiKey}}) }}"+        sonarr_info: "{{ sonarr_info | default({}) | combine({sonarr_name: {'name': sonarr_name, 'url': lookup('role_var', '_web_url', role='sonarr'), 'api_key': xmlresp.matches[0].ApiKey}}) }}"  - name: Resources | Tasks | Instances | Get Info | Set 'sonarr_info' variable   ansible.builtin.set_fact:-    sonarr_info: "{{ sonarr_info | default({}) | combine({sonarr_name: {'name': sonarr_name, 'url': sonarr_web_url, 'api_key': 'not installed'}}) }}"-  when: (not sonarr_paths_config_location_stat.stat.exists)+    sonarr_info: "{{ sonarr_info | default({}) | combine({sonarr_name: {'name': sonarr_name, 'url': lookup('role_var', '_web_url', role='sonarr'), 'api_key': 'not installed'}}) }}"+  when: (not sonarr_role_paths_config_location_stat.stat.exists)

modified

resources/tasks/systemd/delete_service.yml

@@ -28,7 +28,7 @@      - name: Resources | Tasks | systemd | Delete Service | get '{{ _service_file }}' state       ansible.builtin.set_fact:-        service_running: "{{ (services[_service_file] is defined) and (services[_service_file]['state'] == 'running') }}"+        service_running: "{{ (ansible_facts['services'][_service_file] is defined) and (ansible_facts['services'][_service_file]['state'] == 'running') }}"      - name: Resources | Tasks | systemd | Delete Service | stop '{{ _service_file }}'       ansible.builtin.systemd_service:@@ -50,4 +50,4 @@      - name: Resources | Tasks | systemd | Delete Service | systemd daemon-reload       ansible.builtin.systemd_service:-        daemon_reload: yes+        daemon_reload: true

modified

resources/tasks/systemd/disable_service.yml

@@ -28,7 +28,7 @@      - name: Resources | Tasks | systemd | Disable Service | get '{{ _service_file }}' state       ansible.builtin.set_fact:-        service_running: "{{ (services[_service_file] is defined) and (services[_service_file]['state'] == 'running') }}"+        service_running: "{{ (ansible_facts['services'][_service_file] is defined) and (ansible_facts['services'][_service_file]['state'] == 'running') }}"      - name: Resources | Tasks | systemd | Disable Service | stop '{{ _service_file }}'       ansible.builtin.systemd_service:

modified

resources/tasks/systemd/stop_service.yml

@@ -28,7 +28,7 @@      - name: Resources | Tasks | systemd | Stop Service | get '{{ _service_file }}' state       ansible.builtin.set_fact:-        service_running: "{{ (services[_service_file] is defined) and (services[_service_file]['state'] == 'running') }}"+        service_running: "{{ (ansible_facts['services'][_service_file] is defined) and (ansible_facts['services'][_service_file]['state'] == 'running') }}"      - name: Resources | Tasks | systemd | Stop Service | stop '{{ _service_file }}'       ansible.builtin.systemd_service:

modified

resources/tasks/systemd/update_service_credentials.yml

@@ -39,5 +39,5 @@      - name: Resources | Tasks | systemd | Update Service Credentials | systemd daemon-reload       ansible.builtin.systemd_service:-        daemon_reload: yes-      when: credentials_state is changed+        daemon_reload: true+      when: (credentials_state is changed)

modified

roles/arr_db/defaults/main.yml

@@ -21,8 +21,8 @@ # Variables ################################ -arr_path_logs_db: "{{ lookup('vars', arr_type + '_paths_location') }}/logs.db"-arr_path_main_db: "{{ lookup('vars', arr_type + '_paths_location') }}/{{ arr_type }}.db"+arr_path_logs_db: "{{ lookup('vars', arr_type + '_role_paths_location') }}/logs.db"+arr_path_main_db: "{{ lookup('vars', arr_type + '_role_paths_location') }}/{{ arr_type }}.db" arr_db_files:   - "logs.db"   - "{{ arr_type }}.db"

modified

roles/arr_db/tasks/arr.yml

@@ -48,7 +48,7 @@         mode: "0775"      - name: "{{ arr_type | capitalize }} | Backup databases"-      ansible.builtin.shell: "cp '{{ lookup('vars', arr_type + '_paths_location') }}/{{ item }}' /tmp/{{ lookup('vars', arr_type + '_name') }}_backup/"+      ansible.builtin.shell: "cp '{{ lookup('vars', arr_type + '_role_paths_location') }}/{{ item }}' /tmp/{{ lookup('vars', arr_type + '_name') }}_backup/"       loop: "{{ arr_db_files }}"      - name: "{{ arr_type | capitalize }} | Vacuum '{{ arr_path_main_db | basename }}' database"@@ -74,12 +74,12 @@   rescue:     - name: "{{ arr_type | capitalize }} | Delete wal and shm files"       ansible.builtin.file:-        path: "{{ lookup('vars', arr_type + '_paths_location') }}/{{ item }}"+        path: "{{ lookup('vars', arr_type + '_role_paths_location') }}/{{ item }}"         state: absent       with_items: "{{ arr_db_temp_files }}"      - name: "{{ arr_type | capitalize }} | Restore database backup"-      ansible.builtin.shell: "cp -f '/tmp/{{ lookup('vars', arr_type + '_name') }}_backup/{{ item }}' '{{ lookup('vars', arr_type + '_paths_location') }}/{{ item }}'"+      ansible.builtin.shell: "cp -f '/tmp/{{ lookup('vars', arr_type + '_name') }}_backup/{{ item }}' '{{ lookup('vars', arr_type + '_role_paths_location') }}/{{ item }}'"       loop: "{{ arr_db_files }}"  - name: "{{ arr_type | capitalize }} | Start Docker container"

modified

roles/arr_db/tasks/main.yml

@@ -19,7 +19,7 @@ - name: Install SQLite3   ansible.builtin.apt:     name: sqlite3-    state: present+    state: latest  - name: "Execute Sonarr DB tasks"   ansible.builtin.include_tasks: arr.yml

modified

roles/arr_db/tasks/tautulli.yml

@@ -9,7 +9,7 @@ --- - name: "Tautulli | Check if '{{ arr_db_tautulli_database }}' exists"   ansible.builtin.stat:-    path: "{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}"+    path: "{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}"   register: arr_db  - name: "Tautulli | Fail if database does not exist"@@ -23,7 +23,7 @@     var_prefix: "tautulli"  - name: "Tautulli | Check if database passes integrity_check"-  ansible.builtin.shell: "sqlite3 '{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}' 'PRAGMA integrity_check(1)'"+  ansible.builtin.shell: "sqlite3 '{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}' 'PRAGMA integrity_check(1)'"   register: arr_db_integrity_check   failed_when: (arr_db_integrity_check.stdout != 'ok') @@ -38,27 +38,27 @@         mode: "0775"      - name: "Tautulli | Backup databases"-      ansible.builtin.shell: "cp '{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}' /tmp/{{ tautulli_name }}_backup/"+      ansible.builtin.shell: "cp '{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}' /tmp/{{ tautulli_name }}_backup/"      - name: "Tautulli | Vacuum '{{ arr_db_tautulli_database | basename }}' database"-      ansible.builtin.shell: "sqlite3 '{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}' 'VACUUM;'"+      ansible.builtin.shell: "sqlite3 '{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}' 'VACUUM;'"       register: arr_db_vacuum       failed_when: (arr_db_vacuum.rc != 0)      - name: "Tautulli | Reindex '{{ arr_db_tautulli_database | basename }}' database"-      ansible.builtin.shell: "sqlite3 '{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}' 'REINDEX;'"+      ansible.builtin.shell: "sqlite3 '{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}' 'REINDEX;'"       register: arr_db_reindex       failed_when: (arr_db_reindex.rc != 0)    rescue:     - name: "Tautulli | Delete wal and shm files"       ansible.builtin.file:-        path: "{{ tautulli_paths_location }}/{{ item }}"+        path: "{{ tautulli_role_paths_location }}/{{ item }}"         state: absent       with_items: "{{ arr_db_tautulli_temp_files }}"      - name: "Tautulli | Restore database backup"-      ansible.builtin.shell: "cp -f '/tmp/{{ tautulli_name }}_backup/{{ arr_db_tautulli_database }}' '{{ tautulli_paths_location }}/{{ arr_db_tautulli_database }}'"+      ansible.builtin.shell: "cp -f '/tmp/{{ tautulli_name }}_backup/{{ arr_db_tautulli_database }}' '{{ tautulli_role_paths_location }}/{{ arr_db_tautulli_database }}'"  - name: "Tautulli | Start Docker container"   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/asshama/tasks/subtasks/loop.yml

@@ -22,28 +22,28 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"   with_items:-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Scanners'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Scanners/Series'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/AniDB'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/Plex'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/OMDB'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TMDB'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/blank'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/_cache/fanart/original'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/episodes'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/fanart/original'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/fanart/vignette'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/graphical'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/posters'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/seasons'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/seasonswide'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/text'-    - '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/FanartTV'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Scanners'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Scanners/Series'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/AniDB'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/Plex'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/OMDB'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TMDB'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/blank'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/_cache/fanart/original'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/episodes'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/fanart/original'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/fanart/vignette'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/graphical'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/posters'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/seasons'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/seasonswide'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/TVDB/text'+    - '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-in Support/Data/com.plexapp.agents.hama/DataItems/FanartTV'  - name: "Get latest Absolute Series Scanner.py"   ansible.builtin.get_url:     url: https://raw.githubusercontent.com/ZeroQI/Absolute-Series-Scanner/master/Scanners/Series/Absolute%20Series%20Scanner.py-    dest: "{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Scanners/Series/Absolute Series Scanner.py"+    dest: "{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Scanners/Series/Absolute Series Scanner.py"     mode: "0775"   register: x   until: "x is not failed"@@ -54,7 +54,7 @@  - name: "Set ASS directory permissions"   ansible.builtin.file:-    path: '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Scanners'+    path: '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Scanners'     state: directory     mode: "0775"     owner: "{{ user.name }}"@@ -64,7 +64,7 @@ - name: "Clone Hama Bundle"   ansible.builtin.git:     repo: https://github.com/ZeroQI/Hama.bundle.git-    dest: '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins/Hama.bundle'+    dest: '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins/Hama.bundle'     clone: true     version: HEAD     force: true@@ -73,7 +73,7 @@  - name: "Set HAMA directory permissions"   ansible.builtin.file:-    path: '{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins/Hama.bundle'+    path: '{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins/Hama.bundle'     state: directory     mode: "0775"     owner: "{{ user.name }}"

modified

roles/authelia/defaults/main.yml

@@ -17,268 +17,330 @@ # Settings ################################ +# Themes - Sub-section Start # Options are light, dark, grey or auto.-authelia_theme: "auto"--# Options are file or ldap-authelia_authentication_backend: "file"-authelia_authentication_backend_password_reset_disable: "false"-authelia_authentication_backend_password_reset_custom_url: ""-authelia_authentication_backend_refresh_interval: "5m"-authelia_authentication_backend_file_path: "/config/users_database.yml"-authelia_authentication_backend_file_watch: "true"-authelia_authentication_backend_file_password_algorithm: "argon2"-authelia_authentication_backend_file_password_argon2_variant: "argon2id"-authelia_authentication_backend_file_password_argon2_iterations: "3"-authelia_authentication_backend_file_password_argon2_memory: "65536"-authelia_authentication_backend_file_password_argon2_parallelism: "4"-authelia_authentication_backend_file_password_argon2_key_length: "32"-authelia_authentication_backend_file_password_argon2_salt_length: "16"-+authelia_role_theme: "auto"+# Themes - Sub-section End++# Logs - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/miscellaneous/logging/+# [NOGLOBAL] Logrotate configuration variable+authelia_role_log_max_backups: "3"+# [NOGLOBAL] Logrotate configuration variable+authelia_role_log_max_size: "10"+authelia_role_log_level: "info"+authelia_role_log_format: "text"+authelia_role_log_file_path: "/config/authelia.log"+authelia_role_log_keep_stdout: true+# Logs - Sub-section End++# Authentication Backend - Sub-section Start+# [GLOBAL] https://www.authelia.com/configuration/first-factor/introduction/+# [GLOBAL] https://www.authelia.com/configuration/first-factor/file/+# [NOGLOBAL] Options are file or ldap+authelia_role_authentication_backend: "file"+authelia_role_authentication_backend_password_change_disable: false+authelia_role_authentication_backend_password_reset_disable: false+authelia_role_authentication_backend_password_reset_custom_url: ""+authelia_role_authentication_backend_refresh_interval: "5m"+authelia_role_authentication_backend_file_path: "/config/users_database.yml"+authelia_role_authentication_backend_file_watch: true+authelia_role_authentication_backend_file_password_algorithm: "argon2"+authelia_role_authentication_backend_file_password_argon2_variant: "argon2id"+authelia_role_authentication_backend_file_password_argon2_iterations: "3"+authelia_role_authentication_backend_file_password_argon2_memory: "65536"+authelia_role_authentication_backend_file_password_argon2_parallelism: "4"+authelia_role_authentication_backend_file_password_argon2_key_length: "32"+authelia_role_authentication_backend_file_password_argon2_salt_length: "16"+# Authentication Backend - Sub-section End++# Access Control - Sub-section Start # Setting for default Access Control Policy - recommended options one_factor or two_factor # Reference: https://www.authelia.com/configuration/security/access-control/#one_factor-authelia_access_control_policy: "one_factor"--# Settings for Duo-# Reference: https://www.authelia.com/configuration/second-factor/duo/-authelia_duo_enabled: false-authelia_duo_hostname: ""-authelia_duo_integration_key: ""-authelia_duo_secret_key: ""-authelia_duo_self_enrollment: "true"--# Settings for Webauthn-# Reference: https://www.authelia.com/configuration/second-factor/webauthn/-authelia_webauthn_disable: false-authelia_webauthn_display_name: "Authelia"-authelia_webauthn_attestation_conveyance_preference: "indirect"-authelia_webauthn_user_verification: "preferred"-authelia_webauthn_timeout: "60s"--# Settings for Notifier-# Reference: https://www.authelia.com/configuration/notifications/introduction/-# Options are filesystem or smtp. Options specific to smtp prefixed with smtp-authelia_notifier: "filesystem"-authelia_notifier_disable_startup_check: "false"-authelia_notifier_smtp_host: ""-authelia_notifier_smtp_port: ""-authelia_notifier_smtp_timeout: ""-authelia_notifier_smtp_username: ""-authelia_notifier_smtp_password: ""-authelia_notifier_smtp_sender: ""-authelia_notifier_smtp_identifier: ""-authelia_notifier_smtp_subject: ""-authelia_notifier_smtp_startup_check_address: ""-authelia_notifier_smtp_disable_require_tls: ""-authelia_notifier_smtp_disable_html_emails: ""-authelia_notifier_smtp_tls_server_name: ""-authelia_notifier_smtp_tls_skip_verify: ""-authelia_notifier_smtp_tls_minimum_version: ""--# Settings for Authelia's server-# Reference: https://www.authelia.com/configuration/miscellaneous/server/-# https://www.authelia.com/c/server#buffer-sizes-authelia_server_address: "0.0.0.0:9091"-authelia_server_buffers_read: "10485760"-authelia_server_buffers_write: "10485760"-authelia_server_enable_pprof: "false"-authelia_server_enable_expvars: "false"-authelia_server_disable_healthcheck: "false"-authelia_server_headers_csp_template: "default-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src-elem 'self' *.{{ user.domain }} {{ user.domain }}; script-src-attr 'self' *.{{ user.domain }} {{ user.domain }}; style-src 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-elem 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-attr 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; img-src 'self' *.{{ user.domain }} {{ user.domain }}; font-src 'self' *.{{ user.domain }} {{ user.domain }}; connect-src 'self' *.{{ user.domain }} {{ user.domain }}; media-src 'self' *.{{ user.domain }} {{ user.domain }}; object-src 'self' *.{{ user.domain }} {{ user.domain }}; child-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-src 'self' *.{{ user.domain }} {{ user.domain }}; worker-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-ancestors 'self' *.{{ user.domain }} {{ user.domain }}; form-action 'self' *.{{ user.domain }} {{ user.domain }}; base-uri 'self'"--# Settings for Logging-# Reference: https://www.authelia.com/configuration/miscellaneous/logging/-authelia_log_level: "info"-authelia_log_format: "text"-authelia_log_file_path: "/config/authelia.log"-authelia_log_keep_stdout: "true"--# JWT-authelia_jwt_secret: "{{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=32) }}"--# TOTP-authelia_totp_issuer: "authelia.com"-authelia_totp_period: "30"-authelia_totp_skew: "1"-authelia_totp_digits: "6"-authelia_totp_secret_size: "32"--# Default redirection-authelia_default_redirection_url: ""--# Default 2FA Method-authelia_default_2fa_method: ""--# NTP-authelia_ntp_address: "time.cloudflare.com:123"-authelia_ntp_version: "3"-authelia_ntp_max_desync: "3s"-authelia_ntp_disable_startup_check: "false"-authelia_ntp_disable_failure: "false"--# Password Policy-authelia_password_policy_standard_enabled: "false"-authelia_password_policy_standard_min_length: "8"-authelia_password_policy_standard_max_length: "0"-authelia_password_policy_standard_require_uppercase: "true"-authelia_password_policy_standard_require_lowercase: "true"-authelia_password_policy_standard_require_number: "true"-authelia_password_policy_standard_require_special: "true"-authelia_password_policy_zxcvbn_enabled: "false"-authelia_password_policy_zxcvbn_min_score: "3"--# Access Control-authelia_access_control_whitelist_host: false-authelia_access_control_default_policy: "deny"-authelia_access_control_rules:+authelia_role_access_control_policy: "one_factor"+# Whitelists the host IPv4/IPv6 addresses depending on which are enabled+authelia_role_access_control_whitelist_host: false+# Whitelists the saltbox Docker network IP subnet+authelia_role_access_control_whitelist_docker: false+# Skip docs+authelia_role_access_control_default_policy: "deny"+# Skip docs+authelia_role_access_control_rules:   - domain:       - "{{ '*.' + user.domain | lower }}"       - "{{ user.domain | lower }}"-    policy: "{{ authelia_access_control_policy }}"--authelia_access_control_whitelist_rules_lookup: "{{ authelia_access_control_whitelist_rules if authelia_access_control_whitelist_host and ((dns.ipv4 | default(true)) or (dns.ipv6 | default(false))) else [] }}"--authelia_access_control_whitelist_rules:+    policy: "{{ lookup('role_var', '_access_control_policy', role='authelia') }}"++# Skip docs+authelia_role_access_control_whitelist_rules_lookup: "{{ lookup('role_var', '_access_control_whitelist_rules_docker_lookup', role='authelia')+                                                         + lookup('role_var', '_access_control_whitelist_rules_host_lookup', role='authelia') }}"+++# Skip docs+authelia_role_access_control_whitelist_rules_docker_lookup: "{{ lookup('role_var', '_access_control_whitelist_rules_docker', role='authelia')+                                                             if lookup('role_var', '_access_control_whitelist_docker', role='authelia')+                                                             else [] }}"++# Skip docs+authelia_role_access_control_whitelist_rules_host_lookup: "{{ lookup('role_var', '_access_control_whitelist_rules_host', role='authelia')+                                                           if lookup('role_var', '_access_control_whitelist_host', role='authelia') and (dns_ipv4_enabled or dns_ipv6_enabled)+                                                           else [] }}"++# Skip docs+authelia_role_access_control_whitelist_rules_host:   - domain:       - "{{ '*.' + user.domain }}"       - "{{ user.domain }}"     policy: bypass-    networks: "{{ authelia_access_control_whitelist_networks | unique | reject('equalto', omit) | list }}"--authelia_access_control_whitelist_networks:-  - "{{ (ip_address_public + '/32') if (dns.ipv4 | default(true)) else omit }}"-  - "{{ (ipv6_address_public + '/128') if (dns.ipv6 | default(false)) else omit }}"+    networks: "{{ lookup('role_var', '_access_control_whitelist_networks_host', role='authelia') | unique | reject('equalto', omit) | list }}"++# Skip docs+authelia_role_access_control_whitelist_rules_docker:+  - domain:+      - "{{ '*.' + user.domain }}"+      - "{{ user.domain }}"+    policy: bypass+    networks: "{{ lookup('role_var', '_access_control_whitelist_networks_docker', role='authelia') | unique | reject('equalto', omit) | list }}"++# Skip docs+authelia_role_access_control_whitelist_networks_docker:+  - "172.19.0.0/16"++# Skip docs+authelia_role_access_control_whitelist_networks_host:+  - "{{ (ip_address_public + '/32') if dns_ipv4_enabled else omit }}"+  - "{{ (ipv6_address_public + '/128') if dns_ipv6_enabled else omit }}"+# Access Control - Sub-section End++# Second Factor - Sub-section Start+authelia_role_default_2fa_method: ""+# Second Factor - Sub-section End++# Second Factor - Duo - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/second-factor/duo/+authelia_role_duo_enabled: false+authelia_role_duo_hostname: ""+authelia_role_duo_integration_key: ""+authelia_role_duo_secret_key: ""+authelia_role_duo_self_enrollment: true+# Second Factor - Duo - Sub-section End++# Second Factor - Webauthn - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/second-factor/webauthn/+authelia_role_webauthn_disable: false+authelia_role_webauthn_enable_passkey_login: false+authelia_role_webauthn_display_name: "Authelia"+authelia_role_webauthn_attestation_conveyance_preference: "indirect"+authelia_role_webauthn_timeout: "60s"+authelia_role_webauthn_filtering_prohibit_backup_eligibility: false+authelia_role_webauthn_filtering_permitted_aaguids: []+authelia_role_webauthn_filtering_prohibited_aaguids: []+authelia_role_webauthn_selection_criteria_attachment: "cross-platform"+authelia_role_webauthn_selection_criteria_discoverability: "discouraged"+authelia_role_webauthn_selection_criteria_user_verification: "preferred"+authelia_role_webauthn_metadata_enabled: false+authelia_role_webauthn_metadata_cache_policy: "strict"+authelia_role_webauthn_metadata_validate_trust_anchor: true+authelia_role_webauthn_metadata_validate_entry: true+authelia_role_webauthn_metadata_validate_entry_permit_zero_aaguid: false+authelia_role_webauthn_metadata_validate_status: true+authelia_role_webauthn_metadata_validate_status_permitted: []+authelia_role_webauthn_metadata_validate_status_prohibited: []+# Second Factor - Webauthn - Sub-section End++# Notifier - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/notifications/introduction/+# Options are filesystem or smtp. Options specific to smtp prefixed with smtp+authelia_role_notifier: "filesystem"+authelia_role_notifier_disable_startup_check: false+authelia_role_notifier_smtp_host: ""+authelia_role_notifier_smtp_port: ""+authelia_role_notifier_smtp_timeout: ""+authelia_role_notifier_smtp_username: ""+authelia_role_notifier_smtp_password: ""+authelia_role_notifier_smtp_sender: ""+authelia_role_notifier_smtp_identifier: ""+authelia_role_notifier_smtp_subject: ""+authelia_role_notifier_smtp_startup_check_address: ""+authelia_role_notifier_smtp_disable_require_tls: ""+authelia_role_notifier_smtp_disable_html_emails: ""+authelia_role_notifier_smtp_tls_server_name: ""+authelia_role_notifier_smtp_tls_skip_verify: ""+authelia_role_notifier_smtp_tls_minimum_version: ""+# Notifier - Sub-section End++# Server - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/miscellaneous/server/+authelia_role_server_address: "0.0.0.0:9091"+authelia_role_server_asset_path: ""+authelia_role_server_disable_healthcheck: false+authelia_role_server_buffers_read: "10485760"+authelia_role_server_buffers_write: "10485760"+authelia_role_server_timeouts_read: "6s"+authelia_role_server_timeouts_write: "6s"+authelia_role_server_timeouts_idle: "30s"+authelia_role_server_endpoints_enable_pprof: false+authelia_role_server_endpoints_enable_expvars: false+authelia_role_server_headers_csp_template: "default-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src 'self' *.{{ user.domain }} {{ user.domain }}; script-src-elem 'self' *.{{ user.domain }} {{ user.domain }}; script-src-attr 'self' *.{{ user.domain }} {{ user.domain }}; style-src 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-elem 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; style-src-attr 'self' *.{{ user.domain }} {{ user.domain }} 'nonce-${NONCE}'; img-src 'self' *.{{ user.domain }} {{ user.domain }}; font-src 'self' *.{{ user.domain }} {{ user.domain }}; connect-src 'self' *.{{ user.domain }} {{ user.domain }}; media-src 'self' *.{{ user.domain }} {{ user.domain }}; object-src 'self' *.{{ user.domain }} {{ user.domain }}; child-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-src 'self' *.{{ user.domain }} {{ user.domain }}; worker-src 'self' *.{{ user.domain }} {{ user.domain }}; frame-ancestors 'self' *.{{ user.domain }} {{ user.domain }}; form-action 'self' *.{{ user.domain }} {{ user.domain }}; base-uri 'self'"+# Server - Sub-section End++# Metrics - Sub-section Start+# [GLOBAL] Reference: https://www.authelia.com/configuration/telemetry/metrics/+authelia_role_telemetry_metrics_enabled: false+authelia_role_telemetry_metrics_address: "tcp://0.0.0.0:9959"+authelia_role_telemetry_metrics_buffers_read: "4096"+authelia_role_telemetry_metrics_buffers_write: "4096"+authelia_role_telemetry_metrics_timeouts_read: "6s"+authelia_role_telemetry_metrics_timeouts_write: "6s"+authelia_role_telemetry_metrics_timeouts_idle: "30s"+# Metrics - Sub-section End++# Identity Validation - Sub-section Start+authelia_role_identity_validation_reset_password_jwt_lifespan: "5m"+authelia_role_identity_validation_reset_password_jwt_algorithm: "HS256"+authelia_role_identity_validation_elevated_session_code_lifespan: "5m"+authelia_role_identity_validation_elevated_session_elevation_lifespan: "10m"+authelia_role_identity_validation_elevated_session_characters: "8"+authelia_role_identity_validation_elevated_session_require_second_factor: false+authelia_role_identity_validation_elevated_session_skip_second_factor: false+# Identity Validation - Sub-section End++# JWT - Sub-section Start+authelia_role_jwt_secret: "{{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=32) }}"+# JWT - Sub-section End++# TOTP - Sub-section Start+authelia_role_totp_disable: false+authelia_role_totp_issuer: "{{ lookup('role_var', '_web_subdomain', role='authelia') + '.' + lookup('role_var', '_web_domain', role='authelia') }}"+authelia_role_totp_algorithm: "SHA1"+authelia_role_totp_digits: "6"+authelia_role_totp_period: "30"+authelia_role_totp_skew: "1"+authelia_role_totp_secret_size: "32"+authelia_role_totp_allowed_algorithms: ["SHA1"]+authelia_role_totp_allowed_digits: ["6"]+authelia_role_totp_allowed_periods: ["30"]+authelia_role_totp_disable_reuse_security_policy: false+# TOTP - Sub-section End++# Session - Sub-section Start+authelia_role_default_redirection_url: ""+# Session - Sub-section End++# NTP - Sub-section Start+authelia_role_ntp_address: "time.cloudflare.com:123"+authelia_role_ntp_version: "3"+authelia_role_ntp_max_desync: "3s"+authelia_role_ntp_disable_startup_check: false+authelia_role_ntp_disable_failure: false+# NTP - Sub-section End++# Password Policy - Sub-section Start+authelia_role_password_policy_standard_enabled: false+authelia_role_password_policy_standard_min_length: "8"+authelia_role_password_policy_standard_max_length: "0"+authelia_role_password_policy_standard_require_uppercase: true+authelia_role_password_policy_standard_require_lowercase: true+authelia_role_password_policy_standard_require_number: true+authelia_role_password_policy_standard_require_special: true+authelia_role_password_policy_zxcvbn_enabled: false+authelia_role_password_policy_zxcvbn_min_score: "3"+# Password Policy - Sub-section End++# Skip docs+authelia_role_response_headers:+  - "Remote-User"+  - "Remote-Groups"+  - "Remote-Name"+  - "Remote-Email"  ################################ # Paths ################################ -authelia_paths_folder: "{{ authelia_name }}"-authelia_paths_location: "{{ server_appdata_path }}/{{ authelia_paths_folder }}"-authelia_paths_folders_list:-  - "{{ authelia_paths_location }}"+authelia_role_paths_folder: "{{ authelia_name }}"+authelia_role_paths_location: "{{ server_appdata_path }}/{{ authelia_role_paths_folder }}"+authelia_role_paths_folders_list:+  - "{{ authelia_role_paths_location }}"  ################################ # Web ################################ -authelia_web_subdomain: "{{ authelia.subdomain }}"-authelia_web_domain: "{{ user.domain }}"-authelia_web_port: "9091"-authelia_web_url: "{{ 'https://' + (authelia_web_subdomain + '.' + authelia_web_domain-                   if (authelia_web_subdomain | length > 0)-                   else authelia_web_domain) }}"+authelia_role_web_subdomain: "{{ authelia.subdomain }}"+authelia_role_web_domain: "{{ user.domain }}"+authelia_role_web_port: "9091"+authelia_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='authelia') + '.' + lookup('role_var', '_web_domain', role='authelia')+                        if (lookup('role_var', '_web_subdomain', role='authelia') | length > 0)+                        else lookup('role_var', '_web_domain', role='authelia')) }}"  ################################ # DNS ################################ -authelia_dns_record: "{{ authelia_web_subdomain }}"-authelia_dns_zone: "{{ authelia_web_domain }}"-authelia_dns_proxy: "{{ dns.proxied }}"+authelia_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='authelia') }}"+authelia_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='authelia') }}"+authelia_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -authelia_traefik_sso_middleware: ""-authelia_traefik_middleware_default: "{{ traefik_default_middleware }}"-authelia_traefik_middleware_custom: ""-authelia_traefik_certresolver: "{{ traefik_default_certresolver }}"-authelia_traefik_enabled: true-authelia_traefik_api_enabled: false-authelia_traefik_api_endpoint: ""+authelia_role_traefik_sso_middleware: ""+authelia_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+authelia_role_traefik_middleware_custom: ""+authelia_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+authelia_role_traefik_enabled: true+authelia_role_traefik_api_enabled: false+authelia_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-authelia_docker_container: "{{ authelia_name }}"+authelia_role_docker_container: "{{ authelia_name }}"  # Image-authelia_docker_image_pull: true-authelia_docker_image_tag: "4.38"-authelia_docker_image: "authelia/authelia:{{ authelia_docker_image_tag }}"--# Ports-authelia_docker_ports_defaults: []-authelia_docker_ports_custom: []-authelia_docker_ports: "{{ authelia_docker_ports_defaults-                           + authelia_docker_ports_custom }}"+authelia_role_docker_image_pull: true+authelia_role_docker_image_repo: "authelia/authelia"+authelia_role_docker_image_tag: "4.39"+authelia_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='authelia') }}:{{ lookup('role_var', '_docker_image_tag', role='authelia') }}"  # Envs-authelia_docker_envs_default:+authelia_role_docker_envs_default:   TZ: "{{ tz }}"   PUID: "{{ uid }}"   PGID: "{{ gid }}"-authelia_docker_envs_custom: {}-authelia_docker_envs: "{{ authelia_docker_envs_default-                          | combine(authelia_docker_envs_custom) }}"--# Commands-authelia_docker_commands_default: []-authelia_docker_commands_custom: []-authelia_docker_commands: "{{ authelia_docker_commands_default-                              + authelia_docker_commands_custom }}"+authelia_role_docker_envs_custom: {}+authelia_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='authelia')+                               | combine(lookup('role_var', '_docker_envs_custom', role='authelia')) }}"  # Volumes-authelia_docker_volumes_default:-  - "{{ authelia_paths_location }}:/config"-authelia_docker_volumes_custom: []-authelia_docker_volumes: "{{ authelia_docker_volumes_default-                             + authelia_docker_volumes_custom }}"--# Devices-authelia_docker_devices_default: []-authelia_docker_devices_custom: []-authelia_docker_devices: "{{ authelia_docker_devices_default-                             + authelia_docker_devices_custom }}"--# Hosts-authelia_docker_hosts_default: {}-authelia_docker_hosts_custom: {}-authelia_docker_hosts: "{{ docker_hosts_common-                           | combine(authelia_docker_hosts_default)-                           | combine(authelia_docker_hosts_custom) }}"--# Labels-authelia_docker_labels_default: {}-authelia_docker_labels_custom: {}-authelia_docker_labels: "{{ docker_labels_common-                            | combine(authelia_docker_labels_default)-                            | combine(authelia_docker_labels_custom) }}"+authelia_role_docker_volumes_default:+  - "{{ authelia_role_paths_location }}:/config"+authelia_role_docker_volumes_custom: []+authelia_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='authelia')+                                  + lookup('role_var', '_docker_volumes_custom', role='authelia') }}"  # Hostname-authelia_docker_hostname: "{{ authelia_name }}"+authelia_role_docker_hostname: "{{ authelia_name }}"  # Networks-authelia_docker_networks_alias: "{{ authelia_name }}"-authelia_docker_networks_default: []-authelia_docker_networks_custom: []-authelia_docker_networks: "{{ docker_networks_common-                              + authelia_docker_networks_default-                              + authelia_docker_networks_custom }}"--# Capabilities-authelia_docker_capabilities_default: []-authelia_docker_capabilities_custom: []-authelia_docker_capabilities: "{{ authelia_docker_capabilities_default-                                  + authelia_docker_capabilities_custom }}"--# Security Opts-authelia_docker_security_opts_default: []-authelia_docker_security_opts_custom: []-authelia_docker_security_opts: "{{ authelia_docker_security_opts_default-                                   + authelia_docker_security_opts_custom }}"+authelia_role_docker_networks_alias: "{{ authelia_name }}"+authelia_role_docker_networks_default: []+authelia_role_docker_networks_custom: []+authelia_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='authelia')+                                   + lookup('role_var', '_docker_networks_custom', role='authelia') }}"  # Restart Policy-authelia_docker_restart_policy: unless-stopped+authelia_role_docker_restart_policy: unless-stopped  # State-authelia_docker_state: started+authelia_role_docker_state: started  # Dependencies-authelia_depends_on: "{{ 'authelia-redis,lldap' if (authelia_authentication_backend == 'ldap') else 'authelia-redis' }}"-authelia_depends_on_delay: "0"-authelia_depends_on_healthchecks: "{{ 'true' if (authelia_authentication_backend == 'ldap') else 'false' }}"+authelia_role_depends_on: "{{ 'authelia-redis,lldap' if (lookup('role_var', '_authentication_backend', role='authelia') == 'ldap') else 'authelia-redis' }}"+authelia_role_depends_on_delay: "0"+authelia_role_depends_on_healthchecks: "{{ 'true' if (lookup('role_var', '_authentication_backend', role='authelia') == 'ldap') else 'false' }}"

modified

roles/authelia/tasks/main.yml

@@ -14,15 +14,15 @@  - name: "Fail if invalid Authentication Backend"   ansible.builtin.fail:-    msg: "authelia_authentication_backend is not valid. Use 'file' or 'ldap'."-  when: not authelia_authentication_backend in ["file", "ldap"]+    msg: "{{ authelia_name }}_authentication_backend or {{ authelia_name }}_role_authentication_backend is not valid. Use 'file' or 'ldap'."+  when: not lookup('role_var', '_authentication_backend') in ["file", "ldap"]  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"  - name: Reset Authelia directory   ansible.builtin.file:-    path: "{{ authelia_paths_location }}"+    path: "{{ authelia_role_paths_location }}"     state: absent   when: ('authelia-reset' in ansible_run_tags) @@ -31,41 +31,41 @@  - name: Check if 'configuration.yml' exists   ansible.builtin.stat:-    path: "{{ authelia_paths_location }}/configuration.yml"+    path: "{{ authelia_role_paths_location }}/configuration.yml"   register: authelia_config_stat  - name: Load authentication_backend value   ansible.builtin.shell: |-    yyq '.authentication_backend' {{ authelia_paths_location }}/configuration.yml+    yyq '.authentication_backend' {{ authelia_role_paths_location }}/configuration.yml   register: authentication_backend_key   when: authelia_config_stat.stat.exists and (not 'authelia-reset' in ansible_run_tags)  - name: Fail if Configuration was generated with incorrect authentication_backend   ansible.builtin.fail:     msg:-      - "You seem to have changed 'authelia_authentication_backend' but the old configuration still exists."+      - "You seem to have changed '{{ authelia_name }}_authentication_backend' or '{{ authelia_name }}_role_authentication_backend' but the old configuration still exists."       - "Backup the Authelia opt folder if you want to keep it and then run the 'authelia-reset' tag."       - "Port any modifications made to your configurations.yml from the backup that you want to keep."   when:     - (not 'authelia-reset' in ansible_run_tags)     - authelia_config_stat.stat.exists-    - ((('ldap' in authentication_backend_key.stdout) and (authelia_authentication_backend == 'file'))-      or (('file' in authentication_backend_key.stdout) and (authelia_authentication_backend == 'ldap')))+    - ((('ldap' in authentication_backend_key.stdout) and (lookup('role_var', '_authentication_backend') == 'file'))+      or (('file' in authentication_backend_key.stdout) and (lookup('role_var', '_authentication_backend') == 'ldap')))  - name: Authentication Backend Task-  ansible.builtin.import_tasks: "subtasks/auth_backend.yml"+  ansible.builtin.include_tasks: "subtasks/auth_backend.yml"  - name: Remove legacy Redis Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "{{ item }}"+    container_name: "{{ item }}"   loop:     - "authelia_redis"     - "redis"  - name: Cleanup legacy Redis directory   ansible.builtin.file:-    path: "/opt/authelia_redis"+    path: "{{ server_appdata_path }}/authelia_redis"     state: absent  - name: "Import Redis Role"@@ -77,13 +77,39 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Settings Task-  ansible.builtin.import_tasks: "subtasks/settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"   when: (authelia_config_stat.stat.exists)++- name: Logrotate | Create 'authelia_logrotate' variable+  ansible.builtin.set_fact:+    authelia_logrotate:+      - path: "{{ authelia_name }}"+        content: |+          {{ server_appdata_path }}/{{ authelia_name }}/authelia.log {+              su {{ user.name }} {{ user.name }}+              rotate {{ lookup('role_var', '_log_max_backups') }}+              size {{ lookup('role_var', '_log_max_size') }}+              missingok+              notifempty+              postrotate+                docker kill --signal="HUP" {{ lookup('role_var', '_docker_container') }}+              endscript+              create 600 {{ user.name }} {{ user.name }}+          }++- name: Logrotate | Add items to '/etc/logrotate.d'+  ansible.builtin.blockinfile:+    path: "/etc/logrotate.d/{{ item.path }}"+    marker: "### SALTBOX MANAGED BLOCK - {mark} ###"+    block: "{{ item.content }}"+    create: true+    mode: "0644"+  loop: "{{ authelia_logrotate }}"  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"

modified

roles/authelia/tasks/subtasks/auth_backend.yml

@@ -8,9 +8,9 @@ ########################################################################## --- - name: Auth | Import File Backend Task-  ansible.builtin.import_tasks: "subtasks/file_backend.yml"-  when: (authelia_authentication_backend == 'file')+  ansible.builtin.include_tasks: "subtasks/file_backend.yml"+  when: (lookup('role_var', '_authentication_backend', role='authelia') == 'file')  - name: Auth | Import LDAP Backend Task-  ansible.builtin.import_tasks: "subtasks/ldap_backend.yml"-  when: (authelia_authentication_backend == 'ldap')+  ansible.builtin.include_tasks: "subtasks/ldap_backend.yml"+  when: (lookup('role_var', '_authentication_backend', role='authelia') == 'ldap')

modified

roles/authelia/tasks/subtasks/file_backend.yml

@@ -9,38 +9,39 @@ --- - name: File | Check if 'users_database.yml' exists   ansible.builtin.stat:-    path: "{{ authelia_paths_location }}/users_database.yml"+    path: "{{ authelia_role_paths_location }}/users_database.yml"   register: authelia_user_config_stat  - name: File | Import default 'configuration.yml'   ansible.builtin.template:     src: configuration.yml.j2-    dest: "{{ authelia_paths_location }}/configuration.yml"+    dest: "{{ authelia_role_paths_location }}/configuration.yml"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"   when: (not authelia_config_stat.stat.exists)  - name: File | Format 'configuration.yml'-  ansible.builtin.shell: "yyq -i {{ authelia_paths_location }}/configuration.yml"+  ansible.builtin.shell: "yyq -i {{ authelia_role_paths_location }}/configuration.yml"   when: (not authelia_config_stat.stat.exists)  - name: File | Generate Password Hash   community.docker.docker_container:     name: authelia-password-hash-    image: "{{ authelia_docker_image }}"+    image: "{{ lookup('role_var', '_docker_image') }}"     command: "authelia crypto hash generate --config /config/configuration.yml --password {{ user.pass | quote }}"-    detach: no+    detach: false     volumes:-      - "{{ authelia_paths_location }}:/config"+      - "{{ authelia_role_paths_location }}:/config"     networks:       - name: saltbox-    cleanup: yes+    cleanup: true     state: started     container_default_behavior: compatibility     tls_hostname: localhost     pull: true   register: authelia_password+  no_log: true   when: (not authelia_user_config_stat.stat.exists)  - name: File | Sanitize Password Hash@@ -51,7 +52,7 @@ - name: File | Import default 'users_database.yml'   ansible.builtin.template:     src: users_database.yml.j2-    dest: "{{ authelia_paths_location }}/users_database.yml"+    dest: "{{ authelia_role_paths_location }}/users_database.yml"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"

modified

roles/authelia/tasks/subtasks/ldap_backend.yml

@@ -8,26 +8,21 @@ ########################################################################## --- - name: LDAP | Get FLD-  ansible.builtin.shell: |-    {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ authelia_web_domain | default(user.domain) }}\", as_object=True); print(res.tld)"-  register: authelia_tld--- name: LDAP | Get FLD-  ansible.builtin.shell: |-    {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ authelia_web_domain | default(user.domain) }}\", as_object=True); print(res.domain)"-  register: authelia_domain+  tld_parse:+    url: "http://{{ lookup('role_var', '_web_domain', role='authelia') }}"+  register: authelia_tld_parse  - name: LDAP | Import default 'configuration.yml'   ansible.builtin.template:     src: configuration.yml.j2-    dest: "{{ authelia_paths_location }}/configuration.yml"+    dest: "{{ authelia_role_paths_location }}/configuration.yml"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"   when: (not authelia_config_stat.stat.exists)  - name: LDAP | Format 'configuration.yml'-  ansible.builtin.shell: "yyq -i {{ authelia_paths_location }}/configuration.yml"+  ansible.builtin.shell: "yyq -i {{ authelia_role_paths_location }}/configuration.yml"   when: (not authelia_config_stat.stat.exists)  - name: LDAP | Import lldap Role

modified

roles/authelia/tasks/subtasks/settings.yml

@@ -9,24 +9,24 @@ --- - name: Settings | Load encryption_key value   ansible.builtin.shell: |-    yyq '.storage.encryption_key' {{ authelia_paths_location }}/configuration.yml+    yyq '.storage.encryption_key' {{ authelia_role_paths_location }}/configuration.yml   register: authelia_encryption_key  - name: Settings | Add encryption_key to config file   ansible.builtin.shell: |-    yyq -i '.storage.encryption_key = "{{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=64) }}"' {{ authelia_paths_location }}/configuration.yml+    yyq -i '.storage.encryption_key = "{{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=64) }}"' {{ authelia_role_paths_location }}/configuration.yml   become: true   become_user: "{{ user.name }}"   when: authelia_encryption_key.stdout == "null"  - name: Settings | Load session.redis.host value   ansible.builtin.shell: |-    yyq '.session.redis.host' {{ authelia_paths_location }}/configuration.yml+    yyq '.session.redis.host' {{ authelia_role_paths_location }}/configuration.yml   register: authelia_session_redis_host  - name: Settings | Change session.redis.host value to 'authelia_redis'   ansible.builtin.shell: |-    yyq -i '.session.redis.host = "authelia-redis"' {{ authelia_paths_location }}/configuration.yml+    yyq -i '.session.redis.host = "authelia-redis"' {{ authelia_role_paths_location }}/configuration.yml   become: true   become_user: "{{ user.name }}"   when: (authelia_session_redis_host.stdout == "redis") or (authelia_session_redis_host.stdout == "authelia_redis")

modified

roles/authelia/templates/configuration.yml.j2

@@ -3,91 +3,147 @@ #                   Authelia configuration                    # ############################################################### +# Options are light, dark, grey or auto+theme: {{ lookup('role_var', '_theme', role='authelia') }}++default_2fa_method: "{{ lookup('role_var', '_default_2fa_method', role='authelia') }}"++server:+  address: {{ lookup('role_var', '_server_address', role='authelia') }}+{% if lookup('role_var', '_server_asset_path', role='authelia') | length > 0 %}+  asset_path: {{ lookup('role_var', '_server_asset_path', role='authelia') }}+{% endif %}+  disable_healthcheck: {{ lookup('role_var', '_server_disable_healthcheck', role='authelia') | bool | lower }}+  buffers:+    read: {{ lookup('role_var', '_server_buffers_read', role='authelia') }}+    write: {{ lookup('role_var', '_server_buffers_write', role='authelia') }}+  timeouts:+    read: {{ lookup('role_var', '_server_timeouts_read', role='authelia') }}+    write: {{ lookup('role_var', '_server_timeouts_write', role='authelia') }}+    idle: {{ lookup('role_var', '_server_timeouts_idle', role='authelia') }}+  endpoints:+    enable_pprof: {{ lookup('role_var', '_server_endpoints_enable_pprof', role='authelia') }}+    enable_expvars: {{ lookup('role_var', '_server_endpoints_enable_expvars', role='authelia') }}+  headers:+    csp_template: "{{ lookup('role_var', '_server_headers_csp_template', role='authelia') }}"++log:+  level: {{ lookup('role_var', '_log_level', role='authelia') }}+  format: {{ lookup('role_var', '_log_format', role='authelia') }}+  file_path: {{ lookup('role_var', '_log_file_path', role='authelia') }}+  keep_stdout: {{ lookup('role_var', '_log_keep_stdout', role='authelia') | bool | lower }}++telemetry:+  metrics:+    enabled: {{ lookup('role_var', '_telemetry_metrics_enabled', role='authelia') | bool | lower }}+{% if lookup('role_var', '_telemetry_metrics_enabled', role='authelia') | bool %}+    address: {{ lookup('role_var', '_telemetry_metrics_address', role='authelia') }}+    buffers:+      read: {{ lookup('role_var', '_telemetry_metrics_buffers_read', role='authelia') }}+      write: {{ lookup('role_var', '_telemetry_metrics_buffers_write', role='authelia') }}+    timeouts:+      read: {{ lookup('role_var', '_telemetry_metrics_timeouts_read', role='authelia') }}+      write: {{ lookup('role_var', '_telemetry_metrics_timeouts_write', role='authelia') }}+      idle: {{ lookup('role_var', '_telemetry_metrics_timeouts_idle', role='authelia') }}+{% endif %}++totp:+  disable: {{ lookup('role_var', '_totp_disable', role='authelia') | bool | lower }}+  issuer: {{ lookup('role_var', '_totp_issuer', role='authelia') }}+  algorithm: {{ lookup('role_var', '_totp_algorithm', role='authelia') }}+  digits: {{ lookup('role_var', '_totp_digits', role='authelia') }}+  period: {{ lookup('role_var', '_totp_period', role='authelia') }}+  skew: {{ lookup('role_var', '_totp_skew', role='authelia') }}+  secret_size: {{ lookup('role_var', '_totp_secret_size', role='authelia') }}+  allowed_algorithms: {{ lookup('role_var', '_totp_allowed_algorithms', role='authelia') }}+  allowed_digits: {{ lookup('role_var', '_totp_allowed_digits', role='authelia') }}+  allowed_periods: {{ lookup('role_var', '_totp_allowed_periods', role='authelia') }}+  disable_reuse_security_policy: {{ lookup('role_var', '_totp_disable_reuse_security_policy', role='authelia') | bool | lower }}++webauthn:+  disable: {{ lookup('role_var', '_webauthn_disable', role='authelia') | bool | lower }}+  enable_passkey_login: {{ lookup('role_var', '_webauthn_enable_passkey_login', role='authelia') | bool | lower }}+  display_name: {{ lookup('role_var', '_webauthn_display_name', role='authelia') }}+  attestation_conveyance_preference: {{ lookup('role_var', '_webauthn_attestation_conveyance_preference', role='authelia') }}+  timeout: {{ lookup('role_var', '_webauthn_timeout', role='authelia') }}+  filtering:+    prohibit_backup_eligibility: {{ lookup('role_var', '_webauthn_filtering_prohibit_backup_eligibility', role='authelia') | bool | lower }}+{% if lookup('role_var', '_webauthn_filtering_permitted_aaguids', role='authelia') | length > 0 %}+    permitted_aaguids: {{ lookup('role_var', '_webauthn_filtering_permitted_aaguids', role='authelia') }}+{% endif %}+{% if lookup('role_var', '_webauthn_filtering_prohibited_aaguids', role='authelia') | length > 0 %}+    prohibited_aaguids: {{ lookup('role_var', '_webauthn_filtering_prohibited_aaguids', role='authelia') }}+{% endif %}+  selection_criteria:+    attachment: {{ lookup('role_var', '_webauthn_selection_criteria_attachment', role='authelia') }}+    discoverability: {{ lookup('role_var', '_webauthn_selection_criteria_discoverability', role='authelia') }}+    user_verification: {{ lookup('role_var', '_webauthn_selection_criteria_user_verification', role='authelia') }}+  metadata:+    enabled: {{ lookup('role_var', '_webauthn_metadata_enabled', role='authelia') | bool | lower }}+{% if lookup('role_var', '_webauthn_metadata_enabled', role='authelia') | bool %}+    cache_policy: {{ lookup('role_var', '_webauthn_metadata_cache_policy', role='authelia') }}+    validate_trust_anchor: {{ lookup('role_var', '_webauthn_metadata_validate_trust_anchor', role='authelia') }}+    validate_entry: {{ lookup('role_var', '_webauthn_metadata_validate_entry', role='authelia') }}+    validate_entry_permit_zero_aaguid: {{ lookup('role_var', '_webauthn_metadata_validate_entry_permit_zero_aaguid', role='authelia') }}+    validate_status: {{ lookup('role_var', '_webauthn_metadata_validate_status', role='authelia') }}+{% if lookup('role_var', '_webauthn_metadata_validate_status_permitted', role='authelia') | length > 0 %}+    validate_status_permitted: {{ lookup('role_var', '_webauthn_metadata_validate_status_permitted', role='authelia') }}+{% endif %}+{% if lookup('role_var', '_webauthn_metadata_validate_status_prohibited', role='authelia') | length > 0 %}+    validate_status_prohibited: {{ lookup('role_var', '_webauthn_metadata_validate_status_prohibited', role='authelia') }}+{% endif %}+{% endif %}++{% if lookup('role_var', '_duo_enabled', role='authelia') | bool %}+duo_api:+  disable: false+  hostname: {{ lookup('role_var', '_duo_hostname', role='authelia') }}+  integration_key: {{ lookup('role_var', '_duo_integration_key', role='authelia') }}+  secret_key: {{ lookup('role_var', '_duo_secret_key', role='authelia') }}+  enable_self_enrollment: {{ lookup('role_var', '_duo_self_enrollment', role='authelia') | bool | lower }}+{% endif %}+ identity_validation:   reset_password:-    jwt_secret: {{ authelia_jwt_secret }}--# Options are light, dark, grey or auto-theme: {{ authelia_theme }}--{% if authelia_default_redirection_url | length > 0 %}-default_redirection_url: {{ authelia_default_redirection_url }}--{% endif %}-default_2fa_method: "{{ authelia_default_2fa_method }}"--server:-  address: {{ authelia_server_address }}-  buffers:-    read: {{ authelia_server_buffers_read }}-    write: {{ authelia_server_buffers_write }}-  disable_healthcheck: {{ authelia_server_disable_healthcheck }}-  headers:-    csp_template: "{{ authelia_server_headers_csp_template }}"-  endpoints:-    enable_pprof: {{ authelia_server_enable_pprof }}-    enable_expvars: {{ authelia_server_enable_expvars }}--log:-  level: {{ authelia_log_level }}-  format: {{ authelia_log_format }}-  file_path: {{ authelia_log_file_path }}-  keep_stdout: {{ authelia_log_keep_stdout }}--totp:-  issuer: {{ authelia_totp_issuer }}-  period: {{ authelia_totp_period }}-  skew: {{ authelia_totp_skew }}-  digits: {{ authelia_totp_digits }}-  secret_size: {{ authelia_totp_secret_size }}--{% if authelia_duo_enabled | bool %}-duo_api:-  disable: false-  hostname: {{ authelia_duo_hostname }}-  integration_key: {{ authelia_duo_integration_key }}-  secret_key: {{ authelia_duo_secret_key }}-  enable_self_enrollment: {{ authelia_duo_self_enrollment }}-{% else %}-#-# If you want to use Duo Push notifications-#-# duo_api:-#   hostname: api-123456789.example.com-#   integration_key: ABCDEF-#   secret_key: 1234567890abcdefghifjkl-#-# Read more at https://www.authelia.com/docs/configuration/duo-push-notifications.html-#-{% endif %}--webauthn:-  disable: {{ authelia_webauthn_disable }}-  display_name: {{ authelia_webauthn_display_name }}-  attestation_conveyance_preference: {{ authelia_webauthn_attestation_conveyance_preference }}-  user_verification: {{ authelia_webauthn_user_verification }}-  timeout: {{ authelia_webauthn_timeout }}+    jwt_lifespan: {{ lookup('role_var', '_identity_validation_reset_password_jwt_lifespan', role='authelia') }}+    jwt_algorithm: {{ lookup('role_var', '_identity_validation_reset_password_jwt_algorithm', role='authelia') }}+    jwt_secret: {{ lookup('role_var', '_jwt_secret', role='authelia') }}+  elevated_session:+    code_lifespan: {{ lookup('role_var', '_identity_validation_elevated_session_code_lifespan', role='authelia') }}+    elevation_lifespan: {{ lookup('role_var', '_identity_validation_elevated_session_elevation_lifespan', role='authelia') }}+    characters: {{ lookup('role_var', '_identity_validation_elevated_session_characters', role='authelia') }}+    require_second_factor: {{ lookup('role_var', '_identity_validation_elevated_session_require_second_factor', role='authelia') | bool | lower }}+    skip_second_factor: {{ lookup('role_var', '_identity_validation_elevated_session_skip_second_factor', role='authelia') | bool | lower }}++ntp:+  address: {{ lookup('role_var', '_ntp_address', role='authelia') }}+  version: {{ lookup('role_var', '_ntp_version', role='authelia') }}+  max_desync: {{ lookup('role_var', '_ntp_max_desync', role='authelia') }}+  disable_startup_check: {{ lookup('role_var', '_ntp_disable_startup_check', role='authelia') | bool | lower }}+  disable_failure: {{ lookup('role_var', '_ntp_disable_failure', role='authelia') | bool | lower }}  authentication_backend:+  password_change:+    disable: {{ lookup('role_var', '_authentication_backend_password_change_disable', role='authelia') | bool | lower }}   password_reset:-    disable: {{ authelia_authentication_backend_password_reset_disable }}-    custom_url: "{{ authelia_authentication_backend_password_reset_custom_url }}"-  refresh_interval: {{ authelia_authentication_backend_refresh_interval }}-{% if authelia_authentication_backend == 'file' %}+    disable: {{ lookup('role_var', '_authentication_backend_password_reset_disable', role='authelia') | bool | lower }}+    custom_url: "{{ lookup('role_var', '_authentication_backend_password_reset_custom_url', role='authelia') }}"+  refresh_interval: {{ lookup('role_var', '_authentication_backend_refresh_interval', role='authelia') }}+{% if lookup('role_var', '_authentication_backend', role='authelia') == 'file' %}   file:-    path: {{ authelia_authentication_backend_file_path }}-    watch: {{ authelia_authentication_backend_file_watch }}+    path: {{ lookup('role_var', '_authentication_backend_file_path', role='authelia') }}+    watch: {{ lookup('role_var', '_authentication_backend_file_watch', role='authelia') | bool | lower }}     password:-      algorithm: {{ authelia_authentication_backend_file_password_algorithm }}+      algorithm: {{ lookup('role_var', '_authentication_backend_file_password_algorithm', role='authelia') }}       argon2:-        variant: {{ authelia_authentication_backend_file_password_argon2_variant }}-        iterations: {{ authelia_authentication_backend_file_password_argon2_iterations }}-        memory: {{ authelia_authentication_backend_file_password_argon2_memory }}-        parallelism: {{ authelia_authentication_backend_file_password_argon2_parallelism }}-        key_length: {{ authelia_authentication_backend_file_password_argon2_key_length }}-        salt_length: {{ authelia_authentication_backend_file_password_argon2_salt_length }}-{% endif %}-{% if authelia_authentication_backend == 'ldap' %}+        variant: {{ lookup('role_var', '_authentication_backend_file_password_argon2_variant', role='authelia') }}+        iterations: {{ lookup('role_var', '_authentication_backend_file_password_argon2_iterations', role='authelia') }}+        memory: {{ lookup('role_var', '_authentication_backend_file_password_argon2_memory', role='authelia') }}+        parallelism: {{ lookup('role_var', '_authentication_backend_file_password_argon2_parallelism', role='authelia') }}+        key_length: {{ lookup('role_var', '_authentication_backend_file_password_argon2_key_length', role='authelia') }}+        salt_length: {{ lookup('role_var', '_authentication_backend_file_password_argon2_salt_length', role='authelia') }}+{% endif %}+{% if lookup('role_var', '_authentication_backend', role='authelia') == 'ldap' %}   ldap:     implementation: custom     address: ldap://lldap:3890@@ -95,44 +151,39 @@     tls:       skip_verify: true       minimum_version: TLS1.2-    base_dn: dc={{ authelia_domain.stdout }},dc={{ authelia_tld.stdout }}+    base_dn: dc={{ authelia_tld_parse.domain }},dc={{ authelia_tld_parse.tld }}     additional_users_dn: ou=people     users_filter: "(&({username_attribute}={input})(objectClass=person))"     additional_groups_dn: ou=groups     groups_filter: "(member={dn})"-    -    user: uid={{ user.name }},ou=people,dc={{ authelia_domain.stdout }},dc={{ authelia_tld.stdout }}+    user: uid={{ user.name }},ou=people,dc={{ authelia_tld_parse.domain }},dc={{ authelia_tld_parse.tld }}     password: {{ user.pass }}     attributes:       group_name: cn       display_name: displayName       mail: mail- {% endif %}  password_policy:   standard:-    enabled: {{ authelia_password_policy_standard_enabled }}-    min_length: {{ authelia_password_policy_standard_min_length }}-    max_length: {{ authelia_password_policy_standard_max_length }}-    require_uppercase: {{ authelia_password_policy_standard_require_uppercase }}-    require_lowercase: {{ authelia_password_policy_standard_require_lowercase }}-    require_number: {{ authelia_password_policy_standard_require_number }}-    require_special: {{ authelia_password_policy_standard_require_special }}+    enabled: {{ lookup('role_var', '_password_policy_standard_enabled', role='authelia') | bool | lower }}+    min_length: {{ lookup('role_var', '_password_policy_standard_min_length', role='authelia') }}+    max_length: {{ lookup('role_var', '_password_policy_standard_max_length', role='authelia') }}+    require_uppercase: {{ lookup('role_var', '_password_policy_standard_require_uppercase', role='authelia') }}+    require_lowercase: {{ lookup('role_var', '_password_policy_standard_require_lowercase', role='authelia') }}+    require_number: {{ lookup('role_var', '_password_policy_standard_require_number', role='authelia') }}+    require_special: {{ lookup('role_var', '_password_policy_standard_require_special', role='authelia') }}   zxcvbn:-    enabled: {{ authelia_password_policy_zxcvbn_enabled }}-    min_score: {{ authelia_password_policy_zxcvbn_min_score }}--#-# Read more at https://www.authelia.com/docs/configuration/access-control.html-#+    enabled: {{ lookup('role_var', '_password_policy_zxcvbn_enabled', role='authelia') | bool | lower }}+    min_score: {{ lookup('role_var', '_password_policy_zxcvbn_min_score', role='authelia') }}+ access_control:-  default_policy: {{ authelia_access_control_default_policy }}+  default_policy: {{ lookup('role_var', '_access_control_default_policy', role='authelia') }}   rules:-    {{ (authelia_access_control_whitelist_rules_lookup + authelia_access_control_rules) | to_nice_yaml | indent(4) }}+    {{ (lookup('role_var', '_access_control_whitelist_rules_lookup', role='authelia') + lookup('role_var', '_access_control_rules', role='authelia')) | to_nice_yaml | indent(4) }}  session:-  name: {{ authelia_web_subdomain + '.' + authelia_web_domain | lower }}+  name: {{ (lookup('role_var', '_web_subdomain', role='authelia') + '.' + lookup('role_var', '_web_domain', role='authelia')) | lower }}   secret: {{ lookup('password', '/dev/null', chars=['ascii_letters', 'digits'], length=32) }}   expiration: 1h   inactivity: 5m@@ -142,13 +193,16 @@     host: authelia-redis     port: 6379   cookies:-    - domain: {{ authelia_web_domain | lower }}-      authelia_url: {{ authelia_web_url | lower }}-      name: authelia_{{ authelia_web_domain | lower }}+    - domain: {{ lookup('role_var', '_web_domain', role='authelia') | lower }}+      authelia_url: {{ lookup('role_var', '_web_url', role='authelia') | lower }}+      name: authelia_{{ lookup('role_var', '_web_domain', role='authelia') | lower }}       same_site: lax       inactivity: 5m       expiration: 1h       remember_me: 1M+{% if lookup('role_var', '_default_redirection_url', role='authelia') | length > 0 %}+      default_redirection_url: {{ lookup('role_var', '_default_redirection_url', role='authelia') }}+{% endif %}  regulation:   max_retries: 3@@ -160,73 +214,29 @@   local:     path: /config/db.sqlite3 -ntp:-  address: "{{ authelia_ntp_address }}"-  version: {{ authelia_ntp_version }}-  max_desync: {{ authelia_ntp_max_desync }}-  disable_startup_check: {{ authelia_ntp_disable_startup_check }}-  disable_failure: {{ authelia_ntp_disable_failure }}- notifier:-  disable_startup_check: {{ authelia_notifier_disable_startup_check }}-{% if authelia_notifier == 'filesystem' %}+  disable_startup_check: {{ lookup('role_var', '_notifier_disable_startup_check', role='authelia') | bool | lower }}+{% if lookup('role_var', '_notifier', role='authelia') == 'filesystem' %}   filesystem:     filename: /config/notification.txt {% endif %}-{% if authelia_notifier == 'smtp' %}+{% if lookup('role_var', '_notifier', role='authelia') == 'smtp' %}   smtp:-    host: {{ authelia_notifier_smtp_host }}-    port: {{ authelia_notifier_smtp_port }}-    timeout: {{ (authelia_notifier_smtp_timeout) | default(omit) }}-    username: {{ (authelia_notifier_smtp_username) | default(omit) }}-    password: {{ (authelia_notifier_smtp_password) | default(omit) }}-    sender: {{ authelia_notifier_smtp_sender }}-    identifier: {{ (authelia_notifier_smtp_identifier) | default(omit) }}-    subject: "{{ (authelia_notifier_smtp_subject) | default(omit) }}"-    startup_check_address: {{ (authelia_notifier_smtp_startup_check_address) | default(omit) }}-    disable_require_tls: {{ (authelia_notifier_smtp_disable_require_tls) | default(omit) }}-    disable_html_emails: {{ (authelia_notifier_smtp_disable_html_emails) | default(omit) }}+    host: {{ lookup('role_var', '_notifier_smtp_host', role='authelia') }}+    port: {{ lookup('role_var', '_notifier_smtp_port', role='authelia') }}+    timeout: {{ (lookup('role_var', '_notifier_smtp_timeout', role='authelia')) | default(omit) }}+    username: {{ (lookup('role_var', '_notifier_smtp_username', role='authelia')) | default(omit) }}+    password: {{ (lookup('role_var', '_notifier_smtp_password', role='authelia')) | default(omit) }}+    sender: {{ lookup('role_var', '_notifier_smtp_sender', role='authelia') }}+    identifier: {{ (lookup('role_var', '_notifier_smtp_identifier', role='authelia')) | default(omit) }}+    subject: "{{ (lookup('role_var', '_notifier_smtp_subject', role='authelia')) | default(omit) }}"+    startup_check_address: {{ (lookup('role_var', '_notifier_smtp_startup_check_address', role='authelia')) | default(omit) }}+    disable_require_tls: {{ (lookup('role_var', '_notifier_smtp_disable_require_tls', role='authelia')) | default(omit) }}+    disable_html_emails: {{ (lookup('role_var', '_notifier_smtp_disable_html_emails', role='authelia')) | default(omit) }}     tls:-      server_name: {{ (authelia_notifier_smtp_tls_server_name) | default(omit) }}-      skip_verify: {{ (authelia_notifier_smtp_tls_skip_verify) | default(omit) }}-      minimum_version: {{ (authelia_notifier_smtp_tls_minimum_version) | default(omit) }}-{% else %}-#-# If you want to use email here is a template (Replace the above entry as you can only have one notifier configured)-#-# notifier:-#   disable_startup_check: false-#   smtp:-#     host: 127.0.0.1-#     port: 1025-#     timeout: 5s-#     username: test-#     password: password-#     sender: admin@example.com-#     identifier: localhost-#     subject: "[Authelia] {title}"-#     startup_check_address: test@authelia.com-#     disable_require_tls: false-#     disable_html_emails: false-#     tls:-#       server_name: smtp.example.com-#       skip_verify: false-#       minimum_version: TLS1.2-#-# Read more at https://www.authelia.com/docs/configuration/notifier/smtp.html-#-{% endif %}--telemetry:-  metrics:-    enabled: false-    address: "tcp://0.0.0.0:9959"-    buffers:-      read: 4096-      write: 4096-    timeouts:-      read: 6s-      write: 6s-      idle: 30s+      server_name: {{ (lookup('role_var', '_notifier_smtp_tls_server_name', role='authelia')) | default(omit) }}+      skip_verify: {{ (lookup('role_var', '_notifier_smtp_tls_skip_verify', role='authelia')) | default(omit) }}+      minimum_version: {{ (lookup('role_var', '_notifier_smtp_tls_minimum_version', role='authelia')) | default(omit) }}+{% endif %}  ...

modified

roles/authentik/defaults/main.yml

@@ -17,145 +17,170 @@ # Settings ################################ -authentik_email_host: "localhost"-authentik_email_port: "25"-authentik_email_username: ""-authentik_email_password: ""-authentik_email_tls: "false"-authentik_email_ssl: "false"-authentik_email_timeout: "10"-authentik_email_from: "authentik@localhost"-authentik_access_token_validity: "24" # Hours, only fresh installs use this+authentik_role_email_host: "localhost"+authentik_role_email_port: "25"+authentik_role_email_username: ""+authentik_role_email_password: ""+authentik_role_email_tls: "false"+authentik_role_email_ssl: "false"+authentik_role_email_timeout: "10"+authentik_role_email_from: "authentik@localhost"+# Hours, only fresh installs use this+authentik_role_access_token_validity: "24"++################################+# Legacy+################################++# Do not edit or override using the inventory+authentik_role_redis_name: "{{ authentik_name }}-redis"  ################################ # Postgres ################################ -authentik_postgres_name: "{{ authentik_name }}-postgres"-authentik_postgres_docker_env_db: "authentik"-authentik_postgres_docker_image_tag: "16-alpine"-authentik_postgres_docker_image_repo: "postgres"+# Authentik will always require postgres, this just allows you to skip the one Saltbox deploys+authentik_role_postgres_deploy: true+authentik_role_postgres_name: "{{ authentik_name }}-postgres"+# If empty it will fallback to postgres role default+authentik_role_postgres_user: ""+# If empty it will fallback to postgres role default+authentik_role_postgres_password: ""+authentik_role_postgres_docker_env_db: "authentik"+authentik_role_postgres_docker_image_tag: "16-alpine"+authentik_role_postgres_docker_image_repo: "postgres"+authentik_role_postgres_docker_healthcheck:+  test: ["CMD-SHELL", "pg_isready -d {{ lookup('role_var', '_postgres_docker_env_db', role='authentik') }} -U {{ lookup('role_var', '_postgres_user', role='authentik') if (lookup('role_var', '_postgres_user', role='authentik') | length > 0) else lookup('role_var', '_docker_env_user', role='postgres') }}"]+  start_period: 20s+  interval: 30s+  retries: 5+  timeout: 5s  ################################ # Paths ################################ -authentik_paths_folder: "{{ authentik_name }}"-authentik_paths_location: "{{ server_appdata_path }}/{{ authentik_paths_folder }}"-authentik_paths_folders_list:-  - "{{ authentik_paths_location }}"-  - "{{ authentik_paths_location }}/media"-  - "{{ authentik_paths_location }}/custom-templates"-  - "{{ authentik_paths_location }}/certs"+authentik_role_paths_folder: "{{ authentik_name }}"+authentik_role_paths_location: "{{ server_appdata_path }}/{{ authentik_role_paths_folder }}"+authentik_role_paths_folders_list:+  - "{{ authentik_role_paths_location }}"+  - "{{ authentik_role_paths_location }}/data"+  - "{{ authentik_role_paths_location }}/data/media"+  - "{{ authentik_role_paths_location }}/custom-templates"+  - "{{ authentik_role_paths_location }}/certs"  ################################ # Web ################################ -authentik_web_subdomain: "auth"-authentik_web_domain: "{{ user.domain }}"-authentik_web_port: "9000"-authentik_web_url: "{{ 'https://' + (authentik_web_subdomain + '.' + authentik_web_domain-                    if (authentik_web_subdomain | length > 0)-                    else authentik_web_domain) }}"+authentik_role_web_subdomain: "auth"+authentik_role_web_domain: "{{ user.domain }}"+authentik_role_web_port: "9000"+authentik_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='authentik') + '.' + lookup('role_var', '_web_domain', role='authentik')+                         if (lookup('role_var', '_web_subdomain', role='authentik') | length > 0)+                         else lookup('role_var', '_web_domain', role='authentik')) }}"+authentik_role_web_host: "{{ (lookup('role_var', '_web_subdomain', role='authentik') + '.' + lookup('role_var', '_web_domain', role='authentik')+                          if (lookup('role_var', '_web_subdomain', role='authentik') | length > 0)+                          else lookup('role_var', '_web_domain', role='authentik')) }}"  ################################ # DNS ################################ -authentik_dns_record: "{{ authentik_web_subdomain }}"-authentik_dns_zone: "{{ authentik_web_domain }}"-authentik_dns_proxy: "{{ dns.proxied }}"+authentik_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='authentik') }}"+authentik_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='authentik') }}"+authentik_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -authentik_traefik_sso_middleware: ""-authentik_traefik_middleware_default: "{{ traefik_default_middleware }}"-authentik_traefik_middleware_custom: ""-authentik_traefik_certresolver: "{{ traefik_default_certresolver }}"-authentik_traefik_enabled: true-authentik_traefik_api_enabled: false-authentik_traefik_api_endpoint: ""+authentik_role_traefik_sso_middleware: ""+authentik_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+authentik_role_traefik_middleware_custom: ""+authentik_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+authentik_role_traefik_enabled: true+authentik_role_traefik_api_enabled: false+authentik_role_traefik_api_endpoint: ""+authentik_role_traefik_outpost_catch_all: false  ################################ # Setup ################################ -authentik_host: "http://{{ authentik_name }}:9000"-authentik_default_user: "akadmin"+authentik_role_host: "http://{{ authentik_name }}:{{ lookup('role_var', '_web_port', role='authentik') }}"+authentik_role_default_user: "akadmin"+authentik_role_response_headers:+  - "X-authentik-username"+  - "X-authentik-groups"+  - "X-authentik-entitlements"+  - "X-authentik-email"+  - "X-authentik-name"+  - "X-authentik-uid"+  - "X-authentik-jwt"+  - "X-authentik-meta-jwks"+  - "X-authentik-meta-outpost"+  - "X-authentik-meta-provider"+  - "X-authentik-meta-app"+  - "X-authentik-meta-version"  ################################ # Docker ################################  # Container-authentik_docker_container: "{{ authentik_name }}"+authentik_role_docker_container: "{{ authentik_name }}"  # Image-authentik_docker_image_pull: true-authentik_docker_image_tag: "2025.8"-authentik_docker_image: "ghcr.io/goauthentik/server:{{ authentik_docker_image_tag }}"--# Ports-authentik_docker_ports_defaults: []-authentik_docker_ports_custom: []-authentik_docker_ports: "{{ authentik_docker_ports_defaults-                            + authentik_docker_ports_custom }}"+authentik_role_docker_image_pull: true+authentik_role_docker_image_repo: "ghcr.io/goauthentik/server"+authentik_role_docker_image_tag: "2025.12"+authentik_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='authentik') }}:{{ lookup('role_var', '_docker_image_tag', role='authentik') }}"  # Envs-authentik_docker_envs_default:-  AUTHENTIK_REDIS__HOST: authentik-redis-  AUTHENTIK_POSTGRESQL__HOST: "{{ authentik_postgres_name }}"-  AUTHENTIK_POSTGRESQL__USER: "{{ postgres_docker_env_user }}"-  AUTHENTIK_POSTGRESQL__NAME: "{{ authentik_postgres_docker_env_db }}"-  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ postgres_docker_env_password }}"+authentik_role_docker_envs_default:+  AUTHENTIK_POSTGRESQL__HOST: "{{ lookup('role_var', '_postgres_name', role='authentik') }}"+  AUTHENTIK_POSTGRESQL__USER: "{{ lookup('role_var', '_postgres_user', role='authentik')+                               if (lookup('role_var', '_postgres_user', role='authentik') | length > 0)+                               else lookup('role_var', '_docker_env_user', role='postgres') }}"+  AUTHENTIK_POSTGRESQL__NAME: "{{ lookup('role_var', '_postgres_docker_env_db', role='authentik') }}"+  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ lookup('role_var', '_postgres_password', role='authentik')+                                   if (lookup('role_var', '_postgres_password', role='authentik') | length > 0)+                                   else lookup('role_var', '_docker_env_password', role='postgres') }}"   AUTHENTIK_SECRET_KEY: "{{ authentik_saltbox_facts.facts.secret_key }}"-  AUTHENTIK_BOOTSTRAP_TOKEN: "{{ omit if authentik_data_folder.stat.exists else authentik_bootstrap_token }}"-  AUTHENTIK_EMAIL__HOST: "{{ authentik_email_host }}"-  AUTHENTIK_EMAIL__PORT: "{{ authentik_email_port }}"-  AUTHENTIK_EMAIL__USERNAME: "{{ authentik_email_username }}"-  AUTHENTIK_EMAIL__PASSWORD: "{{ authentik_email_password }}"-  AUTHENTIK_EMAIL__USE_TLS: "{{ authentik_email_tls }}"-  AUTHENTIK_EMAIL__USE_SSL: "{{ authentik_email_ssl }}"-  AUTHENTIK_EMAIL__TIMEOUT: "{{ authentik_email_timeout }}"-  AUTHENTIK_EMAIL__FROM: "{{ authentik_email_from }}"+  AUTHENTIK_BOOTSTRAP_TOKEN: "{{ omit+                              if authentik_data_folder.stat.exists+                              else authentik_bootstrap_token }}"+  AUTHENTIK_EMAIL__HOST: "{{ lookup('role_var', '_email_host', role='authentik') }}"+  AUTHENTIK_EMAIL__PORT: "{{ lookup('role_var', '_email_port', role='authentik') }}"+  AUTHENTIK_EMAIL__USERNAME: "{{ lookup('role_var', '_email_username', role='authentik') }}"+  AUTHENTIK_EMAIL__PASSWORD: "{{ lookup('role_var', '_email_password', role='authentik') }}"+  AUTHENTIK_EMAIL__USE_TLS: "{{ lookup('role_var', '_email_tls', role='authentik') }}"+  AUTHENTIK_EMAIL__USE_SSL: "{{ lookup('role_var', '_email_ssl', role='authentik') }}"+  AUTHENTIK_EMAIL__TIMEOUT: "{{ lookup('role_var', '_email_timeout', role='authentik') }}"+  AUTHENTIK_EMAIL__FROM: "{{ lookup('role_var', '_email_from', role='authentik') }}"   AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: "172.19.0.0/16"-authentik_docker_envs_custom: {}-authentik_docker_envs: "{{ authentik_docker_envs_default-                           | combine(authentik_docker_envs_custom) }}"+authentik_role_docker_envs_custom: {}+authentik_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='authentik')+                                | combine(lookup('role_var', '_docker_envs_custom', role='authentik')) }}"  # Commands-authentik_docker_commands_default:+authentik_role_docker_commands_default:   - "server"-authentik_docker_commands_custom: []-authentik_docker_commands: "{{ authentik_docker_commands_default-                               + authentik_docker_commands_custom }}"+authentik_role_docker_commands_custom: []+authentik_role_docker_commands: "{{ lookup('role_var', '_docker_commands_default', role='authentik')+                                    + lookup('role_var', '_docker_commands_custom', role='authentik') }}"  # Volumes-authentik_docker_volumes_default:-  - "{{ authentik_paths_location }}/media:/media"-  - "{{ authentik_paths_location }}/custom-templates:/templates"-authentik_docker_volumes_custom: []-authentik_docker_volumes: "{{ authentik_docker_volumes_default-                              + authentik_docker_volumes_custom }}"--# Devices-authentik_docker_devices_default: []-authentik_docker_devices_custom: []-authentik_docker_devices: "{{ authentik_docker_devices_default-                              + authentik_docker_devices_custom }}"--# Hosts-authentik_docker_hosts_default: {}-authentik_docker_hosts_custom: {}-authentik_docker_hosts: "{{ docker_hosts_common-                            | combine(authentik_docker_hosts_default)-                            | combine(authentik_docker_hosts_custom) }}"+authentik_role_docker_volumes_default:+  - "{{ authentik_role_paths_location }}/data:/data"+  - "{{ authentik_role_paths_location }}/custom-templates:/templates"+authentik_role_docker_volumes_custom: []+authentik_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='authentik')+                                   + lookup('role_var', '_docker_volumes_custom', role='authentik') }}"  # Labels-authentik_docker_labels_default:+authentik_role_docker_labels_default:   traefik.http.routers.authentik-outpost-http.entrypoints: "web"   traefik.http.routers.authentik-outpost-http.service: "authentik-outpost-http"   traefik.http.routers.authentik-outpost-http.rule: "PathPrefix(`/outpost.goauthentik.io/`)"@@ -165,46 +190,33 @@   traefik.http.routers.authentik-outpost.service: "authentik-outpost"   traefik.http.routers.authentik-outpost.rule: "PathPrefix(`/outpost.goauthentik.io/`)"   traefik.http.routers.authentik-outpost.tls.options: "securetls@file"-  traefik.http.routers.authentik-outpost.tls.certresolver: "{{ authentik_traefik_certresolver }}"+  traefik.http.routers.authentik-outpost.tls.certresolver: "{{ authentik_role_traefik_certresolver }}"   traefik.http.routers.authentik-outpost.middlewares: "{{ traefik_default_middleware }}"   traefik.http.routers.authentik-outpost.priority: "99"-  traefik.http.services.authentik-outpost-http.loadbalancer.server.port: "9000"-  traefik.http.services.authentik-outpost.loadbalancer.server.port: "9000"-authentik_docker_labels_custom: {}-authentik_docker_labels: "{{ docker_labels_common-                             | combine(authentik_docker_labels_default)-                             | combine(authentik_docker_labels_custom) }}"+  traefik.http.services.authentik-outpost-http.loadbalancer.server.port: "{{ lookup('role_var', '_web_port', role='authentik') }}"+  traefik.http.services.authentik-outpost.loadbalancer.server.port: "{{ lookup('role_var', '_web_port', role='authentik') }}"+authentik_role_docker_labels_custom: {}+authentik_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='authentik')+                                  | combine(lookup('role_var', '_docker_labels_custom', role='authentik')) }}"  # Hostname-authentik_docker_hostname: "{{ authentik_name }}"+authentik_role_docker_hostname: "{{ authentik_name }}"  # Networks-authentik_docker_networks_alias: "{{ authentik_name }}"-authentik_docker_networks_default: []-authentik_docker_networks_custom: []-authentik_docker_networks: "{{ docker_networks_common-                               + authentik_docker_networks_default-                               + authentik_docker_networks_custom }}"--# Capabilities-authentik_docker_capabilities_default: []-authentik_docker_capabilities_custom: []-authentik_docker_capabilities: "{{ authentik_docker_capabilities_default-                                   + authentik_docker_capabilities_custom }}"--# Security Opts-authentik_docker_security_opts_default: []-authentik_docker_security_opts_custom: []-authentik_docker_security_opts: "{{ authentik_docker_security_opts_default-                                    + authentik_docker_security_opts_custom }}"+authentik_role_docker_networks_alias: "{{ authentik_name }}"+authentik_role_docker_networks_default: []+authentik_role_docker_networks_custom: []+authentik_role_docker_networks: "{{ docker_networks_common+                                    + lookup('role_var', '_docker_networks_default', role='authentik')+                                    + lookup('role_var', '_docker_networks_custom', role='authentik') }}"  # Restart Policy-authentik_docker_restart_policy: unless-stopped+authentik_role_docker_restart_policy: unless-stopped  # State-authentik_docker_state: started+authentik_role_docker_state: started  # Dependencies-authentik_depends_on: "authentik-redis,{{ authentik_postgres_name }}"-authentik_depends_on_delay: "0"-authentik_depends_on_healthchecks: "false"+authentik_role_depends_on: "{{ lookup('role_var', '_postgres_name', role='authentik') }}"+authentik_role_depends_on_delay: "0"+authentik_role_depends_on_healthchecks: "true"

modified

roles/authentik/tasks/main.yml

@@ -10,59 +10,67 @@ - name: Remove existing Docker containers   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "{{ item }}"+    container_name: "{{ item }}"   loop:     - "{{ authentik_name }}"-    - "authentik-worker"-    - "authentik-redis"-    - "authentik-postgres"+    - "{{ authentik_worker_name }}"+    - "{{ lookup('role_var', '_postgres_name', role='authentik') }}"+    - "{{ lookup('role_var', '_redis_name', role='authentik') }}" # Legacy removal  - name: Reset Authentik directory   ansible.builtin.file:-    path: "{{ authentik_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='authentik') }}"     state: absent   when: ('authentik-reset' in ansible_run_tags) -- name: Check if '{{ authentik_paths_location }}' exists+- name: Check if '{{ lookup('role_var', '_paths_location', role='authentik') }}' exists   ansible.builtin.stat:-    path: "{{ authentik_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='authentik') }}"   register: authentik_data_folder  - name: Generate Bootstrap Token   ansible.builtin.set_fact:     authentik_bootstrap_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters', 'digits'], length=50) }}"+  when: (not authentik_data_folder.stat.exists)++- name: Check if legacy media directory exists+  ansible.builtin.stat:+    path: "{{ lookup('role_var', '_paths_location', role='authentik') }}/media"+  register: authentik_legacy_media_folder++- name: Migrate legacy media directory to /data/media+  migrate_folder:+    legacy_path: "{{ lookup('role_var', '_paths_location', role='authentik') }}/media"+    new_path: "{{ lookup('role_var', '_paths_location', role='authentik') }}/data/media"+    owner: "{{ user.name }}"+    group: "{{ user.name }}"+    mode: "0775"+  when: authentik_legacy_media_folder.stat.exists  - name: Create directories   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"--- name: "Import Redis Role"-  ansible.builtin.include_role:-    name: redis-  vars:-    redis_instances: ["authentik-redis"]-    redis_docker_image_tag: "alpine"-    redis_paths_folder: "{{ authentik_paths_folder }}/redis"-    redis_paths_location: "{{ server_appdata_path }}/{{ redis_paths_folder }}"-    redis_docker_commands_default:-      - "--save 60 1 --loglevel warning"  - name: "Import Postgres Role"   ansible.builtin.include_role:     name: postgres   vars:-    postgres_instances: ["{{ authentik_postgres_name }}"]-    postgres_docker_image_tag: "{{ authentik_postgres_docker_image_tag }}"-    postgres_docker_image_repo: "{{ authentik_postgres_docker_image_repo }}"-    postgres_paths_folder: "{{ authentik_paths_folder }}/postgres"-    postgres_paths_location: "{{ server_appdata_path }}/{{ postgres_paths_folder }}"-    postgres_docker_env_db: "{{ authentik_postgres_docker_env_db }}"+    postgres_instances: ["{{ lookup('role_var', '_postgres_name', role='authentik') }}"]+    postgres_role_docker_image_tag: "{{ lookup('role_var', '_postgres_docker_image_tag', role='authentik') }}"+    postgres_role_docker_image_repo: "{{ lookup('role_var', '_postgres_docker_image_repo', role='authentik') }}"+    postgres_role_paths_folder: "{{ lookup('role_var', '_paths_folder', role='authentik') }}/postgres"+    postgres_role_paths_location: "{{ server_appdata_path }}/{{ postgres_role_paths_folder }}"+    postgres_role_docker_env_db: "{{ lookup('role_var', '_postgres_docker_env_db', role='authentik') }}"+    postgres_role_docker_env_user_include: "{{ lookup('role_var', '_postgres_user', role='authentik') }}"+    postgres_role_docker_env_password_include: "{{ lookup('role_var', '_postgres_password', role='authentik') }}"+    postgres_role_docker_healthcheck: "{{ lookup('role_var', '_postgres_docker_healthcheck', role='authentik') }}"+  when: lookup('role_var', '_postgres_deploy', role='authentik')  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: "Save Authentik Saltbox facts"   saltbox_facts:@@ -72,7 +80,16 @@       secret_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters', 'digits'], length=50) }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"+    base_path: "{{ server_appdata_path }}"   register: authentik_saltbox_facts++- name: "Wait for {{ lookup('role_var', '_postgres_name', role='authentik') }} container to be healthy"+  community.docker.docker_container_info:+    name: "{{ lookup('role_var', '_postgres_name', role='authentik') }}"+  until: "authentik_postgres_container_info.container.State.Health.Status == 'healthy'"+  register: authentik_postgres_container_info+  retries: 15+  delay: 10  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"@@ -81,10 +98,6 @@   ansible.builtin.include_role:     name: authentik_worker -- name: Setup Toggle-  ansible.builtin.set_fact:-    authentik_setup: "{{ false if authentik_data_folder.stat.exists else true }}"- - name: Setup Task-  ansible.builtin.import_tasks: "subtasks/setup.yml"-  when: authentik_setup and not continuous_integration+  ansible.builtin.include_tasks: "subtasks/setup.yml"+  when: (not authentik_data_folder.stat.exists)

modified

roles/authentik/tasks/subtasks/setup.yml

@@ -9,7 +9,7 @@ --- - name: Validate bootstrap token (retry until Authentik is ready)   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/me/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/me/"     method: GET     headers:       Authorization: "Bearer {{ authentik_bootstrap_token }}"@@ -20,7 +20,7 @@  - name: Create new admin user   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/"     method: POST     body_format: json     headers:@@ -37,7 +37,7 @@  - name: Set new admin user's password   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/{{ new_user_response.json.pk }}/set_password/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/{{ new_user_response.json.pk }}/set_password/"     method: POST     body_format: json     headers:@@ -47,10 +47,11 @@     body:       password: "{{ user.pass }}"     status_code: 204+  no_log: true  - name: Create new admin group   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/groups/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/groups/"     method: POST     body_format: json     headers:@@ -60,14 +61,14 @@     body:       name: "admins"       is_superuser: true-      parent: null+      parents: []       users:         - "{{ new_user_response.json.pk }}"     status_code: 201  - name: Create token for new admin user   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/tokens/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/tokens/"     method: POST     body_format: json     headers:@@ -83,7 +84,7 @@  - name: Get token for new admin user   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/tokens/saltbox-api-token/view_key/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/tokens/saltbox-api-token/view_key/"     method: GET     body_format: json     headers:@@ -104,16 +105,25 @@       api_token: "{{ authentik_admin_token }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"+    base_path: "{{ server_appdata_path }}"  - name: Retrieve flow instances   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/flows/instances/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/flows/instances/"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"       Accept: "application/json"     status_code: 200   register: flow_instances+  retries: 60+  delay: 10+  until: >-+    (flow_instances.json.results | default([]) | selectattr('slug', 'equalto', 'default-provider-authorization-implicit-consent')+    | list | length > 0)+    and+    (flow_instances.json.results | default([]) | selectattr('slug', 'equalto', 'default-provider-invalidation-flow')+    | list | length > 0)  - name: Set authorization flow   ansible.builtin.set_fact:@@ -129,7 +139,7 @@  - name: Create Traefik Forward Auth provider   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/providers/proxy/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/providers/proxy/"     method: POST     body_format: json     headers:@@ -140,16 +150,16 @@       name: "Traefik Forward Auth"       authorization_flow: "{{ authentik_authorization_flow_uuid }}"       invalidation_flow: "{{ authentik_invalidation_flow_uuid }}"-      cookie_domain: "{{ authentik_web_domain }}"-      external_host: "{{ authentik_web_url }}"+      cookie_domain: "{{ lookup('role_var', '_web_domain', role='authentik') }}"+      external_host: "{{ lookup('role_var', '_web_url', role='authentik') }}"       mode: "forward_domain"-      access_token_validity: "hours={{ authentik_access_token_validity }}"+      access_token_validity: "hours={{ lookup('role_var', '_access_token_validity', role='authentik') }}"     status_code: 201   register: proxy_providers  - name: Create Traefik Forward Auth application   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/applications/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/applications/"     method: POST     body_format: json     headers:@@ -165,7 +175,7 @@  - name: Retrieve Outposts   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/outposts/instances/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/outposts/instances/"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -175,7 +185,7 @@  - name: Edit Embedded Outpost   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/outposts/instances/{{ outposts.json.results[0].pk }}/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/outposts/instances/{{ outposts.json.results[0].pk }}/"     method: PATCH     body_format: json     headers:@@ -186,12 +196,12 @@       providers:         - "{{ proxy_providers.json.pk }}"       config:-        authentik_host: "{{ authentik_web_url }}"+        authentik_host: "{{ lookup('role_var', '_web_url', role='authentik') }}"     status_code: 200  - name: Get admins group ID   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/groups/?name=admins"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/groups/?name=admins"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -202,7 +212,7 @@  - name: Get all notification rules   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/events/rules/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/events/rules/"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -213,7 +223,7 @@  - name: Update notification rules with admins group   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/events/rules/{{ item.pk }}/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/events/rules/{{ item.pk }}/"     method: PATCH     body_format: json     headers:@@ -228,14 +238,15 @@ - name: Remove existing Docker containers   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "{{ item }}"+    container_name: "{{ item }}"   loop:     - "authentik"     - "authentik-worker" -- name: Check if '{{ authentik_paths_location }}' exists+# To ensure bootstrap token is no longer set+- name: Check if '{{ lookup('role_var', '_paths_location', role='authentik') }}' exists   ansible.builtin.stat:-    path: "{{ authentik_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='authentik') }}"   register: authentik_data_folder  - name: Create Docker container@@ -247,7 +258,7 @@  - name: Validate Saltbox token (retry until Authentik is ready)   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/me/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/me/"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -258,7 +269,7 @@  - name: Delete authentik-bootstrap-token   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/tokens/authentik-bootstrap-token/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/tokens/authentik-bootstrap-token/"     method: DELETE     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -267,7 +278,7 @@  - name: Get Users   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/"     method: GET     headers:       Authorization: "Bearer {{ authentik_admin_token }}"@@ -275,15 +286,15 @@     status_code: 200   register: get_users_response -- name: fact+- name: Set fact   ansible.builtin.set_fact:     akadmin_id: "{{ item.pk }}"   loop: "{{ get_users_response.json.results }}"-  when: item.username == authentik_default_user+  when: item.username == authentik_role_default_user  - name: Disable akadmin user   ansible.builtin.uri:-    url: "{{ authentik_host }}/api/v3/core/users/{{ akadmin_id }}/"+    url: "{{ lookup('role_var', '_host', role='authentik') }}/api/v3/core/users/{{ akadmin_id }}/"     method: PATCH     body_format: json     headers:

modified

roles/authentik_worker/defaults/main.yml

@@ -18,95 +18,58 @@ ################################  # Container-authentik_worker_docker_container: "{{ authentik_worker_name }}"+authentik_worker_role_docker_container: "{{ authentik_worker_name }}"  # Image-authentik_worker_docker_image_pull: true-authentik_worker_docker_image_tag: "{{ authentik_docker_image_tag }}"-authentik_worker_docker_image: "ghcr.io/goauthentik/server:{{ authentik_worker_docker_image_tag }}"--# Ports-authentik_worker_docker_ports_defaults: []-authentik_worker_docker_ports_custom: []-authentik_worker_docker_ports: "{{ authentik_worker_docker_ports_defaults-                                   + authentik_worker_docker_ports_custom }}"+authentik_worker_role_docker_image_pull: true+authentik_worker_role_docker_image_repo: "ghcr.io/goauthentik/server"+authentik_worker_role_docker_image_tag: "{{ lookup('role_var', '_docker_image_tag', role='authentik') }}"+authentik_worker_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='authentik_worker') }}:{{ lookup('role_var', '_docker_image_tag', role='authentik_worker') }}"  # Envs-authentik_worker_docker_envs_default: "{{ authentik_docker_envs_default }}"-authentik_worker_docker_envs_custom: {}-authentik_worker_docker_envs: "{{ authentik_worker_docker_envs_default-                                  | combine(authentik_worker_docker_envs_custom) }}"+authentik_worker_role_docker_envs_default: "{{ lookup('role_var', '_docker_envs_default', role='authentik') }}"+authentik_worker_role_docker_envs_custom: {}+authentik_worker_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='authentik_worker')+                                       | combine(lookup('role_var', '_docker_envs_custom', role='authentik_worker')) }}"  # Commands-authentik_worker_docker_commands_default:+authentik_worker_role_docker_commands_default:   - "worker"-authentik_worker_docker_commands_custom: []-authentik_worker_docker_commands: "{{ authentik_worker_docker_commands_default-                                      + authentik_worker_docker_commands_custom }}"+authentik_worker_role_docker_commands_custom: []+authentik_worker_role_docker_commands: "{{ lookup('role_var', '_docker_commands_default', role='authentik_worker')+                                           + lookup('role_var', '_docker_commands_custom', role='authentik_worker') }}"  # Volumes-authentik_worker_docker_volumes_default:-  - "{{ server_appdata_path }}/authentik/media:/media"-  - "{{ server_appdata_path }}/authentik/custom-templates:/templates"-  - "{{ server_appdata_path }}/authentik/certs:/certs"+authentik_worker_role_docker_volumes_default:+  - "{{ authentik_role_paths_location }}/data:/data"+  - "{{ authentik_role_paths_location }}/custom-templates:/templates"+  - "{{ authentik_role_paths_location }}/certs:/certs"   - "/var/run/docker.sock:/var/run/docker.sock"-authentik_worker_docker_volumes_custom: []-authentik_worker_docker_volumes: "{{ authentik_worker_docker_volumes_default-                                     + authentik_worker_docker_volumes_custom }}"--# Devices-authentik_worker_docker_devices_default: []-authentik_worker_docker_devices_custom: []-authentik_worker_docker_devices: "{{ authentik_worker_docker_devices_default-                                     + authentik_worker_docker_devices_custom }}"--# Hosts-authentik_worker_docker_hosts_default: {}-authentik_worker_docker_hosts_custom: {}-authentik_worker_docker_hosts: "{{ docker_hosts_common-                                   | combine(authentik_worker_docker_hosts_default)-                                   | combine(authentik_worker_docker_hosts_custom) }}"--# Labels-authentik_worker_docker_labels_default: {}-authentik_worker_docker_labels_custom: {}-authentik_worker_docker_labels: "{{ docker_labels_common-                                    | combine(authentik_worker_docker_labels_default)-                                    | combine(authentik_worker_docker_labels_custom) }}"+authentik_worker_role_docker_volumes_custom: []+authentik_worker_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='authentik_worker')+                                          + lookup('role_var', '_docker_volumes_custom', role='authentik_worker') }}"  # Hostname-authentik_worker_docker_hostname: "{{ authentik_worker_name }}"+authentik_worker_role_docker_hostname: "{{ authentik_worker_name }}"  # Networks-authentik_worker_docker_networks_alias: "{{ authentik_worker_name }}"-authentik_worker_docker_networks_default: []-authentik_worker_docker_networks_custom: []-authentik_worker_docker_networks: "{{ docker_networks_common-                                      + authentik_worker_docker_networks_default-                                      + authentik_worker_docker_networks_custom }}"--# Capabilities-authentik_worker_docker_capabilities_default: []-authentik_worker_docker_capabilities_custom: []-authentik_worker_docker_capabilities: "{{ authentik_worker_docker_capabilities_default-                                          + authentik_worker_docker_capabilities_custom }}"--# Security Opts-authentik_worker_docker_security_opts_default: []-authentik_worker_docker_security_opts_custom: []-authentik_worker_docker_security_opts: "{{ authentik_worker_docker_security_opts_default-                                           + authentik_worker_docker_security_opts_custom }}"+authentik_worker_role_docker_networks_alias: "{{ authentik_worker_name }}"+authentik_worker_role_docker_networks_default: []+authentik_worker_role_docker_networks_custom: []+authentik_worker_role_docker_networks: "{{ docker_networks_common+                                           + lookup('role_var', '_docker_networks_default', role='authentik_worker')+                                           + lookup('role_var', '_docker_networks_custom', role='authentik_worker') }}"  # Restart Policy-authentik_worker_docker_restart_policy: unless-stopped+authentik_worker_role_docker_restart_policy: unless-stopped  # State-authentik_worker_docker_state: started+authentik_worker_role_docker_state: started  # Dependencies-authentik_worker_depends_on: "authentik-redis,authentik-postgres"-authentik_worker_depends_on_delay: "0"-authentik_worker_depends_on_healthchecks: "false"+authentik_worker_role_depends_on: "{{ lookup('role_var', '_postgres_name', role='authentik') }}"+authentik_worker_role_depends_on_delay: "0"+authentik_worker_role_depends_on_healthchecks: "true"  # User-authentik_worker_docker_user: "root"+authentik_worker_role_docker_user: "root"

modified

roles/autobrr/defaults/main.yml

@@ -17,131 +17,88 @@ # Paths ################################ -autobrr_paths_folder: "{{ autobrr_name }}"-autobrr_paths_location: "{{ server_appdata_path }}/{{ autobrr_paths_folder }}"-autobrr_paths_config_location: "{{ autobrr_paths_location }}/config.toml"-autobrr_paths_folders_list:-  - "{{ autobrr_paths_location }}"-autobrr_paths_recursive: true+autobrr_role_paths_folder: "{{ autobrr_name }}"+autobrr_role_paths_location: "{{ server_appdata_path }}/{{ autobrr_role_paths_folder }}"+autobrr_role_paths_config_location: "{{ autobrr_role_paths_location }}/config.toml"+autobrr_role_paths_folders_list:+  - "{{ autobrr_role_paths_location }}"+autobrr_role_paths_recursive: true  ################################ # Web ################################ -autobrr_web_subdomain: "{{ autobrr_name }}"-autobrr_web_domain: "{{ user.domain }}"-autobrr_web_port: "7474"-autobrr_web_url: "{{ 'https://' + (autobrr_web_subdomain + '.' + autobrr_web_domain-                  if (autobrr_web_subdomain | length > 0)-                  else autobrr_web_domain) }}"+autobrr_role_web_subdomain: "{{ autobrr_name }}"+autobrr_role_web_domain: "{{ user.domain }}"+autobrr_role_web_port: "7474"+autobrr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='autobrr') + '.' + lookup('role_var', '_web_domain', role='autobrr')+                       if (lookup('role_var', '_web_subdomain', role='autobrr') | length > 0)+                       else lookup('role_var', '_web_domain', role='autobrr')) }}"  ################################ # DNS ################################ -autobrr_dns_record: "{{ autobrr_web_subdomain }}"-autobrr_dns_zone: "{{ autobrr_web_domain }}"-autobrr_dns_proxy: "{{ dns.proxied }}"+autobrr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='autobrr') }}"+autobrr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='autobrr') }}"+autobrr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -autobrr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-autobrr_traefik_middleware_default: "{{ traefik_default_middleware }}"-autobrr_traefik_middleware_custom: ""-autobrr_traefik_certresolver: "{{ traefik_default_certresolver }}"-autobrr_traefik_enabled: true-autobrr_traefik_api_enabled: true-autobrr_traefik_api_endpoint: "PathPrefix(`/api`)"+autobrr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+autobrr_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+autobrr_role_traefik_middleware_custom: ""+autobrr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+autobrr_role_traefik_enabled: true+autobrr_role_traefik_api_enabled: true+autobrr_role_traefik_api_endpoint: "PathPrefix(`/api`)"  ################################ # Docker ################################  # Container-autobrr_docker_container: "{{ autobrr_name }}"+autobrr_role_docker_container: "{{ autobrr_name }}"  # Image-autobrr_docker_image_pull: true-autobrr_docker_image_tag: "latest"-autobrr_docker_image: "ghcr.io/autobrr/autobrr:{{ autobrr_docker_image_tag }}"--# Ports-autobrr_docker_ports_defaults: []-autobrr_docker_ports_custom: []-autobrr_docker_ports: "{{ autobrr_docker_ports_defaults-                          + autobrr_docker_ports_custom }}"+autobrr_role_docker_image_pull: true+autobrr_role_docker_image_repo: "ghcr.io/autobrr/autobrr"+autobrr_role_docker_image_tag: "latest"+autobrr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='autobrr') }}:{{ lookup('role_var', '_docker_image_tag', role='autobrr') }}"  # Envs-autobrr_docker_envs_default:+autobrr_role_docker_envs_default:   AUTOBRR__LOG_PATH: "/config/autobrr.log"   TZ: "{{ tz }}"-autobrr_docker_envs_custom: {}-autobrr_docker_envs: "{{ autobrr_docker_envs_default-                         | combine(autobrr_docker_envs_custom) }}"--# Commands-autobrr_docker_commands_default: []-autobrr_docker_commands_custom: []-autobrr_docker_commands: "{{ autobrr_docker_commands_default-                             + autobrr_docker_commands_custom }}"+autobrr_role_docker_envs_custom: {}+autobrr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='autobrr')+                              | combine(lookup('role_var', '_docker_envs_custom', role='autobrr')) }}"  # Volumes-autobrr_docker_volumes_default:-  - "{{ autobrr_paths_location }}:/config"-autobrr_docker_volumes_custom: []-autobrr_docker_volumes: "{{ autobrr_docker_volumes_default-                            + autobrr_docker_volumes_custom }}"--# Devices-autobrr_docker_devices_default: []-autobrr_docker_devices_custom: []-autobrr_docker_devices: "{{ autobrr_docker_devices_default-                            + autobrr_docker_devices_custom }}"--# Hosts-autobrr_docker_hosts_default: {}-autobrr_docker_hosts_custom: {}-autobrr_docker_hosts: "{{ docker_hosts_common-                          | combine(autobrr_docker_hosts_default)-                          | combine(autobrr_docker_hosts_custom) }}"--# Labels-autobrr_docker_labels_default: {}-autobrr_docker_labels_custom: {}-autobrr_docker_labels: "{{ docker_labels_common-                           | combine(autobrr_docker_labels_default)-                           | combine(autobrr_docker_labels_custom) }}"+autobrr_role_docker_volumes_default:+  - "{{ autobrr_role_paths_location }}:/config"+autobrr_role_docker_volumes_custom: []+autobrr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='autobrr')+                                 + lookup('role_var', '_docker_volumes_custom', role='autobrr') }}"  # Hostname-autobrr_docker_hostname: "{{ autobrr_name }}"+autobrr_role_docker_hostname: "{{ autobrr_name }}"  # Networks-autobrr_docker_networks_alias: "{{ autobrr_name }}"-autobrr_docker_networks_default: []-autobrr_docker_networks_custom: []-autobrr_docker_networks: "{{ docker_networks_common-                             + autobrr_docker_networks_default-                             + autobrr_docker_networks_custom }}"--# Capabilities-autobrr_docker_capabilities_default: []-autobrr_docker_capabilities_custom: []-autobrr_docker_capabilities: "{{ autobrr_docker_capabilities_default-                                 + autobrr_docker_capabilities_custom }}"--# Security Opts-autobrr_docker_security_opts_default: []-autobrr_docker_security_opts_custom: []-autobrr_docker_security_opts: "{{ autobrr_docker_security_opts_default-                                  + autobrr_docker_security_opts_custom }}"+autobrr_role_docker_networks_alias: "{{ autobrr_name }}"+autobrr_role_docker_networks_default: []+autobrr_role_docker_networks_custom: []+autobrr_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='autobrr')+                                  + lookup('role_var', '_docker_networks_custom', role='autobrr') }}"  # Restart Policy-autobrr_docker_restart_policy: unless-stopped+autobrr_role_docker_restart_policy: unless-stopped  # State-autobrr_docker_state: started+autobrr_role_docker_state: started  # User-autobrr_docker_user: "{{ uid }}:{{ gid }}"+autobrr_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/autobrr/tasks/main.yml

@@ -10,47 +10,26 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"  - name: Check if already installed   ansible.builtin.stat:-    path: "{{ autobrr_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='autobrr') }}"   register: autobrr_directory  - name: Create directories   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml" -- name: Check if `{{ autobrr_paths_config_location | basename }}` exists-  ansible.builtin.stat:-    path: "{{ autobrr_paths_config_location }}"-  register: autobrr_config--- name: New `{{ autobrr_paths_config_location | basename }}` tasks-  when: not autobrr_config.stat.exists-  block:-    - name: Generate sessionSecret-      ansible.builtin.shell: "head /dev/urandom | tr -dc A-Za-z0-9 | head -c16"-      register: autobrr_secret--    - name: Import default `{{ autobrr_paths_config_location | basename }}`-      ansible.builtin.template:-        src: config.toml.j2-        dest: "{{ autobrr_paths_config_location }}"-        owner: "{{ user.name }}"-        group: "{{ user.name }}"-        mode: "0664"- - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml" -- name: Advise user to create Autobrr user-  ansible.builtin.debug:-    msg:-      - "Run the following to create your user:"-      - "docker exec -it {{ lookup('vars', role_name + '_name') }} sh -c 'autobrrctl --config /config create-user {{ user.name }}'"-  when: not autobrr_directory.stat.exists+- name: Create Autobrr user+  ansible.builtin.shell: |+    docker exec -i {{ autobrr_name }} sh -c 'echo "{{ user.pass }}" | autobrrctl --config /config create-user {{ user.name }}'+  no_log: true+  when: (not autobrr_directory.stat.exists)

modified

roles/autoheal/defaults/main.yml

@@ -18,85 +18,41 @@ ################################  # Container-autoheal_docker_container: "{{ autoheal_name }}"+autoheal_role_docker_container: "{{ autoheal_name }}"  # Image-autoheal_docker_image_pull: true-autoheal_docker_image_tag: "latest"-autoheal_docker_image: "willfarrell/autoheal:{{ autoheal_docker_image_tag }}"--# Ports-autoheal_docker_ports_defaults: []-autoheal_docker_ports_custom: []-autoheal_docker_ports: "{{ autoheal_docker_ports_defaults-                           + autoheal_docker_ports_custom }}"+autoheal_role_docker_image_pull: true+autoheal_role_docker_image_tag: "latest"+autoheal_role_docker_image: "willfarrell/autoheal:{{ autoheal_role_docker_image_tag }}"  # Envs-autoheal_docker_envs_default:+autoheal_role_docker_envs_default:   AUTOHEAL_CONTAINER_LABEL: "autoheal"-autoheal_docker_envs_custom: {}-autoheal_docker_envs: "{{ autoheal_docker_envs_default-                          | combine(autoheal_docker_envs_custom) }}"--# Commands-autoheal_docker_commands_default: []-autoheal_docker_commands_custom: []-autoheal_docker_commands: "{{ autoheal_docker_commands_default-                              + autoheal_docker_commands_custom }}"+autoheal_role_docker_envs_custom: {}+autoheal_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='autoheal')+                               | combine(lookup('role_var', '_docker_envs_custom', role='autoheal')) }}"  # Volumes-autoheal_docker_volumes_default:+autoheal_role_docker_volumes_default:   - "/var/run/docker.sock:/var/run/docker.sock"   - "/etc/localtime:/etc/localtime:ro"-autoheal_docker_volumes_custom: []-autoheal_docker_volumes: "{{ autoheal_docker_volumes_default-                             + autoheal_docker_volumes_custom }}"--# Devices-autoheal_docker_devices_default: []-autoheal_docker_devices_custom: []-autoheal_docker_devices: "{{ autoheal_docker_devices_default-                             + autoheal_docker_devices_custom }}"--# Hosts-autoheal_docker_hosts_default: {}-autoheal_docker_hosts_custom: {}-autoheal_docker_hosts: "{{ docker_hosts_common-                           | combine(autoheal_docker_hosts_default)-                           | combine(autoheal_docker_hosts_custom) }}"--# Labels-autoheal_docker_labels_default: {}-autoheal_docker_labels_custom: {}-autoheal_docker_labels: "{{ docker_labels_common-                            | combine(autoheal_docker_labels_default)-                            | combine(autoheal_docker_labels_custom) }}"+autoheal_role_docker_volumes_custom: []+autoheal_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='autoheal')+                                  + lookup('role_var', '_docker_volumes_custom', role='autoheal') }}"  # Hostname-autoheal_docker_hostname: "{{ autoheal_name }}"+autoheal_role_docker_hostname: "{{ autoheal_name }}"  # Networks-autoheal_docker_networks_alias: "{{ autoheal_name }}"-autoheal_docker_networks_default: []-autoheal_docker_networks_custom: []-autoheal_docker_networks: "{{ docker_networks_common-                              + autoheal_docker_networks_default-                              + autoheal_docker_networks_custom }}"--# Capabilities-autoheal_docker_capabilities_default: []-autoheal_docker_capabilities_custom: []-autoheal_docker_capabilities: "{{ autoheal_docker_capabilities_default-                                  + autoheal_docker_capabilities_custom }}"--# Security Opts-autoheal_docker_security_opts_default: []-autoheal_docker_security_opts_custom: []-autoheal_docker_security_opts: "{{ autoheal_docker_security_opts_default-                                   + autoheal_docker_security_opts_custom }}"+autoheal_role_docker_networks_alias: "{{ autoheal_name }}"+autoheal_role_docker_networks_default: []+autoheal_role_docker_networks_custom: []+autoheal_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='autoheal')+                                   + lookup('role_var', '_docker_networks_custom', role='autoheal') }}"  # Restart Policy-autoheal_docker_restart_policy: unless-stopped+autoheal_role_docker_restart_policy: unless-stopped  # State-autoheal_docker_state: started+autoheal_role_docker_state: started

modified

roles/autoscan/defaults/main.yml

@@ -17,142 +17,101 @@ # Paths ################################ -autoscan_paths_folder: "{{ autoscan_name }}"-autoscan_paths_location: "{{ server_appdata_path }}/{{ autoscan_paths_folder }}"-autoscan_paths_folders_list:-  - "{{ autoscan_paths_location }}"-autoscan_paths_config_location: "{{ autoscan_paths_location }}/config.yml"+autoscan_role_paths_folder: "{{ autoscan_name }}"+autoscan_role_paths_location: "{{ server_appdata_path }}/{{ autoscan_role_paths_folder }}"+autoscan_role_paths_folders_list:+  - "{{ autoscan_role_paths_location }}"+autoscan_role_paths_config_location: "{{ autoscan_role_paths_location }}/config.yml"  ################################ # Web ################################ -autoscan_web_subdomain: "{{ autoscan_name }}"-autoscan_web_domain: "{{ user.domain }}"-autoscan_web_port: "3030"-autoscan_web_url: "{{ 'https://' + (lookup('vars', autoscan_name + '_web_subdomain', default=autoscan_web_subdomain) + '.' + lookup('vars', autoscan_name + '_web_domain', default=autoscan_web_domain)-                   if (lookup('vars', autoscan_name + '_web_subdomain', default=autoscan_web_subdomain) | length > 0)-                   else lookup('vars', autoscan_name + '_web_domain', default=autoscan_web_domain)) }}"+autoscan_role_web_subdomain: "{{ autoscan_name }}"+autoscan_role_web_domain: "{{ user.domain }}"+autoscan_role_web_port: "3030"+autoscan_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='autoscan') + '.' + lookup('role_var', '_web_domain', role='autoscan')+                        if (lookup('role_var', '_web_subdomain', role='autoscan') | length > 0)+                        else lookup('role_var', '_web_domain', role='autoscan')) }}"  ################################ # DNS ################################ -autoscan_dns_record: "{{ lookup('vars', autoscan_name + '_web_subdomain', default=autoscan_web_subdomain) }}"-autoscan_dns_zone: "{{ lookup('vars', autoscan_name + '_web_domain', default=autoscan_web_domain) }}"-autoscan_dns_proxy: "{{ dns.proxied }}"+autoscan_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='autoscan') }}"+autoscan_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='autoscan') }}"+autoscan_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -autoscan_traefik_regex_middleware_string: ",{{ autoscan_name }}-replacepathregex"-autoscan_traefik_sso_middleware: ""-autoscan_traefik_middleware_default: "{{ traefik_default_middleware + autoscan_traefik_regex_middleware_string }}"-autoscan_traefik_middleware_custom: ""-autoscan_traefik_certresolver: "{{ traefik_default_certresolver }}"-autoscan_traefik_enabled: true-autoscan_traefik_api_enabled: false-autoscan_traefik_api_endpoint: ""+autoscan_role_traefik_regex_middleware_string: ",{{ autoscan_name }}-replacepathregex"+autoscan_role_traefik_sso_middleware: ""+autoscan_role_traefik_middleware_default: "{{ traefik_default_middleware + autoscan_role_traefik_regex_middleware_string }}"+autoscan_role_traefik_middleware_custom: ""+autoscan_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+autoscan_role_traefik_enabled: true+autoscan_role_traefik_api_enabled: false+autoscan_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-autoscan_docker_container: "{{ autoscan_name }}"+autoscan_role_docker_container: "{{ autoscan_name }}"  # Image-autoscan_docker_image_pull: true-autoscan_docker_image_tag: "latest"-autoscan_docker_image: "saltydk/autoscan:{{ lookup('vars', autoscan_name + '_docker_image_tag', default=autoscan_docker_image_tag) }}"--# Ports-autoscan_docker_ports_defaults: []-autoscan_docker_ports_custom: []-autoscan_docker_ports: "{{ lookup('vars', autoscan_name + '_docker_ports_defaults', default=autoscan_docker_ports_defaults)-                           + lookup('vars', autoscan_name + '_docker_ports_custom', default=autoscan_docker_ports_custom) }}"+autoscan_role_docker_image_pull: true+autoscan_role_docker_image_repo: "saltydk/autoscan"+autoscan_role_docker_image_tag: "latest"+autoscan_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='autoscan') }}:{{ lookup('role_var', '_docker_image_tag', role='autoscan') }}"  # Envs-autoscan_docker_envs_default:+autoscan_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"-autoscan_docker_envs_custom: {}-autoscan_docker_envs: "{{ lookup('vars', autoscan_name + '_docker_envs_default', default=autoscan_docker_envs_default)-                          | combine(lookup('vars', autoscan_name + '_docker_envs_custom', default=autoscan_docker_envs_custom)) }}"--# Commands-autoscan_docker_commands_default: []-autoscan_docker_commands_custom: []-autoscan_docker_commands: "{{ lookup('vars', autoscan_name + '_docker_commands_default', default=autoscan_docker_commands_default)-                              + lookup('vars', autoscan_name + '_docker_commands_custom', default=autoscan_docker_commands_custom) }}"+autoscan_role_docker_envs_custom: {}+autoscan_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='autoscan')+                               | combine(lookup('role_var', '_docker_envs_custom', role='autoscan')) }}"  # Volumes-autoscan_docker_volumes_default:-  - "{{ autoscan_paths_location }}:/config"-autoscan_docker_volumes_custom: []-autoscan_docker_volumes: "{{ lookup('vars', autoscan_name + '_docker_volumes_default', default=autoscan_docker_volumes_default)-                             + lookup('vars', autoscan_name + '_docker_volumes_custom', default=autoscan_docker_volumes_custom) }}"--# Devices-autoscan_docker_devices_default: []-autoscan_docker_devices_custom: []-autoscan_docker_devices: "{{ lookup('vars', autoscan_name + '_docker_devices_default', default=autoscan_docker_devices_default)-                             + lookup('vars', autoscan_name + '_docker_devices_custom', default=autoscan_docker_devices_custom) }}"--# Hosts-autoscan_docker_hosts_default: {}-autoscan_docker_hosts_custom: {}-autoscan_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', autoscan_name + '_docker_hosts_default', default=autoscan_docker_hosts_default))-                           | combine(lookup('vars', autoscan_name + '_docker_hosts_custom', default=autoscan_docker_hosts_custom)) }}"+autoscan_role_docker_volumes_default:+  - "{{ autoscan_role_paths_location }}:/config"+autoscan_role_docker_volumes_custom: []+autoscan_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='autoscan')+                                  + lookup('role_var', '_docker_volumes_custom', role='autoscan') }}"  # Labels-autoscan_docker_labels_default:+autoscan_role_docker_labels_default:   - '{ "traefik.http.middlewares.{{ traefik_router }}-replacepathregex.replacepathregex.regex": "^/$" }'   - '{ "traefik.http.middlewares.{{ traefik_router }}-replacepathregex.replacepathregex.replacement": "/triggers/manual" }'   - '{ "traefik.http.routers.{{ traefik_router }}-triggers.entrypoints": "{{ traefik_entrypoint_websecure }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-triggers.service": "{{ traefik_router }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-triggers.rule": "Host(`{{ traefik_host }}`) && PathPrefix(`/triggers`)" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.priority": "{{ lookup("vars", traefik_role_var + "_traefik_priority", default=lookup("vars", role_name + "_traefik_priority", default="40")) }}" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.tls.certresolver": "{{ lookup("vars", traefik_role_var + "_traefik_certresolver", default=lookup("vars", role_name + "_traefik_certresolver", default=traefik_default_certresolver)) }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.priority": "{{ lookup("role_var", "_traefik_priority", role="autoscan", default="40") }}" }'+  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.tls.certresolver": "{{ lookup("role_var", "_traefik_certresolver", role="autoscan", default=traefik_default_certresolver) }}" }'   - '{ "traefik.http.routers.{{ traefik_router }}-triggers.tls.options": "securetls@file" }'-  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.middlewares": "{{ traefik_middleware | regex_replace(autoscan_traefik_regex_middleware_string) }}" }'-autoscan_docker_labels_custom: {}-autoscan_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', autoscan_name + '_docker_labels_default', default=autoscan_docker_labels_default))-                            | combine(lookup('vars', autoscan_name + '_docker_labels_custom', default=autoscan_docker_labels_custom)) }}"+  - '{ "traefik.http.routers.{{ traefik_router }}-triggers.middlewares": "{{ traefik_middleware | regex_replace(autoscan_role_traefik_regex_middleware_string) }}" }'+autoscan_role_docker_labels_custom: {}+autoscan_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='autoscan')+                                 | combine(lookup('role_var', '_docker_labels_custom', role='autoscan')) }}"  # Hostname-autoscan_docker_hostname: "{{ autoscan_name }}"--# Network Mode-autoscan_docker_network_mode_default: "{{ docker_networks_name_common }}"-autoscan_docker_network_mode: "{{ lookup('vars', autoscan_name + '_docker_network_mode_default', default=autoscan_docker_network_mode_default) }}"+autoscan_role_docker_hostname: "{{ autoscan_name }}"  # Networks-autoscan_docker_networks_alias: "{{ autoscan_name }}"-autoscan_docker_networks_default: []-autoscan_docker_networks_custom: []-autoscan_docker_networks: "{{ docker_networks_common-                              + lookup('vars', autoscan_name + '_docker_networks_default', default=autoscan_docker_networks_default)-                              + lookup('vars', autoscan_name + '_docker_networks_custom', default=autoscan_docker_networks_custom) }}"--# Capabilities-autoscan_docker_capabilities_default: []-autoscan_docker_capabilities_custom: []-autoscan_docker_capabilities: "{{ lookup('vars', autoscan_name + '_docker_capabilities_default', default=autoscan_docker_capabilities_default)-                                  + lookup('vars', autoscan_name + '_docker_capabilities_custom', default=autoscan_docker_capabilities_custom) }}"--# Security Opts-autoscan_docker_security_opts_default: []-autoscan_docker_security_opts_custom: []-autoscan_docker_security_opts: "{{ lookup('vars', autoscan_name + '_docker_security_opts_default', default=autoscan_docker_security_opts_default)-                                   + lookup('vars', autoscan_name + '_docker_security_opts_custom', default=autoscan_docker_security_opts_custom) }}"+autoscan_role_docker_networks_alias: "{{ autoscan_name }}"+autoscan_role_docker_networks_default: []+autoscan_role_docker_networks_custom: []+autoscan_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='autoscan')+                                   + lookup('role_var', '_docker_networks_custom', role='autoscan') }}"  # Restart Policy-autoscan_docker_restart_policy: unless-stopped+autoscan_role_docker_restart_policy: unless-stopped  # State-autoscan_docker_state: started+autoscan_role_docker_state: started

modified

roles/autoscan/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -21,7 +21,7 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Import Settings task-  ansible.builtin.import_tasks: "subtasks/settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"

modified

roles/autoscan/tasks/subtasks/settings.yml

@@ -7,12 +7,12 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Settings | Check if `{{ autoscan_paths_config_location | basename }}` exists+- name: Settings | Check if `{{ lookup('role_var', '_paths_config_location', role='autoscan') | basename }}` exists   ansible.builtin.stat:-    path: "{{ autoscan_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='autoscan') }}"   register: autoscan_config -- name: Settings | New `{{ autoscan_paths_config_location | basename }}` tasks+- name: Settings | New `{{ lookup('role_var', '_paths_config_location', role='autoscan') | basename }}` tasks   when: (not autoscan_config.stat.exists)   block:     - name: Settings | Get Instance Info@@ -21,10 +21,10 @@         get_info_list:           - plex -    - name: Settings | Import default `{{ autoscan_paths_config_location | basename }}`+    - name: Settings | Import default `{{ lookup('role_var', '_paths_config_location', role='autoscan') | basename }}`       ansible.builtin.template:         src: config.yml.j2-        dest: "{{ autoscan_paths_config_location }}"+        dest: "{{ lookup('role_var', '_paths_config_location', role='autoscan') }}"         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0664"

modified

roles/autoscan/templates/config.yml.j2

@@ -41,12 +41,12 @@        # rewrite inotify path to unified filesystem       rewrite:-        - from: ^/mnt/local/Media/+        - from: {{ '^' + server_local_folder_path }}/Media/           to: /mnt/unionfs/Media/        # Local filesystem paths to monitor       paths:-        - path: /mnt/local/Media+        - path: {{ server_local_folder_path }}/Media    sonarr: {% for instance in sonarr_instances %}

modified

roles/backup/defaults/main.yml

@@ -20,9 +20,21 @@ # Size Check ################################ -backup_size_exclude_folders:-  - "/opt/plex/Library/Application Support/Plex Media Server/Cache/PhotoTranscoder"-  - "/opt/plex/Library/Application Support/Plex Media Server/Cache/Transcode"+backup_size_exclude_folders: >-+  {{ (plex_instances | default(['plex'])+      | map('regex_replace', '^', server_appdata_path ~ '/')+      | map('regex_replace', '$', '/Library/Application Support/Plex Media Server/Cache/PhotoTranscoder')+      | list)+     + (plex_instances | default(['plex'])+      | map('regex_replace', '^', server_appdata_path ~ '/')+      | map('regex_replace', '$', '/Library/Application Support/Plex Media Server/Cache/Transcode')+      | list) }}++################################+# Backup Excludes+################################++backup_excludes_list_extra: []  ################################ # Notifications@@ -57,5 +69,5 @@ ################################  snapshot_type: ""-backup_opt_path: "/opt/"+backup_opt_path: "{{ server_appdata_path }}/" use_snapshot: false

modified

roles/backup/tasks/main.yml

@@ -22,6 +22,11 @@           - "Backup Role cannot run without a tag."           - "Use backup or backup2 tag." +- name: Import cloudplow role variables+  ansible.builtin.include_tasks: "{{ resources_tasks_path }}/variables/import_role_vars.yml"+  vars:+    import_role_name: cloudplow+ - name: Backup   block:     - name: "Set 'backup_success' variable"@@ -29,10 +34,10 @@         backup_success: false      - name: Sanity Check-      ansible.builtin.import_tasks: "sanity_check.yml"+      ansible.builtin.include_tasks: "sanity_check.yml"      - name: Variables-      ansible.builtin.import_tasks: "variables.yml"+      ansible.builtin.include_tasks: "variables.yml"       tags:         - set-backup         - unset-backup@@ -41,14 +46,14 @@         - wipe-restore-service      - name: Import Restore Service Cleanup-      ansible.builtin.import_tasks: "wipe_restore_service.yml"+      ansible.builtin.include_tasks: "wipe_restore_service.yml"       when: ('wipe-restore-service' in ansible_run_tags) and not ('backup' in ansible_run_tags)       tags:         - wipe-restore-service      - name: Cron-      ansible.builtin.import_tasks: "cron.yml"-      when: (['set-backup', 'unset-backup'] | intersect(ansible_run_tags)) and not ('backup' in ansible_run_tags)+      ansible.builtin.include_tasks: "cron.yml"+      when: ((['set-backup', 'unset-backup'] | intersect(ansible_run_tags)) | length > 0) and not ('backup' in ansible_run_tags)       tags:         - set-backup         - unset-backup@@ -62,7 +67,7 @@         start_time: "{{ start_time_lookup.stdout }}"      - name: Snapshot-      ansible.builtin.import_tasks: "snapshot.yml"+      ansible.builtin.include_tasks: "snapshot.yml"      - name: "Notify | Saltbox Backup: Started Saltbox backup task"       ansible.builtin.include_role:@@ -120,12 +125,12 @@         - "/home/{{ user.name }}/logs"         - "{{ backup.local.destination }}"         - "{{ backup.local.destination }}/opt"-        - "/opt/systemd-backup"-        - "/opt/crontab-backup"+        - "{{ server_appdata_path }}/systemd-backup"+        - "{{ server_appdata_path }}/crontab-backup"      # Check if there is enough space in the local backup destination-    - name: Get size of opt folder-      ansible.builtin.shell: "du -sk /opt || true"+    - name: Get size of {{ server_appdata_path }} folder+      ansible.builtin.shell: "du -sk {{ server_appdata_path }} || true"       register: estimated_backup_size      - name: Check existence of exclude folders@@ -227,21 +232,31 @@         force: true       when: backup_excludes_list.stat.exists +    - name: "Render default 'backup_excludes_list.txt'"+      ansible.builtin.template:+        src: "backup_excludes_list.txt.j2"+        dest: "/tmp/backup_excludes_list.txt"+        owner: "{{ user.name }}"+        group: "{{ user.name }}"+        mode: "0664"+        force: true+      when: not backup_excludes_list.stat.exists+     - name: Set 'backup_excludes_list_path' variable       ansible.builtin.set_fact:         backup_excludes_list_path: "{{           (playbook_dir + '/backup_excludes_list.txt')           if ((backup_excludes_list is defined) and (backup_excludes_list.stat.exists))-          else (playbook_dir + '/roles/backup/files/backup_excludes_list.txt') }}"+          else '/tmp/backup_excludes_list.txt' }}"      - name: Saltbox Restore Service-      ansible.builtin.import_tasks: "restore_service.yml"+      ansible.builtin.include_tasks: "restore_service.yml"       when: restore_service_enabled       tags:         - restore-service         - saltbox-restore-service -    - name: "Synchronize '/etc/systemd/system' to '/opt/systemd-backup' for inclusion in backup"+    - name: "Synchronize '/etc/systemd/system' to '{{ server_appdata_path }}/systemd-backup' for inclusion in backup"       ansible.builtin.shell: |         /usr/bin/rsync \           --delay-updates \@@ -254,13 +269,13 @@           --exclude='saltbox_managed_*' \           --include='*.service' \           --include='*.mount' \-          /etc/systemd/system/* /opt/systemd-backup/+          /etc/systemd/system/* {{ server_appdata_path }}/systemd-backup/       args:         executable: /bin/bash       ignore_errors: true -    - name: "Copying crontabs to '/opt/crontab-backup' for inclusion in backup"-      ansible.builtin.shell: "cp -f /var/spool/cron/crontabs/* /opt/crontab-backup"+    - name: "Copying crontabs to '{{ server_appdata_path }}/crontab-backup' for inclusion in backup"+      ansible.builtin.shell: "cp -f /var/spool/cron/crontabs/* {{ server_appdata_path }}/crontab-backup"       ignore_errors: true      - name: "Reset permissions of folders"@@ -272,61 +287,84 @@         mode: "0775"         recurse: true       with_items:-        - "/opt/systemd-backup"-        - "/opt/crontab-backup"--    # Stop Containers--    - name: "Gather list of running Docker containers"-      ansible.builtin.shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' --filter label=com.github.saltbox.saltbox_managed=true | xargs echo -n"-      register: docker_containers-      ignore_errors: true--    - name: Set 'docker_containers' variable-      ansible.builtin.set_fact:-        docker_containers: "{{ docker_containers.stdout if (docker_containers is success) else '' }}"--    - name: Docker container tasks-      when: (docker_containers | trim | length > 0)+        - "{{ server_appdata_path }}/systemd-backup"+        - "{{ server_appdata_path }}/crontab-backup"++    - name: Populate Service Facts+      ansible.builtin.service_facts:++    - name: Set docker_service_running+      ansible.builtin.set_fact:+        docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"++    - name: Stop Docker Container Tasks+      when: docker_service_running       block:-        - name: Convert Docker containers string into a list+        - name: "Gather Docker container information"+          community.docker.docker_host_info:+            containers: true+            containers_filters:+              label:+                - "com.github.saltbox.saltbox_managed=true"+              status:+                - "running"+          register: docker_info++        - name: Extract and process container names           ansible.builtin.set_fact:-            docker_containers: "{{ docker_containers.split() | reject('in', gluetun_instances | default(['gluetun'])) | sort }}"--        - name: Filter out ignored apps from Docker containers list+            docker_containers: "{{ docker_info.containers | map(attribute='Names') | map('first') | map('regex_replace', '^/', '') | reject('in', gluetun_instances | default(['gluetun'])) | sort }}"+          when:+            - (docker_info is success)+            - (docker_info.containers is defined)+            - (docker_info.containers | length > 0)++        - name: Set empty list if no containers found           ansible.builtin.set_fact:-            docker_containers: "{{ docker_containers | difference(reverse_proxy_apps + torrent_apps + backup_ignore_containers) }}"-            ignore_containers: "{{ reverse_proxy_apps + torrent_apps + backup_ignore_containers }}"--        - name: Convert Docker containers list back to string-          ansible.builtin.set_fact:-            docker_containers_string: "{{ docker_containers | join(' ') }}"-            ignore_query_string: >--              {% if docker_containers | length > 0 and ignore_containers | length > 0 %}-                {%- set ignore_params = [] -%}-                {% for container in ignore_containers %}-                  {%- set _ = ignore_params.append('ignore=' ~ container) -%}-                {%- endfor -%}-                {{ ignore_params | join('&') }}-              {%- else -%}-              {% endif %}--        - name: Stop Saltbox Docker containers-          ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_saltbox_docker_containers.yml"-          vars:-            _query_var: "{{ '?' + ignore_query_string if (ignore_query_string | length > 0) else '' }}"--        - name: "Stop all running Docker containers"-          ansible.builtin.shell: "docker stop {{ docker_containers_string }}"-          ignore_errors: true-          when: (docker_containers_string | trim | length > 0)--        - name: "Notify | Saltbox Backup: Stopped Docker containers"-          ansible.builtin.include_role:-            name: notify-          vars:-            message: "{{ backup_instance }} Backup: Stopped Docker containers."-          when: backup_notify_stop_docker_containers+            docker_containers: []+          when: (docker_info is not success) or (docker_info.containers is not defined) or (docker_info.containers | length == 0)++        - name: Docker container tasks+          when: (docker_containers | length > 0)+          block:+            - name: Build list of containers to ignore+              ansible.builtin.set_fact:+                ignore_containers: "{{ reverse_proxy_apps + torrent_apps + backup_ignore_containers }}"++            - name: Filter out ignored apps from Docker containers list+              ansible.builtin.set_fact:+                docker_containers: "{{ docker_containers | difference(ignore_containers) }}"++            - name: Convert Docker containers list back to string+              ansible.builtin.set_fact:+                docker_containers_string: "{{ docker_containers | join(' ') }}"+                ignore_query_string: >-+                  {% if docker_containers | length > 0 and ignore_containers | length > 0 %}+                    {%- set ignore_params = [] -%}+                    {% for container in ignore_containers %}+                      {%- set _ = ignore_params.append('ignore=' ~ container) -%}+                    {%- endfor -%}+                    {{ ignore_params | join('&') }}+                  {%- else -%}+                  {% endif %}++            - name: Stop Saltbox Docker containers+              ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_saltbox_docker_containers.yml"+              vars:+                _query_var: "{{ '?' + ignore_query_string+                            if (ignore_query_string | length > 0)+                            else '' }}"++            - name: "Stop all running Docker containers"+              ansible.builtin.shell: "docker stop {{ docker_containers_string }}"+              ignore_errors: true+              when: (docker_containers_string | trim | length > 0)++            - name: "Notify | Saltbox Backup: Stopped Docker containers"+              ansible.builtin.include_role:+                name: notify+              vars:+                message: "{{ backup_instance }} Backup: Stopped Docker containers."+              when: backup_notify_stop_docker_containers      # Custom User Files @@ -342,16 +380,11 @@         - "{{ backup_user_defined_files }}"       when: (backup_user_defined_files | length > 0) -    # Services--    - name: Populate Service Facts-      ansible.builtin.service_facts:--      # Stop Cloudplow+    # Stop Cloudplow      - name: Check if 'cloudplow.service' exists       ansible.builtin.stat:-        path: "/etc/systemd/system/cloudplow.service"+        path: "/etc/systemd/system/{{ cloudplow_service_name }}.service"       register: cloudplow_service      - name: Stop 'cloudplow' service block@@ -359,11 +392,11 @@       block:         - name: Get 'cloudplow' service state           ansible.builtin.set_fact:-            cloudplow_service_running: "{{ (services['cloudplow.service'] is defined) and (services['cloudplow.service']['state'] == 'running') }}"+            cloudplow_service_running: "{{ (ansible_facts['services'][cloudplow_service_name + '.service'] is defined) and (ansible_facts['services'][cloudplow_service_name + '.service']['state'] == 'running') }}"          - name: Stop 'cloudplow' service           ansible.builtin.systemd_service:-            name: cloudplow+            name: "{{ cloudplow_service_name }}"             state: stopped           when: cloudplow_service_running @@ -391,7 +424,7 @@     # Start Docker containers when snapshot is enabled      - name: Snapshot | Start Docker containers-      when: use_snapshot+      when: docker_service_running and use_snapshot       block:         - name: "Snapshot | Wait for 5 seconds before starting Docker containers"           ansible.builtin.wait_for:@@ -510,7 +543,7 @@     # Start Docker containers when snapshot is not enabled      - name: Start Docker Containers-      when: (not use_snapshot)+      when: docker_service_running and (not use_snapshot)       block:         - name: "Wait for 5 seconds before starting Docker containers"           ansible.builtin.wait_for:@@ -535,7 +568,7 @@     - name: "Wait for 10 seconds before uploads"       ansible.builtin.wait_for:         timeout: 10-      when: backup.rclone.enable or backup.rsync.enable+      when: backup_rclone_enabled or backup_rsync_enabled      - name: "Reset folder ownership of '{{ backup.local.destination }}/'"       ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} {{ backup.local.destination }}/"@@ -561,7 +594,7 @@       become_user: "{{ user.name }}"       register: rclone_timestamp       ignore_errors: true-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: Define Archive List       ansible.builtin.set_fact:@@ -592,13 +625,13 @@       register: rclone_move       failed_when: rclone_move.rc > 3       ignore_errors: true-      when: backup.rclone.enable and (rclone_timestamp is defined) and ('Failed' not in rclone_timestamp.stderr)+      when: backup_rclone_enabled and (rclone_timestamp is defined) and ('Failed' not in rclone_timestamp.stderr)       loop: "{{ backup_archive_list + (backup_user_defined_files | map('basename') | list) }}"      - name: "Wait for 5 seconds before uploading"       ansible.builtin.wait_for:         timeout: 5-      when: backup.rclone.enable or backup.rsync.enable+      when: backup_rclone_enabled or backup_rsync_enabled      - name: "Use rclone to upload backup to '{{ backup.rclone.destination }}'"       ansible.builtin.shell: |@@ -608,21 +641,21 @@           {{ lookup('vars', 'backup_' + backup.rclone.template + '_template', default='') }} \           --stats=30s \           --bwlimit={{ backup_rclone_upload_speed_limit }} \-          {{ '--bind=' + ansible_default_ipv4.address if mounts.ipv4_only else '' }} \+          {{ '--bind=' + ansible_facts['default_ipv4']['address'] if rclone_mounts_ipv4_only else '' }} \           -vv \           --log-file='{{ playbook_dir }}/backup_rclone.log' \           '{{ backup.local.destination }}' '{{ backup.rclone.destination }}'       environment: "{{ backup_rclone_env }}"       become: true       become_user: "{{ user.name }}"-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: "Notify | Saltbox Backup: Rclone uploaded backup to '{{ backup.rclone.destination }}'"       ansible.builtin.include_role:         name: notify       vars:         message: "{{ backup_instance }} Backup: Rclone uploaded backup to '{{ backup.rclone.destination }}'."-      when: backup.rclone.enable and backup_notify_rclone_complete+      when: backup_rclone_enabled and backup_notify_rclone_complete      - name: "Use rsync to upload backup to '{{ backup.rsync.destination }}'"       ansible.posix.synchronize:@@ -633,14 +666,14 @@         dest_port: "{{ backup.rsync.port }}"       become: true       become_user: "{{ user.name }}"-      when: backup.rsync.enable+      when: backup_rsync_enabled      - name: "Notify | Saltbox Backup: Rsync uploaded backup to '{{ backup.rsync.destination }}'"       ansible.builtin.include_role:         name: notify       vars:         message: "{{ backup_instance }} Backup: Rsync uploaded backup to '{{ backup.rsync.destination }}'."-      when: backup.rsync.enable and backup_notify_rsync_complete+      when: backup_rsync_enabled and backup_notify_rsync_complete      - name: Get Current Time       ansible.builtin.shell: "date \"+%s\""@@ -662,7 +695,7 @@      - name: "Start 'cloudplow' service"       ansible.builtin.systemd_service:-        name: cloudplow+        name: "{{ cloudplow_service_name }}"         state: started       when: (cloudplow_service is defined) and cloudplow_service.stat.exists and cloudplow_service_running @@ -670,7 +703,7 @@       ansible.builtin.file:         path: "{{ backup.local.destination }}"         state: absent-      when: (dir_files2.matched | int != 0) and (not backup.local.enable)+      when: (dir_files2.matched | int != 0) and (not backup_local_enabled)      - name: "Set 'backup_success' variable"       ansible.builtin.set_fact:@@ -709,7 +742,7 @@       ignore_errors: true      - name: Start Docker Containers-      when: (not use_snapshot)+      when: docker_service_running and (not use_snapshot)       block:         - name: "Wait for 5 seconds before starting Docker containers"           ansible.builtin.wait_for:@@ -726,7 +759,7 @@      - name: "Start 'cloudplow' service"       ansible.builtin.systemd_service:-        name: cloudplow+        name: "{{ cloudplow_service_name }}"         state: started       when: (cloudplow_service is defined) and cloudplow_service.stat.exists and cloudplow_service_running @@ -751,7 +784,7 @@       ignore_errors: true  - name: Backup Cleanup Block-  when: backup.rclone.enable and backup_cleanup_enabled and backup_success+  when: backup_rclone_enabled and backup_cleanup_enabled and backup_success   block:     - name: Determine number of existing backups       ansible.builtin.shell: >

modified

roles/backup/tasks/restore_service.yml

@@ -123,7 +123,7 @@           {{ files_upload.results | selectattr('stdout', 'search', 'too large') | map(attribute='item')           | map('regex_replace', '^/tmp/restore_service/|.enc$', '') | list | sort(case_sensitive=False) | join(', ') }} -    - name: Restore Service | Print error mesage when config file(s) were too large to upload+    - name: Restore Service | Print error message when config file(s) were too large to upload       ansible.builtin.debug:         msg: "The following encrypted config file(s) were too large to upload to the Saltbox Restore Service: '{{ files_too_large_to_upload_list | trim }}'"       when: (files_too_large_to_upload_list | trim | length > 0)

modified

roles/backup/tasks/sanity_check.yml

@@ -15,7 +15,7 @@ # Age in hours - name: "Get age of 'backup.lock' file"   ansible.builtin.set_fact:-    backup_lock_age: "{{ ((ansible_date_time.epoch | float - backup_lock.stat.mtime) / 3600) | int }}"+    backup_lock_age: "{{ ((ansible_facts['date_time']['epoch'] | float - backup_lock.stat.mtime) / 3600) | int }}"   when: backup_lock.stat.exists  # Delete if older than 2 hours.

modified

roles/backup/tasks/snapshot.yml

@@ -10,22 +10,22 @@ - name: "Snapshot | Determine '/' filesystem type"   ansible.builtin.set_fact:     root_fstype: "{{ item.fstype }}"-  when: backup.misc.snapshot and (item.mount == '/')+  when: backup_snapshot_enabled and (item.mount == '/')   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}" -- name: "Snapshot | Determine '/opt' filesystem type"+- name: "Snapshot | Determine '{{ server_appdata_path }}' filesystem type"   ansible.builtin.set_fact:     opt_fstype: "{{ item.fstype }}"-  when: backup.misc.snapshot and (item.mount == '/opt')+  when: backup_snapshot_enabled and (item.mount == server_appdata_path)   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}"  # BTRFS  - name: Snapshot | BTRFS specific tasks   when:-    - backup.misc.snapshot+    - backup_snapshot_enabled     - ((root_fstype is defined) and (root_fstype == 'btrfs')) or ((opt_fstype is defined) and (opt_fstype == 'btrfs'))   block:     - name: "Snapshot | Set general BTRFS variables"@@ -37,14 +37,14 @@       ansible.builtin.set_fact:         backup_snapshot_source_path: "/"         backup_snapshot_destination_path: "/btrfs/snapshots/root"-        backup_opt_path: "/btrfs/snapshots/root/opt/"+        backup_opt_path: "/btrfs/snapshots/root{{ server_appdata_path }}/"       when: (root_fstype is defined) and (root_fstype == 'btrfs') -    - name: "Snapshot | Set '/opt' BTRFS variables"+    - name: "Snapshot | Set '{{ server_appdata_path }}' BTRFS variables"       ansible.builtin.set_fact:-        backup_snapshot_source_path: "/opt"-        backup_snapshot_destination_path: "/opt/snapshots/opt"-        backup_opt_path: "/opt/snapshots/opt/"+        backup_snapshot_source_path: "{{ server_appdata_path }}"+        backup_snapshot_destination_path: "{{ server_appdata_path }}/snapshots/opt"+        backup_opt_path: "{{ server_appdata_path }}/snapshots/opt/"       when: (opt_fstype is defined) and (opt_fstype == 'btrfs')      - name: Snapshot | Check if BTRFS snapshot is mounted

modified

roles/backup2/tasks/main.yml

@@ -7,6 +7,11 @@ #                   GNU General Public License v3.0                     # ######################################################################### ---+- name: Import cloudplow role variables+  ansible.builtin.include_tasks: "{{ resources_tasks_path }}/variables/import_role_vars.yml"+  vars:+    import_role_name: cloudplow+ - name: Backup   block:     - name: "Set 'backup2_success' variable"@@ -14,10 +19,10 @@         backup2_success: false      - name: Sanity Check-      ansible.builtin.import_tasks: "sanity_check.yml"+      ansible.builtin.include_tasks: "sanity_check.yml"      - name: Variables-      ansible.builtin.import_tasks: "variables.yml"+      ansible.builtin.include_tasks: "variables.yml"       tags:         - set-backup2         - unset-backup2@@ -25,8 +30,8 @@         - saltbox-restore-service2      - name: Cron-      ansible.builtin.import_tasks: "cron.yml"-      when: (['set-backup2', 'unset-backup2'] | intersect(ansible_run_tags)) and not ('backup2' in ansible_run_tags)+      ansible.builtin.include_tasks: "cron.yml"+      when: ((['set-backup2', 'unset-backup2'] | intersect(ansible_run_tags)) | length > 0) and not ('backup2' in ansible_run_tags)       tags:         - set-backup2         - unset-backup2@@ -40,7 +45,7 @@         start_time: "{{ start_time_lookup.stdout }}"      - name: Snapshot-      ansible.builtin.import_tasks: "snapshot.yml"+      ansible.builtin.include_tasks: "snapshot.yml"      - name: "Notify | Saltbox Backup: Started Saltbox backup task"       ansible.builtin.include_role:@@ -97,8 +102,8 @@       with_items:         - "/home/{{ user.name }}/logs"         - "{{ backup.local.destination }}"-        - "/opt/systemd-backup"-        - "/opt/crontab-backup"+        - "{{ server_appdata_path }}/systemd-backup"+        - "{{ server_appdata_path }}/crontab-backup"      # Backup config files     - name: "Copy files to '{{ backup.local.destination }}'"@@ -136,21 +141,31 @@         force: true       when: backup_excludes_list.stat.exists +    - name: "Render default 'backup_excludes_list.txt'"+      ansible.builtin.template:+        src: "{{ playbook_dir }}/roles/backup/templates/backup_excludes_list.txt.j2"+        dest: "/tmp/backup2_excludes_list.txt"+        owner: "{{ user.name }}"+        group: "{{ user.name }}"+        mode: "0664"+        force: true+      when: not backup_excludes_list.stat.exists+     - name: Set 'backup_excludes_list_path' variable       ansible.builtin.set_fact:         backup_excludes_list_path: "{{           (playbook_dir + '/backup_excludes_list.txt')           if ((backup_excludes_list is defined) and backup_excludes_list.stat.exists)-          else (playbook_dir + '/roles/backup2/files/backup_excludes_list.txt') }}"+          else '/tmp/backup2_excludes_list.txt' }}"      - name: saltbox Restore Service-      ansible.builtin.import_tasks: "restore_service.yml"+      ansible.builtin.include_tasks: "restore_service.yml"       when: restore_service_enabled       tags:         - restore-service2         - saltbox-restore-service2 -    - name: "Synchronize '/etc/systemd/system' to '/opt/systemd-backup' for inclusion in backup"+    - name: "Synchronize '/etc/systemd/system' to '{{ server_appdata_path }}/systemd-backup' for inclusion in backup"       ansible.builtin.shell: |         /usr/bin/rsync \           --delay-updates \@@ -163,13 +178,13 @@           --exclude='saltbox_managed_*' \           --include='*.service' \           --include='*.mount' \-          /etc/systemd/system/* /opt/systemd-backup/+          /etc/systemd/system/* {{ server_appdata_path }}/systemd-backup/       args:         executable: /bin/bash       ignore_errors: true -    - name: "Copying crontabs to '/opt/crontab-backup' for inclusion in backup"-      ansible.builtin.shell: "cp -f /var/spool/cron/crontabs/* /opt/crontab-backup"+    - name: "Copying crontabs to '{{ server_appdata_path }}/crontab-backup' for inclusion in backup"+      ansible.builtin.shell: "cp -f /var/spool/cron/crontabs/* {{ server_appdata_path }}/crontab-backup"       ignore_errors: true      - name: "Reset permissions of folders"@@ -181,61 +196,84 @@         mode: "0775"         recurse: true       with_items:-        - "/opt/systemd-backup"-        - "/opt/crontab-backup"--    # Stop Containers--    - name: "Gather list of running Docker containers"-      ansible.builtin.shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' --filter label=com.github.saltbox.saltbox_managed=true | xargs echo -n"-      register: docker_containers-      ignore_errors: true--    - name: Set 'docker_containers' variable-      ansible.builtin.set_fact:-        docker_containers: "{{ docker_containers.stdout if (docker_containers is success) else '' }}"--    - name: Docker container tasks-      when: (docker_containers | trim | length > 0)-      block:-        - name: Convert Docker containers string into a list+        - "{{ server_appdata_path }}/systemd-backup"+        - "{{ server_appdata_path }}/crontab-backup"++    - name: Populate Service Facts+      ansible.builtin.service_facts:++    - name: Set docker_service_running+      ansible.builtin.set_fact:+        docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"++    - name: Stop Docker Container Tasks+      when: docker_service_running+      block:+        - name: "Gather Docker container information"+          community.docker.docker_host_info:+            containers: true+            containers_filters:+              label:+                - "com.github.saltbox.saltbox_managed=true"+              status:+                - "running"+          register: docker_info++        - name: Extract and process container names           ansible.builtin.set_fact:-            docker_containers: "{{ docker_containers.split() | reject('in', gluetun_instances | default(['gluetun'])) | sort }}"--        - name: Filter out ignored apps from Docker containers list+            docker_containers: "{{ docker_info.containers | map(attribute='Names') | map('first') | map('regex_replace', '^/', '') | reject('in', gluetun_instances | default(['gluetun'])) | sort }}"+          when:+            - (docker_info is success)+            - (docker_info.containers is defined)+            - (docker_info.containers | length > 0)++        - name: Set empty list if no containers found           ansible.builtin.set_fact:-            docker_containers: "{{ docker_containers | difference(reverse_proxy_apps + torrent_apps + backup_ignore_containers) }}"-            ignore_containers: "{{ reverse_proxy_apps + torrent_apps + backup_ignore_containers }}"--        - name: Convert Docker containers list back to string-          ansible.builtin.set_fact:-            docker_containers_string: "{{ docker_containers | join(' ') }}"-            ignore_query_string: >--              {% if docker_containers | length > 0 and ignore_containers | length > 0 %}-                {%- set ignore_params = [] -%}-                {% for container in ignore_containers %}-                  {%- set _ = ignore_params.append('ignore=' ~ container) -%}-                {%- endfor -%}-                {{ ignore_params | join('&') }}-              {%- else -%}-              {% endif %}--        - name: Stop Saltbox Docker containers-          ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_saltbox_docker_containers.yml"-          vars:-            _query_var: "{{ '?' + ignore_query_string if (ignore_query_string | length > 0) else '' }}"--        - name: "Stop all running Docker containers"-          ansible.builtin.shell: "docker stop {{ docker_containers_string }}"-          ignore_errors: true-          when: (docker_containers_string | trim | length > 0)--        - name: "Notify | Saltbox Backup: Stopped Docker containers"-          ansible.builtin.include_role:-            name: notify-          vars:-            message: "{{ backup_instance }} Backup: Stopped Docker containers."-          when: backup_notify_stop_docker_containers+            docker_containers: []+          when: (docker_info is not success) or (docker_info.containers is not defined) or (docker_info.containers | length == 0)++        - name: Docker container tasks+          when: (docker_containers | length > 0)+          block:+            - name: Build list of containers to ignore+              ansible.builtin.set_fact:+                ignore_containers: "{{ reverse_proxy_apps + torrent_apps + backup2_ignore_containers }}"++            - name: Filter out ignored apps from Docker containers list+              ansible.builtin.set_fact:+                docker_containers: "{{ docker_containers | difference(ignore_containers) }}"++            - name: Convert Docker containers list back to string+              ansible.builtin.set_fact:+                docker_containers_string: "{{ docker_containers | join(' ') }}"+                ignore_query_string: >-+                  {% if docker_containers | length > 0 and ignore_containers | length > 0 %}+                    {%- set ignore_params = [] -%}+                    {% for container in ignore_containers %}+                      {%- set _ = ignore_params.append('ignore=' ~ container) -%}+                    {%- endfor -%}+                    {{ ignore_params | join('&') }}+                  {%- else -%}+                  {% endif %}++            - name: Stop Saltbox Docker containers+              ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_saltbox_docker_containers.yml"+              vars:+                _query_var: "{{ '?' + ignore_query_string+                            if (ignore_query_string | length > 0)+                            else '' }}"++            - name: "Stop all running Docker containers"+              ansible.builtin.shell: "docker stop {{ docker_containers_string }}"+              ignore_errors: true+              when: (docker_containers_string | trim | length > 0)++            - name: "Notify | Saltbox Backup: Stopped Docker containers"+              ansible.builtin.include_role:+                name: notify+              vars:+                message: "{{ backup_instance }} Backup: Stopped Docker containers."+              when: backup_notify_stop_docker_containers      # Custom User Files @@ -252,16 +290,11 @@       ignore_errors: true       when: (backup2_user_defined_files | length > 0) -    # Services--    - name: Populate Service Facts-      ansible.builtin.service_facts:--      # Stop Cloudplow+    # Stop Cloudplow      - name: Check if 'cloudplow.service' exists       ansible.builtin.stat:-        path: "/etc/systemd/system/cloudplow.service"+        path: "/etc/systemd/system/{{ cloudplow_service_name }}.service"       register: cloudplow_service      - name: Stop 'cloudplow' service block@@ -269,18 +302,18 @@       block:         - name: Get 'cloudplow' service state           ansible.builtin.set_fact:-            cloudplow_service_running: "{{ (services['cloudplow.service'] is defined) and (services['cloudplow.service']['state'] == 'running') }}"+            cloudplow_service_running: "{{ (ansible_facts['services'][cloudplow_service_name + '.service'] is defined) and (ansible_facts['services'][cloudplow_service_name + '.service']['state'] == 'running') }}"          - name: Stop 'cloudplow' service           ansible.builtin.systemd_service:-            name: cloudplow+            name: "{{ cloudplow_service_name }}"             state: stopped           when: cloudplow_service_running      # Create snapshot      - name: Create Snapshot-      when: use_snapshot+      when: docker_service_running and use_snapshot       block:         - name: "Snapshot | Wait for 5 seconds before creating snapshot"           ansible.builtin.wait_for:@@ -353,7 +386,7 @@       become_user: "{{ user.name }}"       register: rclone_timestamp       ignore_errors: true-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: Define Archive List       ansible.builtin.set_fact:@@ -384,7 +417,7 @@       register: rclone_move       failed_when: rclone_move.rc > 3       ignore_errors: true-      when: backup.rclone.enable and (rclone_timestamp is defined) and ('Failed' not in rclone_timestamp.stderr)+      when: backup_rclone_enabled and (rclone_timestamp is defined) and ('Failed' not in rclone_timestamp.stderr)       loop: "{{ backup_archive_list + (backup2_user_defined_files | map('basename') | list) }}"      - name: "Use rclone to upload backup to '{{ backup.rclone.destination }}'"@@ -393,7 +426,7 @@       environment: "{{ backup2_rclone_env }}"       become: true       become_user: "{{ user.name }}"-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: "Wait for 5 seconds before uploading"       ansible.builtin.wait_for:@@ -412,14 +445,14 @@       environment: "{{ backup2_rclone_env }}"       become: true       become_user: "{{ user.name }}"-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: "Run items asynchronously in batches of {{ backup2_async_batch_size }} items"       ansible.builtin.include_tasks: upload.yml       vars:         folders: "{{ item }}"       loop: "{{ opt_folders | batch(backup2_async_batch_size | int) | list }}"-      when: backup.rclone.enable+      when: backup_rclone_enabled      - name: Cleanup sync cache # noqa args[module]       ansible.builtin.async_status:@@ -436,7 +469,7 @@         name: notify       vars:         message: "{{ backup_instance }} Backup: Rclone uploaded backup to '{{ backup.rclone.destination }}'."-      when: backup.rclone.enable and backup_notify_rclone_complete+      when: backup_rclone_enabled and backup_notify_rclone_complete      - name: Snapshot | Cleanup Tasks       when: use_snapshot and (snapshot_type == 'btrfs')@@ -464,7 +497,7 @@     # Start Docker containers when snapshot is not enabled      - name: Start Docker Containers-      when: (not use_snapshot)+      when: docker_service_running and (not use_snapshot)       block:         - name: "Wait for 5 seconds before starting Docker containers"           ansible.builtin.wait_for:@@ -524,7 +557,7 @@      - name: "Start 'cloudplow' service"       ansible.builtin.systemd_service:-        name: cloudplow+        name: "{{ cloudplow_service_name }}"         state: started       when: (cloudplow_service is defined) and (cloudplow_service.stat.exists) and (cloudplow_service_running) @@ -561,7 +594,7 @@               when: (snapshot_deletion is failed)      - name: Start Docker Containers-      when: (not use_snapshot)+      when: docker_service_running and (not use_snapshot)       block:         - name: "Wait for 5 seconds before starting Docker containers"           ansible.builtin.wait_for:@@ -578,7 +611,7 @@      - name: "Start 'cloudplow' service"       ansible.builtin.systemd_service:-        name: cloudplow+        name: "{{ cloudplow_service_name }}"         state: started       when: (cloudplow_service is defined) and cloudplow_service.stat.exists and cloudplow_service_running @@ -602,7 +635,7 @@       ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} '/home/{{ user.name }}/logs/'"  - name: Backup Cleanup Block-  when: backup.rclone.enable and backup2_cleanup_enabled and backup2_success+  when: backup_rclone_enabled and backup2_cleanup_enabled and backup2_success   block:     - name: Determine number of existing backups       ansible.builtin.shell: >

modified

roles/backup2/tasks/restore_service.yml

@@ -10,7 +10,7 @@ - name: Restore Service | Install 'curl'   ansible.builtin.apt:     name: curl-    state: present+    state: latest  - name: Restore Service | Set variables   ansible.builtin.set_fact:@@ -123,7 +123,7 @@           {{ files_upload.results | selectattr('stdout', 'search', 'too large') | map(attribute='item')           | map('regex_replace', '^/tmp/restore_service/|.enc$', '') | list | sort(case_sensitive=False) | join(', ') }} -    - name: Restore Service | Print error mesage when config file(s) were too large to upload+    - name: Restore Service | Print error message when config file(s) were too large to upload       ansible.builtin.debug:         msg: "The following encrypted config file(s) were too large to upload to the Saltbox Restore Service: '{{ files_too_large_to_upload_list | trim }}'"       when: (files_too_large_to_upload_list | trim | length > 0)

modified

roles/backup2/tasks/sanity_check.yml

@@ -15,7 +15,7 @@ # Age in hours - name: "Get age of 'backup.lock' file"   ansible.builtin.set_fact:-    backup_lock_age: "{{ ((ansible_date_time.epoch | float - backup_lock.stat.mtime) / 3600) | int }}"+    backup_lock_age: "{{ ((ansible_facts['date_time']['epoch'] | float - backup_lock.stat.mtime) / 3600) | int }}"   when: backup_lock.stat.exists  # Delete if older than 2 hours.

modified

roles/backup2/tasks/snapshot.yml

@@ -10,22 +10,22 @@ - name: "Snapshot | Determine '/' filesystem type"   ansible.builtin.set_fact:     root_fstype: "{{ item.fstype }}"-  when: backup.misc.snapshot and (item.mount == '/')+  when: backup_snapshot_enabled and (item.mount == '/')   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}" -- name: "Snapshot | Determine '/opt' filesystem type"+- name: "Snapshot | Determine '{{ server_appdata_path }}' filesystem type"   ansible.builtin.set_fact:     opt_fstype: "{{ item.fstype }}"-  when: backup.misc.snapshot and (item.mount == '/opt')+  when: backup_snapshot_enabled and (item.mount == server_appdata_path)   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}"  # BTRFS  - name: Snapshot | BTRFS specific tasks   when:-    - backup.misc.snapshot+    - backup_snapshot_enabled     - ((root_fstype is defined) and (root_fstype == 'btrfs')) or ((opt_fstype is defined) and (opt_fstype == 'btrfs'))   block:     - name: "Snapshot | Set general BTRFS variables"@@ -37,14 +37,14 @@       ansible.builtin.set_fact:         backup_snapshot_source_path: "/"         backup_snapshot_destination_path: "/btrfs/snapshots/root"-        backup_opt_path: "/btrfs/snapshots/root/opt/"+        backup_opt_path: "/btrfs/snapshots/root{{ server_appdata_path }}/"       when: (root_fstype is defined) and (root_fstype == 'btrfs') -    - name: "Snapshot | Set '/opt' BTRFS variables"+    - name: "Snapshot | Set '{{ server_appdata_path }}' BTRFS variables"       ansible.builtin.set_fact:-        backup_snapshot_source_path: "/opt"-        backup_snapshot_destination_path: "/opt/snapshots/opt"-        backup_opt_path: "/opt/snapshots/opt/"+        backup_snapshot_source_path: "{{ server_appdata_path }}"+        backup_snapshot_destination_path: "{{ server_appdata_path }}/snapshots/opt"+        backup_opt_path: "{{ server_appdata_path }}/snapshots/opt/"       when: (opt_fstype is defined) and (opt_fstype == 'btrfs')      - name: Snapshot | Check if BTRFS snapshot is mounted

modified

roles/backup2/tasks/upload.yml

@@ -11,7 +11,7 @@       {{ "--user-agent='" + backup2_user_agent + "'" if (backup2_user_agent | length > 0) else "" }} \       {{ lookup('vars', 'backup2_' + backup.rclone.template + '_template', default='') }} \       --stats=30s \-      {{ '--bind=' + ansible_default_ipv4.address if mounts.ipv4_only else '' }} \+      {{ '--bind=' + ansible_facts['default_ipv4']['address'] if rclone_mounts_ipv4_only else '' }} \       --bwlimit={{ backup2_rclone_upload_speed_limit }} \       -vv \       --log-file='{{ playbook_dir }}/backup_rclone.log' \

modified

roles/bazarr/defaults/main.yml

@@ -17,158 +17,115 @@ # Paths ################################ -bazarr_paths_folder: "{{ bazarr_name }}"-bazarr_paths_location: "{{ server_appdata_path }}/{{ bazarr_paths_folder }}"-bazarr_paths_folders_list:-  - "{{ bazarr_paths_location }}"+bazarr_role_paths_folder: "{{ bazarr_name }}"+bazarr_role_paths_location: "{{ server_appdata_path }}/{{ bazarr_role_paths_folder }}"+bazarr_role_paths_folders_list:+  - "{{ bazarr_role_paths_location }}"  ################################ # Web ################################ -bazarr_web_subdomain: "{{ bazarr_name }}"-bazarr_web_domain: "{{ user.domain }}"-bazarr_web_port: "6767"-bazarr_web_url: "{{ 'https://' + (lookup('vars', bazarr_name + '_web_subdomain', default=bazarr_web_subdomain) + '.' + lookup('vars', bazarr_name + '_web_domain', default=bazarr_web_domain)-                 if (lookup('vars', bazarr_name + '_web_subdomain', default=bazarr_web_subdomain) | length > 0)-                 else lookup('vars', bazarr_name + '_web_domain', default=bazarr_web_domain)) }}"+bazarr_role_web_subdomain: "{{ bazarr_name }}"+bazarr_role_web_domain: "{{ user.domain }}"+bazarr_role_web_port: "6767"+bazarr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='bazarr') + '.' + lookup('role_var', '_web_domain', role='bazarr')+                      if (lookup('role_var', '_web_subdomain', role='bazarr') | length > 0)+                      else lookup('role_var', '_web_domain', role='bazarr')) }}"  ################################ # DNS ################################ -bazarr_dns_record: "{{ lookup('vars', bazarr_name + '_web_subdomain', default=bazarr_web_subdomain) }}"-bazarr_dns_zone: "{{ lookup('vars', bazarr_name + '_web_domain', default=bazarr_web_domain) }}"-bazarr_dns_proxy: "{{ dns.proxied }}"+bazarr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='bazarr') }}"+bazarr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='bazarr') }}"+bazarr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -bazarr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-bazarr_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',themepark-' + lookup('vars', bazarr_name + '_name', default=bazarr_name)-                                         if (bazarr_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-bazarr_traefik_middleware_custom: ""-bazarr_traefik_certresolver: "{{ traefik_default_certresolver }}"-bazarr_traefik_enabled: true-bazarr_traefik_api_enabled: true-bazarr_traefik_api_endpoint: "PathPrefix(`/api`)"+bazarr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+bazarr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + bazarr_name+                                              if (lookup('role_var', '_themepark_enabled', role='bazarr') and global_themepark_plugin_enabled)+                                              else '') }}"+bazarr_role_traefik_middleware_custom: ""+bazarr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+bazarr_role_traefik_enabled: true+bazarr_role_traefik_api_enabled: true+bazarr_role_traefik_api_endpoint: "PathPrefix(`/api`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-bazarr_themepark_enabled: false-bazarr_themepark_app: "bazarr"-bazarr_themepark_theme: "{{ global_themepark_theme }}"-bazarr_themepark_domain: "{{ global_themepark_domain }}"-bazarr_themepark_addons: []+bazarr_role_themepark_enabled: false+bazarr_role_themepark_app: "bazarr"+bazarr_role_themepark_theme: "{{ global_themepark_theme }}"+bazarr_role_themepark_domain: "{{ global_themepark_domain }}"+bazarr_role_themepark_addons: []  ################################ # Docker ################################  # Container-bazarr_docker_container: "{{ bazarr_name }}"+bazarr_role_docker_container: "{{ bazarr_name }}"  # Image-bazarr_docker_image_pull: true-bazarr_docker_image_repo: "ghcr.io/hotio/bazarr"-bazarr_docker_image_tag: "latest"-bazarr_docker_image: "{{ lookup('vars', bazarr_name + '_docker_image_repo', default=bazarr_docker_image_repo)-                         + ':' + lookup('vars', bazarr_name + '_docker_image_tag', default=bazarr_docker_image_tag) }}"--# Ports-bazarr_docker_ports_defaults: []-bazarr_docker_ports_custom: []-bazarr_docker_ports: "{{ lookup('vars', bazarr_name + '_docker_ports_defaults', default=bazarr_docker_ports_defaults)-                         + lookup('vars', bazarr_name + '_docker_ports_custom', default=bazarr_docker_ports_custom) }}"+bazarr_role_docker_image_pull: true+bazarr_role_docker_image_repo: "ghcr.io/hotio/bazarr"+bazarr_role_docker_image_tag: "latest"+bazarr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='bazarr') }}:{{ lookup('role_var', '_docker_image_tag', role='bazarr') }}"  # Envs-bazarr_docker_envs_default:+bazarr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-bazarr_docker_envs_custom: {}-bazarr_docker_envs: "{{ lookup('vars', bazarr_name + '_docker_envs_default', default=bazarr_docker_envs_default)-                        | combine(lookup('vars', bazarr_name + '_docker_envs_custom', default=bazarr_docker_envs_custom)) }}"--# Commands-bazarr_docker_commands_default: []-bazarr_docker_commands_custom: []-bazarr_docker_commands: "{{ lookup('vars', bazarr_name + '_docker_commands_default', default=bazarr_docker_commands_default)-                            + lookup('vars', bazarr_name + '_docker_commands_custom', default=bazarr_docker_commands_custom) }}"+bazarr_role_docker_envs_custom: {}+bazarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='bazarr')+                             | combine(lookup('role_var', '_docker_envs_custom', role='bazarr')) }}"  # Volumes-bazarr_docker_volumes_default:-  - "{{ bazarr_paths_location }}:/config"-  - "/opt/scripts:/scripts"-bazarr_docker_volumes_legacy:+bazarr_role_docker_volumes_default:+  - "{{ bazarr_role_paths_location }}:/config"+  - "{{ server_appdata_path }}/scripts:/scripts"+bazarr_role_docker_volumes_legacy:   - "/mnt/unionfs/Media/Movies:/movies"   - "/mnt/unionfs/Media/TV:/tv"-bazarr_docker_volumes_custom: []-bazarr_docker_volumes: "{{ lookup('vars', bazarr_name + '_docker_volumes_default', default=bazarr_docker_volumes_default)-                           + lookup('vars', bazarr_name + '_docker_volumes_custom', default=bazarr_docker_volumes_custom)-                           + (lookup('vars', bazarr_name + '_docker_volumes_legacy', default=bazarr_docker_volumes_legacy)-                             if docker_legacy_volume-                             else []) }}"--# Devices-bazarr_docker_devices_default: []-bazarr_docker_devices_custom: []-bazarr_docker_devices: "{{ lookup('vars', bazarr_name + '_docker_devices_default', default=bazarr_docker_devices_default)-                           + lookup('vars', bazarr_name + '_docker_devices_custom', default=bazarr_docker_devices_custom) }}"--# Hosts-bazarr_docker_hosts_default: {}-bazarr_docker_hosts_custom: {}-bazarr_docker_hosts: "{{ docker_hosts_common-                         | combine(lookup('vars', bazarr_name + '_docker_hosts_default', default=bazarr_docker_hosts_default))-                         | combine(lookup('vars', bazarr_name + '_docker_hosts_custom', default=bazarr_docker_hosts_custom)) }}"+bazarr_role_docker_volumes_custom: []+bazarr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='bazarr')+                                + lookup('role_var', '_docker_volumes_custom', role='bazarr')+                                + (lookup('role_var', '_docker_volumes_legacy', role='bazarr')+                                  if docker_legacy_volume+                                  else []) }}"  # Labels-bazarr_docker_labels_default: {}-bazarr_docker_labels_custom: {}-bazarr_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', bazarr_name + '_docker_labels_default', default=bazarr_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (bazarr_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', bazarr_name + '_docker_labels_custom', default=bazarr_docker_labels_custom)) }}"+bazarr_role_docker_labels_default: {}+bazarr_role_docker_labels_custom: {}+bazarr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='bazarr')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='bazarr') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='bazarr')) }}"  # Hostname-bazarr_docker_hostname: "{{ bazarr_name }}"--# Network Mode-bazarr_docker_network_mode_default: "{{ docker_networks_name_common }}"-bazarr_docker_network_mode: "{{ lookup('vars', bazarr_name + '_docker_network_mode_default', default=bazarr_docker_network_mode_default) }}"+bazarr_role_docker_hostname: "{{ bazarr_name }}"  # Networks-bazarr_docker_networks_alias: "{{ bazarr_name }}"-bazarr_docker_networks_default: []-bazarr_docker_networks_custom: []-bazarr_docker_networks: "{{ docker_networks_common-                            + lookup('vars', bazarr_name + '_docker_networks_default', default=bazarr_docker_networks_default)-                            + lookup('vars', bazarr_name + '_docker_networks_custom', default=bazarr_docker_networks_custom) }}"--# Capabilities-bazarr_docker_capabilities_default: []-bazarr_docker_capabilities_custom: []-bazarr_docker_capabilities: "{{ lookup('vars', bazarr_name + '_docker_capabilities_default', default=bazarr_docker_capabilities_default)-                                + lookup('vars', bazarr_name + '_docker_capabilities_custom', default=bazarr_docker_capabilities_custom) }}"--# Security Opts-bazarr_docker_security_opts_default: []-bazarr_docker_security_opts_custom: []-bazarr_docker_security_opts: "{{ lookup('vars', bazarr_name + '_docker_security_opts_default', default=bazarr_docker_security_opts_default)-                                 + lookup('vars', bazarr_name + '_docker_security_opts_custom', default=bazarr_docker_security_opts_custom) }}"+bazarr_role_docker_networks_alias: "{{ bazarr_name }}"+bazarr_role_docker_networks_default: []+bazarr_role_docker_networks_custom: []+bazarr_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='bazarr')+                                 + lookup('role_var', '_docker_networks_custom', role='bazarr') }}"  # Restart Policy-bazarr_docker_restart_policy: unless-stopped+bazarr_role_docker_restart_policy: unless-stopped  # State-bazarr_docker_state: started+bazarr_role_docker_state: started

modified

roles/bazarr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/btop/tasks/main.yml

@@ -50,7 +50,7 @@   ansible.builtin.shell: "bash /tmp/btop/btop/install.sh"   args:     chdir: "/tmp/btop/btop"-  become: yes+  become: true   become_user: "{{ user.name }}"  - name: "btop | Remove temp folder"

modified

roles/btrfsmaintenance/tasks/main.yml

@@ -12,14 +12,14 @@     root_fstype: "{{ item.fstype }}"   when: (item.mount == '/')   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}" -- name: "Determine '/opt' filesystem type"+- name: "Determine '{{ server_appdata_path }}' filesystem type"   ansible.builtin.set_fact:     opt_fstype: "{{ item.fstype }}"-  when: (item.mount == '/opt')+  when: (item.mount == server_appdata_path)   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}"  - name: "Setup btrfsmaintenance scripts"   when: ((root_fstype is defined) and (root_fstype == 'btrfs')) or ((opt_fstype is defined) and (opt_fstype == 'btrfs'))@@ -27,7 +27,7 @@     - name: "Install apt package"       ansible.builtin.apt:         name: "btrfsmaintenance"-        state: present+        state: latest      - name: "Change mountpoints to 'auto'"       ansible.builtin.lineinfile:@@ -55,5 +55,5 @@ # Check for no btrfs and exit - not working - name: "Exit if no btrfs partitions found"   ansible.builtin.debug:-    msg: "No btrfs partition found on / or /opt - exiting"+    msg: "No btrfs partition found on / or {{ server_appdata_path }} - exiting"   when: ((root_fstype is defined) and (root_fstype != 'btrfs')) and ((opt_fstype is defined) and (opt_fstype != 'btrfs'))

modified

roles/cadvisor/defaults/main.yml

@@ -16,123 +16,80 @@ # Web ################################ -cadvisor_web_subdomain: "{{ cadvisor_name }}"-cadvisor_web_domain: "{{ user.domain }}"-cadvisor_web_port: "8080"-cadvisor_web_url: "{{ 'https://' + (lookup('vars', cadvisor_name + '_web_subdomain', default=cadvisor_web_subdomain) + '.' + lookup('vars', cadvisor_name + '_web_domain', default=cadvisor_web_domain)-                   if (lookup('vars', cadvisor_name + '_web_subdomain', default=cadvisor_web_subdomain) | length > 0)-                   else lookup('vars', cadvisor_name + '_web_domain', default=cadvisor_web_domain)) }}"+cadvisor_role_web_subdomain: "{{ cadvisor_name }}"+cadvisor_role_web_domain: "{{ user.domain }}"+cadvisor_role_web_port: "8080"+cadvisor_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='cadvisor') + '.' + lookup('role_var', '_web_domain', role='cadvisor')+                        if (lookup('role_var', '_web_subdomain', role='cadvisor') | length > 0)+                        else lookup('role_var', '_web_domain', role='cadvisor')) }}"  ################################ # DNS ################################ -cadvisor_dns_record: "{{ lookup('vars', cadvisor_name + '_web_subdomain', default=cadvisor_web_subdomain) }}"-cadvisor_dns_zone: "{{ lookup('vars', cadvisor_name + '_web_domain', default=cadvisor_web_domain) }}"-cadvisor_dns_proxy: "{{ dns.proxied }}"+cadvisor_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='cadvisor') }}"+cadvisor_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='cadvisor') }}"+cadvisor_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -cadvisor_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-cadvisor_traefik_middleware_default: "{{ traefik_default_middleware }}"-cadvisor_traefik_middleware_custom: ""-cadvisor_traefik_certresolver: "{{ traefik_default_certresolver }}"-cadvisor_traefik_enabled: true-cadvisor_traefik_api_enabled: false-cadvisor_traefik_api_endpoint: ""+cadvisor_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+cadvisor_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+cadvisor_role_traefik_middleware_custom: ""+cadvisor_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+cadvisor_role_traefik_enabled: true+cadvisor_role_traefik_api_enabled: false+cadvisor_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-cadvisor_docker_container: "{{ cadvisor_name }}"+cadvisor_role_docker_container: "{{ cadvisor_name }}"  # Image-cadvisor_docker_image_pull: true-cadvisor_docker_image_tag: "latest"-cadvisor_docker_image: "gcr.io/cadvisor/cadvisor:{{ cadvisor_docker_image_tag }}"--# Ports-cadvisor_docker_ports_defaults: []-cadvisor_docker_ports_custom: []-cadvisor_docker_ports: "{{ cadvisor_docker_ports_defaults-                           + cadvisor_docker_ports_custom }}"+cadvisor_role_docker_image_pull: true+cadvisor_role_docker_image_repo: "gcr.io/cadvisor/cadvisor"+cadvisor_role_docker_image_tag: "latest"+cadvisor_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='cadvisor') }}:{{ lookup('role_var', '_docker_image_tag', role='cadvisor') }}"  # Envs-cadvisor_docker_envs_default:+cadvisor_role_docker_envs_default:   TZ: "{{ tz }}"-cadvisor_docker_envs_custom: {}-cadvisor_docker_envs: "{{ cadvisor_docker_envs_default-                          | combine(cadvisor_docker_envs_custom) }}"--# Commands-cadvisor_docker_commands_default: []-cadvisor_docker_commands_custom: []-cadvisor_docker_commands: "{{ cadvisor_docker_commands_default-                              + cadvisor_docker_commands_custom }}"+cadvisor_role_docker_envs_custom: {}+cadvisor_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='cadvisor')+                               | combine(lookup('role_var', '_docker_envs_custom', role='cadvisor')) }}"  # Volumes-cadvisor_docker_volumes_default:+cadvisor_role_docker_volumes_default:   - "/:/rootfs:ro"   - "/var/run:/var/run:ro"   - "/sys:/sys:ro"   - "/var/lib/docker/:/var/lib/docker:ro"   - "/dev/disk/:/dev/disk:ro"-cadvisor_docker_volumes_custom: []-cadvisor_docker_volumes: "{{ cadvisor_docker_volumes_default-                             + cadvisor_docker_volumes_custom }}"--# Devices-cadvisor_docker_devices_default: []-cadvisor_docker_devices_custom: []-cadvisor_docker_devices: "{{ cadvisor_docker_devices_default-                             + cadvisor_docker_devices_custom }}"--# Hosts-cadvisor_docker_hosts_default: {}-cadvisor_docker_hosts_custom: {}-cadvisor_docker_hosts: "{{ docker_hosts_common-                           | combine(cadvisor_docker_hosts_default)-                           | combine(cadvisor_docker_hosts_custom) }}"--# Labels-cadvisor_docker_labels_default: {}-cadvisor_docker_labels_custom: {}-cadvisor_docker_labels: "{{ docker_labels_common-                            | combine(cadvisor_docker_labels_default)-                            | combine(cadvisor_docker_labels_custom) }}"+cadvisor_role_docker_volumes_custom: []+cadvisor_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='cadvisor')+                                  + lookup('role_var', '_docker_volumes_custom', role='cadvisor') }}"  # Hostname-cadvisor_docker_hostname: "{{ cadvisor_name }}"+cadvisor_role_docker_hostname: "{{ cadvisor_name }}"  # Networks-cadvisor_docker_networks_alias: "{{ cadvisor_name }}"-cadvisor_docker_networks_default: []-cadvisor_docker_networks_custom: []-cadvisor_docker_networks: "{{ docker_networks_common-                              + cadvisor_docker_networks_default-                              + cadvisor_docker_networks_custom }}"--# Capabilities-cadvisor_docker_capabilities_default: []-cadvisor_docker_capabilities_custom: []-cadvisor_docker_capabilities: "{{ cadvisor_docker_capabilities_default-                                  + cadvisor_docker_capabilities_custom }}"--# Security Opts-cadvisor_docker_security_opts_default: []-cadvisor_docker_security_opts_custom: []-cadvisor_docker_security_opts: "{{ cadvisor_docker_security_opts_default-                                   + cadvisor_docker_security_opts_custom }}"+cadvisor_role_docker_networks_alias: "{{ cadvisor_name }}"+cadvisor_role_docker_networks_default: []+cadvisor_role_docker_networks_custom: []+cadvisor_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='cadvisor')+                                   + lookup('role_var', '_docker_networks_custom', role='cadvisor') }}"  # Restart Policy-cadvisor_docker_restart_policy: unless-stopped+cadvisor_role_docker_restart_policy: unless-stopped  # State-cadvisor_docker_state: started+cadvisor_role_docker_state: started  # Privileged-cadvisor_docker_privileged: true+cadvisor_role_docker_privileged: true

modified

roles/cadvisor/tasks/main.yml

@@ -9,9 +9,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/cloudflare/tasks/main.yml

@@ -8,14 +8,14 @@ ######################################################################### --- - name: Variables Task-  ansible.builtin.import_tasks: "subtasks/variables.yml"+  ansible.builtin.include_tasks: "subtasks/variables.yml"  - name: Saltbox Subdomains Task-  ansible.builtin.import_tasks: "subtasks/subdomains.yml"+  ansible.builtin.include_tasks: "subtasks/subdomains.yml"   when: (saltbox_type | length > 0) and not skip_dns  - name: Purge Cache Task-  ansible.builtin.import_tasks: "subtasks/purge_cache.yml"+  ansible.builtin.include_tasks: "subtasks/purge_cache.yml"  - name: Configuration Rules Task-  ansible.builtin.import_tasks: "subtasks/configuration_rules.yml"+  ansible.builtin.include_tasks: "subtasks/configuration_rules.yml"

modified

roles/cloudflare/tasks/subtasks/configuration_rules.yml

@@ -130,11 +130,11 @@   when: ruleset_exists and not rule_exists  - name: Configuration Rules | Remove Configuration Rule Task-  ansible.builtin.import_tasks: "configuration_rules/remove_configuration_rule.yml"+  ansible.builtin.include_tasks: "configuration_rules/remove_configuration_rule.yml"   when: ruleset_exists and rule_exists  # Create new CF Configuration Rule for Lets Encrypt  - name: Configuration Rules | Add Configuration Rule Task-  ansible.builtin.import_tasks: "configuration_rules/add_configuration_rule.yml"+  ansible.builtin.include_tasks: "configuration_rules/add_configuration_rule.yml"   when: ruleset_exists and rule_exists

modified

roles/cloudflare/tasks/subtasks/configuration_rules/add_configuration_rule.yml

@@ -28,5 +28,5 @@  - name: Configuration Rules | Print result of Cloudflare Configuration Rule Creation   ansible.builtin.debug:-    msg: "Successfully created Let's Encrypt Cloudflare configuration rule for '{{ fld.stdout }}'"+    msg: "Successfully created Let's Encrypt Cloudflare configuration rule for '{{ domain_parsed.fld }}'"   when: cf_configuration_rule_creation.json.success is defined and cf_configuration_rule_creation.json.success

modified

roles/cloudflare/tasks/subtasks/purge_cache.yml

@@ -7,7 +7,7 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Purge Cache | Purge Cloudflare Cache for '{{ fld.stdout }}'+- name: Purge Cache | Purge Cloudflare Cache for '{{ domain_parsed.fld }}'   ansible.builtin.uri:     url: 'https://api.cloudflare.com/client/v4/zones/{{ cloudflare_zone }}/purge_cache'     method: 'POST'@@ -23,4 +23,4 @@   ansible.builtin.debug:     msg: "{{ ((cf_purge.json.success is defined) and (cf_purge.json.success))              | ternary('Successfully', 'Unsuccessfully') }}-             purged Cloudflare cache for '{{ fld.stdout }}'"+             purged Cloudflare cache for '{{ domain_parsed.fld }}'"

modified

roles/cloudflare/tasks/subtasks/subdomains.yml

@@ -8,10 +8,10 @@ ######################################################################### --- ## Add 'saltbox_type' subdomain-- name: "Cloudflare | Subdomains | Add '{{ saltbox_type }}' subdomain to '{{ fld.stdout }}'"-  ansible.builtin.import_tasks: "subdomains/add_subdomain.yml"+- name: "Cloudflare | Subdomains | Add '{{ saltbox_type }}' subdomain to '{{ domain_parsed.fld }}'"+  ansible.builtin.include_tasks: "subdomains/add_subdomain.yml"  ## Remove 'saltbox' subdomain for Mediabox/Feederbox setups.-- name: "Cloudflare | Subdomains | Remove 'saltbox' subdomain from '{{ fld.stdout }}'"-  ansible.builtin.import_tasks: "subdomains/remove_subdomain.yml"+- name: "Cloudflare | Subdomains | Remove 'saltbox' subdomain from '{{ domain_parsed.fld }}'"+  ansible.builtin.include_tasks: "subdomains/remove_subdomain.yml"   when: saltbox_type is regex('mediabox|feederbox')

modified

roles/cloudflare/tasks/subtasks/subdomains/add_subdomain.yml

@@ -7,28 +7,28 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: "Subdomains | Add Subdomain | Cloudflare: DNS Record for '{{ saltbox_type }}' set to '{{ ip_address_public }}' was added. Proxy: {{ dns.proxied | default('no') }}"+- name: "Subdomains | Add Subdomain | Cloudflare: DNS Record for '{{ saltbox_type }}' set to '{{ ip_address_public }}' was added. Proxy: {{ dns_proxied | default('no') }}"   community.general.cloudflare_dns:     account_api_token: "{{ cloudflare.api }}"     account_email: "{{ cloudflare.email }}"-    zone: "{{ fld.stdout }}"+    zone: "{{ domain_parsed.fld }}"     state: present     solo: true-    proxied: "{{ dns.proxied | default('no') }}"+    proxied: "{{ dns_proxied | default('no') }}"     type: A     value: "{{ ip_address_public }}"     record: "{{ saltbox_type }}"-  when: dns.ipv4+  when: dns_ipv4_enabled -- name: "Subdomains | Add Subdomain | Cloudflare: DNS Record for '{{ saltbox_type }}' set to '{{ ipv6_address_public }}' was added. Proxy: {{ dns.proxied | default('no') }}"+- name: "Subdomains | Add Subdomain | Cloudflare: DNS Record for '{{ saltbox_type }}' set to '{{ ipv6_address_public }}' was added. Proxy: {{ dns_proxied | default('no') }}"   community.general.cloudflare_dns:     account_api_token: "{{ cloudflare.api }}"     account_email: "{{ cloudflare.email }}"-    zone: "{{ fld.stdout }}"+    zone: "{{ domain_parsed.fld }}"     state: present     solo: true-    proxied: "{{ dns.proxied | default('no') }}"+    proxied: "{{ dns_proxied | default('no') }}"     type: AAAA     value: "{{ ipv6_address_public }}"     record: "{{ saltbox_type }}"-  when: dns.ipv6+  when: dns_ipv6_enabled

modified

roles/cloudflare/tasks/subtasks/subdomains/remove_subdomain.yml

@@ -7,22 +7,22 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: "Subdomains | Remove Subdomain | Cloudflare: Remove 'saltbox' A record from '{{ fld.stdout }}'"+- name: "Subdomains | Remove Subdomain | Cloudflare: Remove 'saltbox' A record from '{{ domain_parsed.fld }}'"   community.general.cloudflare_dns:     account_api_token: "{{ cloudflare.api }}"     account_email: "{{ cloudflare.email }}"-    zone: "{{ fld.stdout }}"+    zone: "{{ domain_parsed.fld }}"     state: absent     type: A     record: "saltbox"-  when: dns.ipv4+  when: dns_ipv4_enabled -- name: "Subdomains | Remove Subdomain | Cloudflare: Remove 'saltbox' AAAA record from '{{ fld.stdout }}'"+- name: "Subdomains | Remove Subdomain | Cloudflare: Remove 'saltbox' AAAA record from '{{ domain_parsed.fld }}'"   community.general.cloudflare_dns:     account_api_token: "{{ cloudflare.api }}"     account_email: "{{ cloudflare.email }}"-    zone: "{{ fld.stdout }}"+    zone: "{{ domain_parsed.fld }}"     state: absent     type: AAAA     record: "saltbox"-  when: dns.ipv6+  when: dns_ipv6_enabled

modified

roles/cloudflare/tasks/subtasks/variables.yml

@@ -15,13 +15,13 @@       else '' }}"  - name: Get FLD-  ansible.builtin.shell: |-    {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ dns_zone | default(user.domain) }}\", as_object=True); print(res.fld)"-  register: fld+  tld_parse:+    url: "{{ dns_zone | default(user.domain) }}"+  register: domain_parsed  - name: Variables | Fetch Cloudflare Zones   ansible.builtin.uri:-    url: 'https://api.cloudflare.com/client/v4/zones?name={{ fld.stdout }}'+    url: 'https://api.cloudflare.com/client/v4/zones?name={{ domain_parsed.fld }}'     method: 'GET'     headers:       Content-Type: "application/json"

modified

roles/cloudflare/tasks/subtasks/zone.yml

@@ -8,9 +8,9 @@ ######################################################################### --- - name: Get FLD-  ansible.builtin.shell: |-    {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ user.domain }}\", as_object=True); print(res.fld)"-  register: fld+  tld_parse:+    url: "{{ user.domain }}"+  register: domain_parsed  - name: Get zones   ansible.builtin.uri:@@ -22,7 +22,7 @@  - name: Get zone ID   ansible.builtin.set_fact:-    zone_id: "{{ get_zones_result.json.result | selectattr('name', 'equalto', fld.stdout) | map(attribute='id') | first }}"+    zone_id: "{{ get_zones_result.json.result | selectattr('name', 'equalto', domain_parsed.fld) | map(attribute='id') | first }}"  - name: Get zone records   ansible.builtin.uri:

modified

roles/cloudplow/defaults/main.yml

@@ -30,19 +30,13 @@ ################################  cloudplow_folder: "{{ cloudplow_name }}"- cloudplow_path: "{{ server_appdata_path }}/{{ cloudplow_folder }}"- cloudplow_venv_path: "{{ cloudplow_path }}/venv"- cloudplow_python_path: "{{ cloudplow_venv_path }}/bin/python3" cloudplow_python_version: "3.8" cloudplow_script_path: "{{ cloudplow_path }}/cloudplow.py"- cloudplow_requirements_path: "{{ cloudplow_path }}/requirements.txt"- cloudplow_config_path: "{{ cloudplow_path }}/config.json"- cloudplow_alias_path: "/usr/local/bin/{{ cloudplow_name }}"  ################################@@ -50,11 +44,8 @@ ################################  cloudplow_git_repo_url: "https://github.com/l3uddz/cloudplow.git"- cloudplow_git_repo_dest: "{{ cloudplow_path }}"- cloudplow_git_repo_branch_primary: "master"- cloudplow_git_repo_branch_secondary: "develop"  ################################@@ -69,9 +60,7 @@ ################################  rclone_config_path: "/home/{{ user.name }}/.config/rclone/rclone.conf"- rclone_binary_path: "/usr/bin/rclone"- cloudplow_rclone_google_template: |-   "--user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36",   "--checkers": 16,@@ -83,7 +72,6 @@   "--retries": 1,   "--low-level-retries": 2,   "--drive-stop-on-upload-limit": null- cloudplow_rclone_dropbox_template: |-   "--user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36",   "--checkers": 16,

modified

roles/cloudplow/tasks/main.yml

@@ -11,14 +11,6 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/systemd/delete_service.yml"   vars:     _service_name: "{{ cloudplow_service_name_old }}"-  tags:-    - "cloudplow-disable"--- name: Import Disable Task-  ansible.builtin.import_tasks: "subtasks/disable.yml"-  when: ('cloudplow-disable' in ansible_run_tags)-  tags:-    - "cloudplow-disable"  - name: Reset Cloudplow directory   ansible.builtin.file:@@ -53,6 +45,11 @@      - name: Clone project git repo       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/git/clone_git_repo.yml"+      vars:+        git_repo_url: "{{ cloudplow_git_repo_url }}"+        git_repo_dest: "{{ cloudplow_git_repo_dest }}"+        git_repo_branch_primary: "{{ cloudplow_git_repo_branch_primary }}"+        git_repo_branch_secondary: "{{ cloudplow_git_repo_branch_secondary }}"      - name: "Execute Python role"       ansible.builtin.include_role:@@ -108,7 +105,7 @@         force: true      - name: Import Settings Task-      ansible.builtin.import_tasks: "subtasks/settings.yml"+      ansible.builtin.include_tasks: "subtasks/settings.yml"      - name: Import '{{ cloudplow_service_name }}.service'       ansible.builtin.template:

modified

roles/cloudplow/tasks/subtasks/settings.yml

@@ -18,12 +18,12 @@  - name: Settings | Check if SABnzbd is installed   ansible.builtin.stat:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='sabnzbd') }}"   register: stat_sabnzbd  - name: Settings | Lookup SABnzbd API Key   ansible.builtin.set_fact:-    sabnzbd_apikey: "{{ lookup('file', sabnzbd_paths_config_location) | regex_search('^api_key *= *.*', multiline=True) | regex_replace('.*= *(.*)$', '\\1') }}"+    sabnzbd_apikey: "{{ lookup('file', lookup('role_var', '_paths_config_location', role='sabnzbd')) | regex_search('^api_key *= *.*', multiline=True) | regex_replace('.*= *(.*)$', '\\1') }}"   when: stat_sabnzbd.stat.exists  - name: Settings | Check if 'config.json' exists@@ -63,7 +63,7 @@   block:     - name: Settings | Install required packages       ansible.builtin.apt:-        state: present+        state: latest         name:           - jq           - moreutils@@ -76,13 +76,13 @@      - name: Settings | Update NZBGet credentials in 'config.json'       ansible.builtin.shell: |-        jq '.nzbget.url = "{{ nzbget_web_local_url_web_login }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}+        jq '.nzbget.url = "{{ lookup('role_var', '_web_local_url_web_login', role='nzbget') }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}       become: true       become_user: "{{ user.name }}"      - name: Settings | Update SABnzbd URL in 'config.json'       ansible.builtin.shell: |-        jq '.sabnzbd.url = "{{ sabnzbd_web_local_url }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}+        jq '.sabnzbd.url = "{{ lookup('role_var', '_web_local_url', role='sabnzbd') }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}       become: true       become_user: "{{ user.name }}" @@ -95,7 +95,7 @@      - name: Settings | Update Plex URL in 'config.json'       ansible.builtin.shell: |-        jq '.plex.url = "{{ plex_web_url }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}+        jq '.plex.url = "{{ lookup('role_var', '_web_url', role='plex') }}"' {{ cloudplow_config_path }} | sponge {{ cloudplow_config_path }}       become: true       become_user: "{{ user.name }}"

modified

roles/cloudplow/templates/config.json.j2

@@ -8,7 +8,7 @@   "notifications": {},   "nzbget": {     "enabled": false,-    "url": "{{ nzbget_web_local_url_web_login }}"+    "url": "{{ nzbget_role_web_local_url_web_login }}"   },   "plex": {     "enabled": false,@@ -28,7 +28,7 @@       "url": "http://localhost:7949"     },     "token": "{{ plex_auth_token | default('') }}",-    "url": "{{ plex_web_url }}"+    "url": "{{ plex_role_web_url }}"   },   "remotes": { {% for item in cloudplow_remotes %}@@ -41,7 +41,10 @@         "*.db"       ],       "rclone_extras": {-        {{ lookup('vars', 'cloudplow_rclone_' + item.settings.template + '_template', default=cloudplow_rclone_google_template) | indent(width=8, first=false) }}+        {{ (cloudplow_rclone_google_template+           if (item.settings.template | regex_search('^/'))+           else lookup('vars', 'cloudplow_rclone_' + item.settings.template + '_template', default=cloudplow_rclone_google_template)+           ) | indent(width=8, first=false) }}       },       "rclone_sleeps": {         "Failed to copy: googleapi: Error 403: User rate limit exceeded": {@@ -57,16 +60,16 @@       },       "remove_empty_dir_depth": 2,       "sync_remote": "{{ (item | filter_rclone_remote_with_path)-                          + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder)-                          if (item.settings.template != 'nfs')-                          else ('/mnt/remote/' + (item | filter_rclone_remote_name))-                          + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder) }}",+                         + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder)+                      if (item.settings.template != 'nfs')+                      else ('/mnt/remote/' + (item | filter_rclone_remote_name))+                           + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder) }}",       "upload_folder": "{{ item.settings.upload_from }}",       "upload_remote": "{{ (item | filter_rclone_remote_with_path)-                            + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder)-                            if (item.settings.template != 'nfs')-                            else ('/mnt/remote/' + (item | filter_rclone_remote_name))-                            + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder) }}"+                           + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder)+                        if (item.settings.template != 'nfs')+                        else ('/mnt/remote/' + (item | filter_rclone_remote_name))+                             + lookup('vars', 'cloudplow_remote_' + (item | filter_rclone_remote_name) + '_folder', default=cloudplow_remote_default_folder) }}"     {% if loop.index == loop.length %}}{% else %}},{{ '\n' }}{% endif %} {% endfor %} @@ -74,7 +77,7 @@   "sabnzbd": {     "apikey": "{{ sabnzbd_apikey | default('') }}",     "enabled": false,-    "url": "{{ sabnzbd_web_local_url }}"+    "url": "{{ sabnzbd_role_web_local_url }}"   },   "syncer": {},   "uploader": {

modified

roles/common/tasks/main.yml

@@ -10,8 +10,8 @@ - name: BTRFS Tasks   ansible.builtin.include_tasks: "btrfs.yml"   loop:-    - /opt-    - /mnt/local+    - "{{ server_appdata_path }}"+    - "{{ server_local_folder_path }}"   loop_control:     loop_var: outer_item @@ -27,11 +27,11 @@     - /home/{{ user.name }}/logs     - /home/{{ user.name }}/.config     - /home/{{ user.name }}/.config/pip-    - /opt-    - /opt/saltbox+    - "{{ server_appdata_path }}"+    - "{{ server_appdata_path }}/saltbox"     - /mnt-    - /mnt/local-    - /mnt/local/Media+    - "{{ server_local_folder_path }}"+    - "{{ server_local_folder_path }}/Media"  - name: Create common Media directories   ansible.builtin.file:@@ -42,9 +42,9 @@     mode: "0775"   when: common_create_media_subfolders   with_items:-    - /mnt/local/Media/Movies-    - /mnt/local/Media/Music-    - /mnt/local/Media/TV+    - "{{ server_local_folder_path }}/Media/Movies"+    - "{{ server_local_folder_path }}/Media/Music"+    - "{{ server_local_folder_path }}/Media/TV"  - name: Check if 'localhost.yml' exists   ansible.builtin.stat:@@ -62,7 +62,7 @@  - name: Install required packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - apt-transport-https       - ca-certificates@@ -70,7 +70,7 @@  - name: Install common packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - "nano"       - "zip"@@ -102,25 +102,26 @@       - "moreutils"       - "unrar"       - "python3-virtualenv"+      - "bash-completion"  - name: Install extra packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - "run-one"  - name: Fetch PCI Info   ansible.builtin.shell: "lspci -v -s $(lspci | grep -E '.*VGA.*Intel.*' | cut -d' ' -f 1) 2>/dev/null || :"   register: lscpi_resp-  when: gpu.intel+  when: use_intel  - name: Install 'intel-gpu-tools'   ansible.builtin.apt:-    state: present+    state: latest     name:       - "intel-gpu-tools"   when:-    - gpu.intel+    - use_intel     - ('i915' in lscpi_resp.stdout)  - name: Check to see if 'unrar' installed@@ -131,7 +132,7 @@ - name: Install 'unrar-free' if 'unrar' was not installed   ansible.builtin.apt:     name: unrar-free-    state: present+    state: latest   when: (not unrar_binary.stat.exists)  - name: "Import 'pip.conf'"

modified

roles/crowdsec/tasks/main.yml

@@ -40,7 +40,7 @@   ansible.builtin.dpkg_selections:     name: "crowdsec"     selection: install-  when: ('crowdsec' in ansible_facts.packages)+  when: ('crowdsec' in ansible_facts['packages'])  - name: Install crowdsec   ansible.builtin.apt:@@ -56,7 +56,7 @@   ansible.builtin.dpkg_selections:     name: "crowdsec-firewall-bouncer-iptables"     selection: install-  when: ('crowdsec-firewall-bouncer-iptables' in ansible_facts.packages)+  when: ('crowdsec-firewall-bouncer-iptables' in ansible_facts['packages'])  - name: Manage iptables bouncer install   ansible.builtin.apt:@@ -126,7 +126,7 @@     name: crowdsec-firewall-bouncer     state: stopped -- name: Get next available port within the range of '8080-8180' # noqa fqcn[action]+- name: Get next available port within the range of '8080-8180'   find_open_port:     low_bound: "8080"     high_bound: "8180"

modified

roles/crowdsec/templates/acquis.yaml.j2

@@ -10,7 +10,7 @@   type: syslog --- filenames:-  - /opt/traefik/*.log+  - {{ server_appdata_path }}/traefik/*.log labels:   type: traefik ---

modified

roles/custom/tasks/main.yml

@@ -18,11 +18,11 @@  - name: Custom | Install custom deb packages   ansible.builtin.apt:-    state: present+    state: latest     deb: "{{ item }}"   loop: "{{ custom_deb }}"  - name: Install custom pip modules   ansible.builtin.shell: "pip install {{ item }}"   loop: "{{ custom_pip }}"-  when: ansible_distribution_version is version('22.04', '<=')+  when: ansible_facts['distribution_version'] is version('22.04', '<=')

modified

roles/ddclient/tasks/main.yml

@@ -15,7 +15,7 @@  - name: Create ddclient directories   ansible.builtin.file:-    path: "/opt/ddclient"+    path: "{{ server_appdata_path }}/ddclient"     state: directory     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -35,7 +35,6 @@       - nzbget       - sabnzbd       - prowlarr-      - rutorrent       - jackett       - nzbhydra2       - sonarr@@ -45,7 +44,7 @@ - name: Import 'ddclient.conf'   ansible.builtin.template:     src: "ddclient.conf.j2"-    dest: "/opt/ddclient/ddclient.conf"+    dest: "{{ server_appdata_path }}/ddclient/ddclient.conf"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"@@ -61,7 +60,7 @@       PUID: "{{ uid }}"       PGID: "{{ gid }}"     volumes:-      - "/opt/ddclient:/config"+      - "{{ server_appdata_path }}/ddclient:/config"     labels:       "com.github.saltbox.saltbox_managed": "true"     networks:

modified

roles/ddns/defaults/main.yml

@@ -18,116 +18,69 @@ ################################  # Comma separated FQDN's that you want the container to manage-ddns_custom_urls: ""-ddns_delay: "60"+ddns_role_custom_urls: ""+ddns_role_delay: "60"  ################################ # Docker ################################  # Container-ddns_docker_container: "{{ ddns_name }}"+ddns_role_docker_container: "{{ ddns_name }}"  # Image-ddns_docker_image_pull: true-ddns_docker_image_tag: "latest"-ddns_docker_image: "saltydk/dns:{{ ddns_docker_image_tag }}"--# Ports-ddns_docker_ports_defaults: []-ddns_docker_ports_custom: []-ddns_docker_ports: "{{ ddns_docker_ports_defaults-                       + ddns_docker_ports_custom }}"+ddns_role_docker_image_pull: true+ddns_role_docker_image_repo: "saltydk/dns"+ddns_role_docker_image_tag: "latest"+ddns_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='ddns') }}:{{ lookup('role_var', '_docker_image_tag', role='ddns') }}"  # Envs-ddns_docker_envs_default:+ddns_role_docker_envs_default:   TZ: "{{ tz }}"   CLOUDFLARE_API_KEY: "{{ cloudflare.api }}"   CLOUDFLARE_EMAIL: "{{ cloudflare.email }}"-  CLOUDFLARE_PROXY_DEFAULT: "{{ dns.proxied | string }}"+  CLOUDFLARE_PROXY_DEFAULT: "{{ dns_proxied | string }}"   TRAEFIK_API_URL: "http://traefik:8080"   TRAEFIK_ENTRYPOINTS: "websecure,web"-  CUSTOM_URLS: "{{ ddns_custom_urls if (ddns_custom_urls | length > 0) else omit }}"-  IP_VERSION: "{{ 'both' if (dns.ipv4 and dns.ipv6) else ('4' if dns.ipv4 else '6') }}"-  DELAY: "{{ ddns_delay }}"-ddns_docker_envs_custom: {}-ddns_docker_envs: "{{ ddns_docker_envs_default-                      | combine(ddns_docker_envs_custom) }}"--# Commands-ddns_docker_volumes_global: false-ddns_docker_commands_default: []-ddns_docker_commands_custom: []-ddns_docker_commands: "{{ ddns_docker_commands_default-                          + ddns_docker_commands_custom }}"+  CUSTOM_URLS: "{{ lookup('role_var', '_custom_urls', role='ddns') if (lookup('role_var', '_custom_urls', role='ddns') | length > 0) else omit }}"+  IP_VERSION: "{{ 'both' if (dns_ipv4_enabled and dns_ipv6_enabled) else ('4' if dns_ipv4_enabled else '6') }}"+  DELAY: "{{ lookup('role_var', '_delay', role='ddns') }}"+ddns_role_docker_envs_custom: {}+ddns_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='ddns')+                           | combine(lookup('role_var', '_docker_envs_custom', role='ddns')) }}"  # Volumes-ddns_docker_volumes_default: []-ddns_docker_volumes_custom: []-ddns_docker_volumes: "{{ ddns_docker_volumes_default-                         + ddns_docker_volumes_custom }}"+ddns_role_docker_volumes_global: false  # Mounts-ddns_docker_mounts_default:+ddns_role_docker_mounts_default:   - target: /tmp     type: tmpfs-ddns_docker_mounts_custom: []-ddns_docker_mounts: "{{ lookup('vars', ddns_name + '_docker_mounts_default', default=ddns_docker_mounts_default)-                        + lookup('vars', ddns_name + '_docker_mounts_custom', default=ddns_docker_mounts_custom) }}"--# Devices-ddns_docker_devices_default: []-ddns_docker_devices_custom: []-ddns_docker_devices: "{{ ddns_docker_devices_default-                         + ddns_docker_devices_custom }}"--# Hosts-ddns_docker_hosts_default: {}-ddns_docker_hosts_custom: {}-ddns_docker_hosts: "{{ docker_hosts_common-                       | combine(ddns_docker_hosts_default)-                       | combine(ddns_docker_hosts_custom) }}"--# Labels-ddns_docker_labels_default: {}-ddns_docker_labels_custom: {}-ddns_docker_labels: "{{ docker_labels_common-                        | combine(ddns_docker_labels_default)-                        | combine(ddns_docker_labels_custom) }}"+ddns_role_docker_mounts_custom: []+ddns_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='ddns')+                             + lookup('role_var', '_docker_mounts_custom', role='ddns') }}"  # Hostname-ddns_docker_hostname: "{{ ddns_name }}"+ddns_role_docker_hostname: "{{ ddns_name }}"  # Networks-ddns_docker_networks_alias: "{{ ddns_name }}"-ddns_docker_networks_default: []-ddns_docker_networks_custom: []-ddns_docker_networks: "{{ docker_networks_common-                          + ddns_docker_networks_default-                          + ddns_docker_networks_custom }}"--# Capabilities-ddns_docker_capabilities_default: []-ddns_docker_capabilities_custom: []-ddns_docker_capabilities: "{{ ddns_docker_capabilities_default-                              + ddns_docker_capabilities_custom }}"--# Security Opts-ddns_docker_security_opts_default: []-ddns_docker_security_opts_custom: []-ddns_docker_security_opts: "{{ ddns_docker_security_opts_default-                               + ddns_docker_security_opts_custom }}"+ddns_role_docker_networks_alias: "{{ ddns_name }}"+ddns_role_docker_networks_default: []+ddns_role_docker_networks_custom: []+ddns_role_docker_networks: "{{ docker_networks_common+                               + lookup('role_var', '_docker_networks_default', role='ddns')+                               + lookup('role_var', '_docker_networks_custom', role='ddns') }}"  # Restart Policy-ddns_docker_restart_policy: unless-stopped+ddns_role_docker_restart_policy: unless-stopped  # State-ddns_docker_state: started+ddns_role_docker_state: started  # Init-ddns_docker_init: true+ddns_role_docker_init: true  # Dependencies-ddns_depends_on: "traefik"-ddns_depends_on_delay: "10"-ddns_depends_on_healthchecks: "false"+ddns_role_depends_on: "traefik"+ddns_role_depends_on_delay: "10"+ddns_role_depends_on_healthchecks: "false"

modified

roles/ddns/tasks/main.yml

@@ -12,7 +12,7 @@     msg:       - "IPv4 or IPv6 DNS management has to be enabled."       - "Check your 'adv_settings.yml' config."-  when: not (dns.ipv4 or dns.ipv6)+  when: not (dns_ipv4_enabled or dns_ipv6_enabled)  - name: "Fail if not using Cloudflare"   ansible.builtin.fail:

modified

roles/deluge/defaults/main.yml

@@ -17,168 +17,131 @@ # Paths ################################ -deluge_paths_folder: "{{ deluge_name }}"-deluge_paths_location: "{{ server_appdata_path }}/{{ deluge_paths_folder }}"-deluge_paths_conf: "{{ deluge_paths_location }}/core.conf"-deluge_paths_downloads_location: "{{ downloads_torrents_path }}/{{ deluge_paths_folder }}"-deluge_paths_folders_list:-  - "{{ deluge_paths_location }}"-  - "{{ deluge_paths_downloads_location }}"-  - "{{ deluge_paths_downloads_location }}/completed"-  - "{{ deluge_paths_downloads_location }}/incoming"-  - "{{ deluge_paths_downloads_location }}/watched"-  - "{{ deluge_paths_downloads_location }}/torrents"+deluge_role_paths_folder: "{{ deluge_name }}"+deluge_role_paths_location: "{{ server_appdata_path }}/{{ deluge_role_paths_folder }}"+deluge_role_paths_conf: "{{ deluge_role_paths_location }}/core.conf"+deluge_role_paths_downloads_location: "{{ downloads_torrents_path }}/{{ deluge_role_paths_folder }}"+deluge_role_paths_folders_list:+  - "{{ deluge_role_paths_location }}"+  - "{{ deluge_role_paths_downloads_location }}"+  - "{{ deluge_role_paths_downloads_location }}/completed"+  - "{{ deluge_role_paths_downloads_location }}/incoming"+  - "{{ deluge_role_paths_downloads_location }}/watched"+  - "{{ deluge_role_paths_downloads_location }}/torrents"  ################################ # Web ################################ -deluge_web_subdomain: "{{ deluge_name }}"-deluge_web_domain: "{{ user.domain }}"-deluge_web_port: "8112"-deluge_web_url: "{{ 'https://' + (deluge_web_subdomain + '.' + deluge_web_domain-                 if (deluge_web_subdomain | length > 0)-                 else deluge_web_domain) }}"+deluge_role_web_subdomain: "{{ deluge_name }}"+deluge_role_web_domain: "{{ user.domain }}"+deluge_role_web_port: "8112"+deluge_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='deluge') + '.' + lookup('role_var', '_web_domain', role='deluge')+                      if (lookup('role_var', '_web_subdomain', role='deluge') | length > 0)+                      else lookup('role_var', '_web_domain', role='deluge')) }}"  ################################ # DNS ################################ -deluge_dns_record: "{{ lookup('vars', deluge_name + '_web_subdomain', default=deluge_web_subdomain) }}"-deluge_dns_zone: "{{ lookup('vars', deluge_name + '_web_domain', default=deluge_web_domain) }}"-deluge_dns_proxy: "{{ dns.proxied }}"+deluge_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='deluge') }}"+deluge_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='deluge') }}"+deluge_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -deluge_traefik_sso_middleware: ""-deluge_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',themepark-' + lookup('vars', deluge_name + '_name', default=deluge_name)-                                         if (deluge_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-deluge_traefik_middleware_custom: ""-deluge_traefik_certresolver: "{{ traefik_default_certresolver }}"-deluge_traefik_enabled: true-deluge_traefik_api_enabled: false-deluge_traefik_api_endpoint: ""+deluge_role_traefik_sso_middleware: ""+deluge_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + deluge_name+                                              if (lookup('role_var', '_themepark_enabled', role='deluge') and global_themepark_plugin_enabled)+                                              else '') }}"+deluge_role_traefik_middleware_custom: ""+deluge_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+deluge_role_traefik_enabled: true+deluge_role_traefik_api_enabled: false+deluge_role_traefik_api_endpoint: ""  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-deluge_themepark_enabled: false-deluge_themepark_app: "deluge"-deluge_themepark_theme: "{{ global_themepark_theme }}"-deluge_themepark_domain: "{{ global_themepark_domain }}"-deluge_themepark_addons: []+deluge_role_themepark_enabled: false+deluge_role_themepark_app: "deluge"+deluge_role_themepark_theme: "{{ global_themepark_theme }}"+deluge_role_themepark_domain: "{{ global_themepark_domain }}"+deluge_role_themepark_addons: []  ################################ # Docker ################################  # Container-deluge_docker_container: "{{ deluge_name }}"+deluge_role_docker_container: "{{ deluge_name }}"  # Image-deluge_docker_image_pull: true-deluge_docker_image_repo: "lscr.io/linuxserver/deluge"-deluge_docker_image_tag: "latest"-deluge_docker_image: "{{ lookup('vars', deluge_name + '_docker_image_repo', default=deluge_docker_image_repo)-                         + ':' + lookup('vars', deluge_name + '_docker_image_tag', default=deluge_docker_image_tag) }}"+deluge_role_docker_image_pull: true+deluge_role_docker_image_repo: "lscr.io/linuxserver/deluge"+deluge_role_docker_image_tag: "latest"+deluge_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='deluge') }}:{{ lookup('role_var', '_docker_image_tag', role='deluge') }}"  # Ports-deluge_docker_ports_58112: "{{ port_lookup_58112.meta.port-                            if (port_lookup_58112.meta.port is defined) and (port_lookup_58112.meta.port | trim | length > 0)-                            else '58112' }}"+deluge_role_docker_ports_58112: "{{ port_lookup_58112.meta.port+                                 if (port_lookup_58112.meta.port is defined) and (port_lookup_58112.meta.port | trim | length > 0)+                                 else '58112' }}" -deluge_docker_ports_defaults:-  - "{{ deluge_docker_ports_58112 }}:{{ deluge_docker_ports_58112 }}"-  - "{{ deluge_docker_ports_58112 }}:{{ deluge_docker_ports_58112 }}/udp"-deluge_docker_ports_custom: []-deluge_docker_ports: "{{ deluge_docker_ports_defaults-                         + deluge_docker_ports_custom }}"+deluge_role_docker_ports_default:+  - "{{ deluge_role_docker_ports_58112 }}:{{ deluge_role_docker_ports_58112 }}"+  - "{{ deluge_role_docker_ports_58112 }}:{{ deluge_role_docker_ports_58112 }}/udp"+deluge_role_docker_ports_custom: []+deluge_role_docker_ports: "{{ lookup('role_var', '_docker_ports_default', role='deluge')+                              + lookup('role_var', '_docker_ports_custom', role='deluge') }}"  # Envs-deluge_docker_envs_default:+deluge_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"   UMASK: "002"-deluge_docker_envs_custom: {}-deluge_docker_envs: "{{ lookup('vars', deluge_name + '_docker_envs_default', default=deluge_docker_envs_default)-                        | combine(lookup('vars', deluge_name + '_docker_envs_custom', default=deluge_docker_envs_custom)) }}"--# Commands-deluge_docker_commands_default: []-deluge_docker_commands_custom: []-deluge_docker_commands: "{{ lookup('vars', deluge_name + '_docker_commands_default', default=deluge_docker_commands_default)-                            + lookup('vars', deluge_name + '_docker_commands_custom', default=deluge_docker_commands_custom) }}"+deluge_role_docker_envs_custom: {}+deluge_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='deluge')+                             | combine(lookup('role_var', '_docker_envs_custom', role='deluge')) }}"  # Volumes-deluge_docker_volumes_default:-  - "{{ deluge_paths_location }}:/config"+deluge_role_docker_volumes_default:+  - "{{ deluge_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-deluge_docker_volumes_custom: []-deluge_docker_volumes: "{{ lookup('vars', deluge_name + '_docker_volumes_default', default=deluge_docker_volumes_default)-                           + lookup('vars', deluge_name + '_docker_volumes_custom', default=deluge_docker_volumes_custom) }}"--# Devices-deluge_docker_devices_default: []-deluge_docker_devices_custom: []-deluge_docker_devices: "{{ lookup('vars', deluge_name + '_docker_devices_default', default=deluge_docker_devices_default)-                           + lookup('vars', deluge_name + '_docker_devices_custom', default=deluge_docker_devices_custom) }}"--# Hosts-deluge_docker_hosts_default: {}-deluge_docker_hosts_custom: {}-deluge_docker_hosts: "{{ docker_hosts_common-                         | combine(lookup('vars', deluge_name + '_docker_hosts_default', default=deluge_docker_hosts_default))-                         | combine(lookup('vars', deluge_name + '_docker_hosts_custom', default=deluge_docker_hosts_custom)) }}"+deluge_role_docker_volumes_custom: []+deluge_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='deluge')+                                + lookup('role_var', '_docker_volumes_custom', role='deluge') }}"  # Labels-deluge_docker_labels_default: {}-deluge_docker_labels_custom: {}-deluge_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', deluge_name + '_docker_labels_default', default=deluge_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (deluge_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', deluge_name + '_docker_labels_custom', default=deluge_docker_labels_custom)) }}"+deluge_role_docker_labels_default: {}+deluge_role_docker_labels_custom: {}+deluge_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='deluge')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='deluge') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='deluge')) }}"  # Hostname-deluge_docker_hostname: "{{ deluge_name }}"--# Network Mode-deluge_docker_network_mode_default: "{{ docker_networks_name_common }}"-deluge_docker_network_mode: "{{ lookup('vars', deluge_name + '_docker_network_mode_default', default=deluge_docker_network_mode_default) }}"+deluge_role_docker_hostname: "{{ deluge_name }}"  # Networks-deluge_docker_networks_alias: "{{ deluge_name }}"-deluge_docker_networks_default: []-deluge_docker_networks_custom: []-deluge_docker_networks: "{{ docker_networks_common-                            + lookup('vars', deluge_name + '_docker_networks_default', default=deluge_docker_networks_default)-                            + lookup('vars', deluge_name + '_docker_networks_custom', default=deluge_docker_networks_custom) }}"--# Capabilities-deluge_docker_capabilities_default: []-deluge_docker_capabilities_custom: []-deluge_docker_capabilities: "{{ lookup('vars', deluge_name + '_docker_capabilities_default', default=deluge_docker_capabilities_default)-                                + lookup('vars', deluge_name + '_docker_capabilities_custom', default=deluge_docker_capabilities_custom) }}"--# Security Opts-deluge_docker_security_opts_default: []-deluge_docker_security_opts_custom: []-deluge_docker_security_opts: "{{ lookup('vars', deluge_name + '_docker_security_opts_default', default=deluge_docker_security_opts_default)-                                 + lookup('vars', deluge_name + '_docker_security_opts_custom', default=deluge_docker_security_opts_custom) }}"+deluge_role_docker_networks_alias: "{{ deluge_name }}"+deluge_role_docker_networks_default: []+deluge_role_docker_networks_custom: []+deluge_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='deluge')+                                 + lookup('role_var', '_docker_networks_custom', role='deluge') }}"  # Restart Policy-deluge_docker_restart_policy: unless-stopped+deluge_role_docker_restart_policy: unless-stopped  # Stop Timeout-deluge_docker_stop_timeout: 900+deluge_role_docker_stop_timeout: 900  # State-deluge_docker_state: started+deluge_role_docker_state: started

modified

roles/deluge/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -21,10 +21,10 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Pre-Install Tasks-  ansible.builtin.import_tasks: "subtasks/pre-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/pre-install/main.yml"  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/post-install/main.yml"

modified

roles/deluge/tasks/subtasks/post-install/main.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Wait for config to be created   ansible.builtin.wait_for:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"     state: present  - name: Post-Install | Wait for 10 seconds@@ -20,7 +20,7 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"  - name: Post-Install | Settings Task-  ansible.builtin.import_tasks: "settings/main.yml"+  ansible.builtin.include_tasks: "settings/main.yml"  - name: Post-Install | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/deluge/tasks/subtasks/post-install/settings/main.yml

@@ -9,25 +9,25 @@ --- - name: Post-Install | Settings | Update 'core.conf' | Set listen ports   ansible.builtin.replace:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"     regexp: '"listen_ports": (\[[\d|\W]+\]),'-    replace: '"listen_ports": [{{ deluge_docker_ports_58112 }},{{ deluge_docker_ports_58112 }}],'+    replace: '"listen_ports": [{{ lookup("role_var", "_docker_ports_58112", role="deluge") }},{{ lookup("role_var", "_docker_ports_58112", role="deluge") }}],'  - name: Post-Install | Settings | Update 'core.conf' | Set listen random port to null   ansible.builtin.replace:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"     regexp: '"listen_random_port": ([\d|\W]+),'     replace: '"listen_random_port": null,'  - name: Post-Install | Settings | Update 'core.conf' | Disable random incoming port   ansible.builtin.replace:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"     regexp: '"random_port": ([\w]+),'     replace: '"random_port": false,'  - name: Post-Install | Settings | Update 'core.conf' | Enable random outgoing ports   ansible.builtin.replace:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"     regexp: '"random_outgoing_ports": ([\w]+),'     replace: '"random_outgoing_ports": true,' @@ -36,7 +36,7 @@   block:     - name: Post-Install | Settings | Update 'core.conf' | Disable Network Extras       ansible.builtin.replace:-        path: "{{ deluge_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"         regexp: '"{{ item }}": ([\w]+){{ "," if item != "utpex" else "" }}'         replace: '"{{ item }}": false{{ "," if item != "utpex" else "" }}'       loop:

modified

roles/deluge/tasks/subtasks/pre-install/main.yml

@@ -7,7 +7,7 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Pre-Install | Get next available port within the range of '58112-58132' # noqa fqcn[action]+- name: Pre-Install | Get next available port within the range of '58112-58132'   find_open_port:     low_bound: 58112     high_bound: 58132@@ -17,5 +17,5 @@  - name: Pre-Install | Check if existing config file exists   ansible.builtin.stat:-    path: "{{ deluge_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='deluge') }}"   register: deluge_paths_conf_stat

modified

roles/diag/defaults/main.yml

@@ -7,17 +7,14 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----diagnose_cloudflare_script_path: "/srv/git/saltbox/roles/diag/files/cloudflare_ssl.py"- diagnose_vars:   - "Saltbox repo branch: {{ git_branch.stdout if (git_branch is defined and git_branch.stdout is defined) else 'Failed retrieving' }}"   - "Saltbox repo commit: {{ git_version.stdout if (git_version is defined and git_version.stdout is defined) else 'Failed retrieving' }}"   - "Saltbox upstream commit: {{ git_origin_version.stdout if (git_origin_version is defined and git_origin_version.stdout is defined) else 'Failed retrieving' }}"   - "cloudflare_is_enabled: {{ cloudflare_is_enabled | lower }}"-  - "{{ 'Cloudflare venv deployed: ' + (diagnose_cloudflare_venv.stat.exists | string | lower) if (cloudflare_is_enabled and (dns.ipv4 or dns.ipv6)) else '' }}"-  - "{{ 'Cloudflare IPv4 automation: ' + (dns.ipv4 | string | lower) if cloudflare_is_enabled else '' }}"-  - "{{ 'Cloudflare IPv6 automation: ' + (dns.ipv6 | string | lower) if cloudflare_is_enabled else '' }}"-  - "{{ 'Cloudflare SSL Mode: ' + cloudflare_ssl.stdout if (cloudflare_is_enabled and cloudflare_ssl is defined and cloudflare_ssl.stdout is defined) else '' }}"+  - "{{ 'Cloudflare IPv4 automation: ' + (dns_ipv4_enabled | string | lower) if cloudflare_is_enabled else '' }}"+  - "{{ 'Cloudflare IPv6 automation: ' + (dns_ipv6_enabled | string | lower) if cloudflare_is_enabled else '' }}"+  - "{{ 'Cloudflare SSL Mode: ' + cloudflare_ssl.ssl_mode if (cloudflare_is_enabled and cloudflare_ssl is defined and cloudflare_ssl.ssl_mode is defined) else '' }}"   - "plex_account_is_enabled: {{ plex_account_is_enabled | lower }}"   - "rclone_remote_is_defined: {{ rclone_remote_is_defined | lower }}"   - "use_cloudplow: {{ use_cloudplow | lower }}"

modified

roles/diag/tasks/main.yml

@@ -10,36 +10,12 @@ - name: Cloudflare API lookup   when: cloudflare_is_enabled   block:-    - name: Check if Cloudflare venv exists-      ansible.builtin.stat:-        path: "/srv/cloudflare-helper/venv/bin/python3"-      register: diagnose_cloudflare_venv--    - name: Include Cloudflare Setup venv role default vars-      ansible.builtin.include_vars: "{{ resources_path }}/roles/dns/defaults/main.yml"-      when: not diagnose_cloudflare_venv.stat.exists--    - name: Setup Cloudflare venv-      ansible.builtin.include_tasks: "{{ resources_path }}/roles/dns/tasks/cloudflare/subtasks/setup.yml"-      when: not diagnose_cloudflare_venv.stat.exists-      vars:-        cloudflare_files:-          - "{{ resources_path }}/roles/dns/files/fetch_cloudflare_records.py"-          - "{{ resources_path }}/roles/dns/files/requirements.txt"--    - name: Get FLD-      ansible.builtin.shell: |-        {{ saltbox_python }} -c "from tld import get_tld; res = get_tld(\"http://{{ user.domain }}\", as_object=True); print(res.fld)"-      register: diagnose_fld--    - name: Fetch Record information-      ansible.builtin.shell: "/srv/cloudflare-helper/venv/bin/python3 {{ diagnose_cloudflare_script_path }} --auth_key '{{ cloudflare.api }}' --auth_email '{{ cloudflare.email }}' --zone_name '{{ diagnose_fld.stdout }}'"+    - name: Get Cloudflare SSL/TLS mode+      cloudflare_ssl:+        auth_email: "{{ cloudflare.email }}"+        auth_key: "{{ cloudflare.api }}"+        domain: "{{ user.domain }}"       register: cloudflare_ssl--    - name: Print Failure Output-      ansible.builtin.fail:-        msg: "{{ cloudflare_ssl.stderr }}"-      when: cloudflare_ssl.rc != 0  - name: Gather mount information   ansible.builtin.setup:@@ -49,7 +25,7 @@ - name: Filter mount information   ansible.builtin.set_fact:     host_mounts: "{{ host_mounts | default({}) | combine({item.mount: item.fstype}) }}"-  loop: "{{ ansible_mounts }}"+  loop: "{{ ansible_facts['mounts'] }}"  - name: "Diagnose variables"   ansible.builtin.debug:

modified

roles/diun/defaults/main.yml

@@ -17,100 +17,63 @@ # Paths ################################ -diun_paths_folder: "{{ diun_name }}"-diun_paths_location: "{{ server_appdata_path }}/{{ diun_paths_folder }}"-diun_paths_folders_list:-  - "{{ diun_paths_location }}"-  - "{{ diun_paths_location }}/data"+diun_role_paths_folder: "{{ diun_name }}"+diun_role_paths_location: "{{ server_appdata_path }}/{{ diun_role_paths_folder }}"+diun_role_paths_folders_list:+  - "{{ diun_role_paths_location }}"+  - "{{ diun_role_paths_location }}/data"  ################################ # Docker ################################  # Container-diun_docker_container: "{{ diun_name }}"+diun_role_docker_container: "{{ diun_name }}"  # Image-diun_docker_image_pull: true-diun_docker_image_tag: "latest"-diun_docker_image: "crazymax/diun:{{ diun_docker_image_tag }}"--# Ports-diun_docker_ports_defaults: []-diun_docker_ports_custom: []-diun_docker_ports: "{{ diun_docker_ports_defaults-                       + diun_docker_ports_custom }}"+diun_role_docker_image_pull: true+diun_role_docker_image_repo: "crazymax/diun"+diun_role_docker_image_tag: "latest"+diun_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='diun') }}:{{ lookup('role_var', '_docker_image_tag', role='diun') }}"  # Envs-diun_docker_envs_default:+diun_role_docker_envs_default:   TZ: "{{ tz }}"   LOG_LEVEL: "info"   LOG_JSON: "false"-diun_docker_envs_custom: {}-diun_docker_envs: "{{ diun_docker_envs_default-                      | combine(diun_docker_envs_custom) }}"--# Commands-diun_docker_commands_default: []-diun_docker_commands_custom: []-diun_docker_commands: "{{ diun_docker_commands_default-                          + diun_docker_commands_custom }}"+diun_role_docker_envs_custom: {}+diun_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='diun')+                           | combine(lookup('role_var', '_docker_envs_custom', role='diun')) }}"  # Volumes-diun_docker_volumes_default:-  - "{{ diun_paths_location }}/data:/data"-  - "{{ diun_paths_location }}/diun.yml:/diun.yml:ro"+diun_role_docker_volumes_default:+  - "{{ diun_role_paths_location }}/data:/data"+  - "{{ diun_role_paths_location }}/diun.yml:/diun.yml:ro"   - "/var/run/docker.sock:/var/run/docker.sock"-diun_docker_volumes_custom: []-diun_docker_volumes: "{{ diun_docker_volumes_default-                         + diun_docker_volumes_custom }}"--# Devices-diun_docker_devices_default: []-diun_docker_devices_custom: []-diun_docker_devices: "{{ diun_docker_devices_default-                         + diun_docker_devices_custom }}"--# Hosts-diun_docker_hosts_default: {}-diun_docker_hosts_custom: {}-diun_docker_hosts: "{{ docker_hosts_common-                       | combine(diun_docker_hosts_default)-                       | combine(diun_docker_hosts_custom) }}"+diun_role_docker_volumes_custom: []+diun_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='diun')+                              + lookup('role_var', '_docker_volumes_custom', role='diun') }}"  # Labels-diun_docker_labels_default:+diun_role_docker_labels_default:   diun.enable: "true"-diun_docker_labels_custom: {}-diun_docker_labels: "{{ docker_labels_common-                        | combine(diun_docker_labels_default)-                        | combine(diun_docker_labels_custom) }}"+diun_role_docker_labels_custom: {}+diun_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='diun')+                             | combine(lookup('role_var', '_docker_labels_custom', role='diun')) }}"  # Hostname-diun_docker_hostname: "{{ diun_name }}"+diun_role_docker_hostname: "{{ diun_name }}"  # Networks-diun_docker_networks_alias: "{{ diun_name }}"-diun_docker_networks_default: []-diun_docker_networks_custom: []-diun_docker_networks: "{{ docker_networks_common-                          + diun_docker_networks_default-                          + diun_docker_networks_custom }}"--# Capabilities-diun_docker_capabilities_default: []-diun_docker_capabilities_custom: []-diun_docker_capabilities: "{{ diun_docker_capabilities_default-                              + diun_docker_capabilities_custom }}"--# Security Opts-diun_docker_security_opts_default: []-diun_docker_security_opts_custom: []-diun_docker_security_opts: "{{ diun_docker_security_opts_default-                               + diun_docker_security_opts_custom }}"+diun_role_docker_networks_alias: "{{ diun_name }}"+diun_role_docker_networks_default: []+diun_role_docker_networks_custom: []+diun_role_docker_networks: "{{ docker_networks_common+                               + lookup('role_var', '_docker_networks_default', role='diun')+                               + lookup('role_var', '_docker_networks_custom', role='diun') }}"  # Restart Policy-diun_docker_restart_policy: unless-stopped+diun_role_docker_restart_policy: unless-stopped  # State-diun_docker_state: started+diun_role_docker_state: started

modified

roles/diun/tasks/main.yml

@@ -16,7 +16,7 @@ - name: Import default config   ansible.builtin.copy:     src: "diun.yml"-    dest: "{{ diun_paths_location }}/diun.yml"+    dest: "{{ lookup('role_var', '_paths_location', role='diun') }}/diun.yml"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"

modified

roles/docker/defaults/main.yml

@@ -22,9 +22,19 @@ # docker_config_custom: #   debug: "true" docker_config_custom: {}++# CPU and Memory defaults+docker_cpus_default: ""+docker_memory_default: ""+ # Skip Container startup during core, saltbox, mediabox or feederbox # If the kernel has been updated and a reboot will happen docker_skip_start_during_meta_tag: "{{ saltbox_auto_reboot }}"++# Toggles pruning of dangling images after container creation.+docker_create_image_prune: true+docker_create_image_prune_delay: true+docker_create_image_prune_delay_timeout: 10  ################################ # Lookup@@ -37,7 +47,6 @@ ################################  docker_apt_key_id: 0EBFCD88- docker_apt_key_url: https://download.docker.com/linux/ubuntu/gpg  ################################@@ -45,9 +54,7 @@ ################################  docker_apt_repo_version: stable--docker_apt_repo_url: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_repo_version }}"  # noqa line-length-+docker_apt_repo_url: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] | lower }} {{ docker_apt_repo_version }}"  # noqa line-length docker_apt_repo_filename: docker  ################################@@ -59,82 +66,54 @@ #   "28"      - Major version (installs latest 28.x.x, auto-updates within 28.x) #   "28.5"    - Major.minor version (installs latest 28.5.x, auto-updates within 28.5.x) #   "28.5.2"  - Exact version (installs exactly 28.5.2, no auto-updates)-docker_version: "28"+docker_version: "29"  # Docker CE- docker_ce_name: "Docker CE"-docker_ce_package: "docker-ce={{ docker_ce_resolved_version | default('') }}"+docker_ce_package: "docker-ce={{ docker_ce_resolved_version }}" docker_ce_filepath: "/usr/bin/dockerd"- docker_ce_dpkg: "docker-ce"  # Docker CE CLI- docker_ce_cli_name: "Docker CE CLI"-docker_ce_cli_package: "docker-ce-cli={{ docker_ce_cli_resolved_version | default('') }}"+docker_ce_cli_package: "docker-ce-cli={{ docker_ce_cli_resolved_version }}" docker_ce_cli_filepath: "/usr/bin/docker"- docker_ce_cli_dpkg: "docker-ce-cli"  # Containerd- containerd_io_name: "Containerd"- containerd_io_package: "containerd.io"- containerd_io_filepath: "/usr/bin/containerd"- containerd_io_dpkg: "containerd.io"  # Docker Compose- compose_cli_name: "Docker Compose"- compose_cli_package: "docker-compose-plugin"- compose_cli_filepath: "docker compose"- compose_cli_dpkg: "docker-compose-plugin"  # Docker Rootless Extras- docker_rootless_name: "Docker Rootless Extras"- docker_rootless_package: "docker-ce-rootless-extras"- docker_rootless_filepath: "/usr/bin/rootlesskit"- docker_rootless_dpkg: "docker-ce-rootless-extras"  # Misc-docker_package_state: "present" put_docker_dpkg_into_hold: true- docker_filesystem_path: "/media/docker-volume.img"- docker_filesystem_size: "20G"--docker_ipv6: "{{ dns.ipv6 | bool }}"+docker_ipv6: "{{ dns_ipv6_enabled }}"  # Service- docker_service_after: "{{ mergerfs_service_name }}"- docker_service_sleep: "{{ 0                        if continuous_integration or (not use_remote)                        else 120 }}"- docker_service_force: true- docker_service_check: "{{ docker_binary.stat.exists and (docker_service_running or ((remote_docker_service_running is defined) and remote_docker_service_running) or ((unionfs_docker_service_running is defined) and unionfs_docker_service_running)) }}"- docker_service_check_mounts: "{{ docker_binary.stat.exists and (((remote_docker_service_running is defined) and remote_docker_service_running) or ((unionfs_docker_service_running is defined) and unionfs_docker_service_running)) }}"- docker_update_hosts_service_runtime_max: "3600s"- docker_daemon_storage_driver: "{{ ('zfs' in var_lib_file_system.stdout) | ternary('zfs', 'overlay2') }}"- docker_daemon_template_force: true  ################################@@ -147,11 +126,40 @@ # Docker Controller ################################ -docker_controller_python_version: "3.10"+docker_controller_binary_path: "/usr/local/bin/sdc"++docker_controller_releases_url: "{{ svm }}https://api.github.com/repos/saltyorg/sdc/releases/latest"++docker_controller_releases_download_url: https://github.com/saltyorg/sdc/releases/download++docker_controller_release_lookup_command: |+  curl -s {{ docker_controller_releases_url }} \+    | jq -r ".assets[] | select(.name == \"sdc_linux_amd64\") \+    | .browser_download_url"++# Legacy docker_controller_venv_path: "/srv/docker-controller/venv"  ################################ # Docker DNS ################################ -docker_dns_python_version: "3.10"+docker_dns_binary_path: "/usr/local/bin/sdhm"++docker_dns_releases_url: "{{ svm }}https://api.github.com/repos/saltyorg/sdhm/releases/latest"++docker_dns_releases_download_url: https://github.com/saltyorg/sdhm/releases/download++docker_dns_release_lookup_command: |+  curl -s {{ docker_dns_releases_url }} \+    | jq -r ".assets[] | select(.name == \"sdhm_linux_amd64\") \+    | .browser_download_url"++docker_dns_ports_8090: "{{ port_lookup_8090.meta.port+                        if (port_lookup_8090.meta.port is defined) and (port_lookup_8090.meta.port | trim | length > 0)+                        else '8090' }}"++docker_dns_networks:+  - "saltbox"++docker_dns_periodic_validation: "5m"

modified

roles/docker/tasks/main.yml

@@ -30,8 +30,8 @@  - name: Get Docker service state   ansible.builtin.set_fact:-    docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"-    docker_controller_service_running: "{{ (services['saltbox_managed_docker_controller.service'] is defined) and (services['saltbox_managed_docker_controller.service']['state'] == 'running') }}"+    docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"+    docker_controller_service_running: "{{ (ansible_facts['services']['saltbox_managed_docker_controller.service'] is defined) and (ansible_facts['services']['saltbox_managed_docker_controller.service']['state'] == 'running') }}"  - name: Tasks for when Docker exists and is running   when: docker_service_check@@ -90,10 +90,10 @@    rescue:     - name: Install missing modules package-      ansible.builtin.shell: "apt-get install --reinstall linux-modules-{{ ansible_kernel }}"+      ansible.builtin.shell: "apt-get install --reinstall linux-modules-{{ ansible_facts['kernel'] }}"  - name: "Import Daemon Tasks"-  ansible.builtin.import_tasks: "subtasks/daemon.yml"+  ansible.builtin.include_tasks: "subtasks/daemon.yml"  - name: "Import Docker Binary tasks"   ansible.builtin.include_tasks: "subtasks/binary/binary.yml"@@ -103,8 +103,8 @@   when: ('btrfs' in var_lib_file_system.stdout)  - name: "Import Nvidia tasks"-  ansible.builtin.import_tasks: "subtasks/nvidia.yml"-  when: use_nvidia+  ansible.builtin.include_tasks: "subtasks/nvidia.yml"+  when: use_nvidia and (not 'nvidia-purge' in ansible_run_tags)  - name: Block Docker Controller   ansible.builtin.uri:@@ -132,7 +132,7 @@     timeout: "60"  - name: "Import Controller tasks"-  ansible.builtin.import_tasks: "subtasks/controller.yml"+  ansible.builtin.include_tasks: "subtasks/controller.yml"  - name: Gather list of running Docker containers (before Network Tasks)   ansible.builtin.shell: "docker ps --format '{{ '{{' }} .Names{{ '}}' }}' | sort | xargs echo -n"@@ -149,10 +149,10 @@   when: (docker_running_containers_before_network_tasks_ps.stdout | trim | length > 0)  - name: "Import Docker Network tasks"-  ansible.builtin.import_tasks: "subtasks/network.yml"+  ansible.builtin.include_tasks: "subtasks/network.yml"  - name: "Import Docker Housekeeping tasks"-  ansible.builtin.import_tasks: "subtasks/housekeeping.yml"+  ansible.builtin.include_tasks: "subtasks/housekeeping.yml"   tags: docker-housekeeping  - name: Check if system needs to reboot@@ -195,15 +195,15 @@       ignore_errors: true  - name: "Import Docker Hub tasks"-  ansible.builtin.import_tasks: "subtasks/dockerhub.yml"+  ansible.builtin.include_tasks: "subtasks/dockerhub.yml"   tags: dockerhub   when: dockerhub_is_enabled  - name: "Import DNS tasks"-  ansible.builtin.import_tasks: "subtasks/dns.yml"+  ansible.builtin.include_tasks: "subtasks/dns.yml"  - name: "Import Compose tasks"-  ansible.builtin.import_tasks: "subtasks/compose.yml"+  ansible.builtin.include_tasks: "subtasks/compose.yml"   tags: docker-compose  - name: "Install ctop"

modified

roles/docker/tasks/subtasks/binary/binary.yml

@@ -10,7 +10,7 @@ - name: Binary | Identify apt source files   ansible.builtin.find:     paths: /etc/apt/sources.list.d/-    recurse: no+    recurse: false   register: apt_source_files  - name: Binary | Check if file contains 'download.docker.com'@@ -28,7 +28,7 @@  - name: Binary | Update APT package index   ansible.builtin.apt:-    update_cache: yes+    update_cache: true  - name: Binary | Ensure '/etc/apt/keyrings' exists   ansible.builtin.file:

modified

roles/docker/tasks/subtasks/binary/binary2.yml

@@ -7,32 +7,32 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Binary | Release '{{ vars[item ~ '_dpkg'] }}' from hold+- name: Binary | Release '{{ lookup('vars', item ~ '_dpkg') }}' from hold   ansible.builtin.dpkg_selections:-    name: "{{ vars[item ~ '_dpkg'] }}"+    name: "{{ lookup('vars', item ~ '_dpkg') }}"     selection: install-  when: (vars[item ~ '_dpkg'] in ansible_facts.packages)+  when: (lookup('vars', item ~ '_dpkg') in ansible_facts['packages']) -- name: Binary | Install '{{ lookup('vars', item + '_package') }}' # noqa args[module]+- name: Binary | Install '{{ lookup('vars', item + '_package') }}'   ansible.builtin.apt:     name: "{{ lookup('vars', item + '_package') }}"-    state: "{{ docker_package_state if (item == 'docker_ce' or item == 'docker_ce_cli') else 'latest' }}"+    state: "{{ 'present' if (item == 'docker_ce' or item == 'docker_ce_cli') else 'latest' }}"     update_cache: true     allow_downgrade: true -- name: Binary | Put '{{ vars[item ~ '_dpkg'] }}' into hold+- name: Binary | Put '{{ lookup('vars', item ~ '_dpkg') }}' into hold   ansible.builtin.dpkg_selections:-    name: "{{ vars[item ~ '_dpkg'] }}"+    name: "{{ lookup('vars', item ~ '_dpkg') }}"     selection: hold   when: put_docker_dpkg_into_hold -- name: Binary | Get '{{ vars[item ~ '_name'] }}' version-  ansible.builtin.shell: "{{ vars[item ~ '_filepath'] }} '{{ 'version' if item == 'compose_cli' else '--version' }}' | head -n 1 | awk '{ print {{ '$4' if item == 'compose_cli' else '$3' }} }' | sed 's/,$//' | sed 's/v//'"+- name: Binary | Get '{{ lookup('vars', item ~ '_name') }}' version+  ansible.builtin.shell: "{{ lookup('vars', item ~ '_filepath') }} '{{ 'version' if item == 'compose_cli' else '--version' }}' | head -n 1 | awk '{ print {{ '$4' if item == 'compose_cli' else '$3' }} }' | sed 's/,$//' | sed 's/v//'"   register: binary_version   ignore_errors: true   changed_when: false -- name: Binary | Display '{{ vars[item ~ '_name'] }}' version+- name: Binary | Display '{{ lookup('vars', item ~ '_name') }}' version   ansible.builtin.debug:-    msg: "{{ vars[item ~ '_name'] }} version {{ binary_version.stdout }} installed."+    msg: "{{ lookup('vars', item ~ '_name') }} version {{ binary_version.stdout }} installed."   when: binary_version is defined

modified

roles/docker/tasks/subtasks/btrfs/pseudo_file_system.yml

@@ -11,7 +11,7 @@  - name: "BTRFS | Psuedo-File-System | Determine if '/var/lib/docker' is mounted"   ansible.builtin.set_fact:-    var_lib_docker_mount_exists: "{{ true if (ansible_mounts | json_query('[?mount == `/var/lib/docker`]')) else false }}"+    var_lib_docker_mount_exists: "{{ true if (ansible_facts['mounts'] | json_query('[?mount == `/var/lib/docker`]')) else false }}"  - name: BTRFS | Psuedo-File-System | Tasks when '/var/lib/docker' is not mounted   when: (not var_lib_docker_mount_exists)

modified

roles/docker/tasks/subtasks/controller.yml

@@ -7,55 +7,39 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Controller | Execute Python role-  ansible.builtin.include_role:-    name: "python"-  vars:-    python_version: "{{ docker_controller_python_version }}"--- name: "Controller | Lookup Python {{ docker_controller_python_version }} installation"-  ansible.builtin.command: "{{ python_bin }} python find {{ docker_controller_python_version }} --managed-python"-  register: docker_controller_python_install_path_lookup-  changed_when: false-  environment: "{{ python_environment }}"-  become: true-  become_user: "{{ user.name }}"--- name: Controller | Set Python version-  ansible.builtin.set_fact:-    docker_controller_python_install_path: "{{ docker_controller_python_install_path_lookup.stdout }}"- - name: Controller | Delete venv folder   ansible.builtin.file:     path: "{{ docker_controller_venv_path }}"     state: absent -- name: Controller | Create venv-  ansible.builtin.command:-    cmd: "{{ docker_controller_python_install_path }} -m venv {{ docker_controller_venv_path }}"+- name: Controller | Get URL for latest sdc release+  ansible.builtin.shell: "{{ docker_controller_release_lookup_command }}"   args:-    creates: "{{ docker_controller_venv_path }}"-  become: true-  become_user: "{{ user.name }}"+    executable: /bin/bash+  register: docker_controller_download_url -- name: Controller | Install pip requirements-  ansible.builtin.pip:-    requirements: "/srv/git/saltbox/requirements/requirements-docker-controller.txt"-    virtualenv: "{{ docker_controller_venv_path }}"-    virtualenv_command: "{{ docker_controller_venv_path }}/bin/python3 -m pip"-  become: true-  become_user: "{{ user.name }}"+- name: Controller | Download sdc+  ansible.builtin.get_url:+    url: "{{ docker_controller_download_url.stdout }}"+    dest: "{{ docker_controller_binary_path }}"+    owner: "root"+    group: "root"+    mode: "0755"+  register: x+  until: "x is not failed"+  retries: "{{ ansible_retry_count+            if (not continuous_integration)+            else ansible_retry_count_ci }}"+  delay: 10 -- name: Controller | Find pip3 path-  ansible.builtin.find:-    paths: "/srv/docker-controller/venv"-    recurse: yes-    patterns: 'uvicorn'-  register: docker_controller_venv_files+- name: Controller | Get sdc binary version+  ansible.builtin.shell: "{{ docker_controller_binary_path }} --version | awk '{ print $3 }'"+  register: sdc_binary_version+  changed_when: false -- name: Controller | Path-  ansible.builtin.set_fact:-    docker_controller_uvicorn_path: "{{ docker_controller_venv_files.files[0].path }}"+- name: Controller | Display sdc binary version+  ansible.builtin.debug:+    msg: "sdc {{ sdc_binary_version.stdout }} installed."  - name: Controller | Import 'saltbox_managed_docker_controller.service'   ansible.builtin.template:@@ -75,7 +59,7 @@   ansible.builtin.uri:     url: "{{ docker_controller_url }}/ping"     method: GET-    return_content: yes+    return_content: true     status_code: 200   register: result   retries: 120

modified

roles/docker/tasks/subtasks/dns.yml

@@ -12,36 +12,48 @@     name: docker-update-hosts     state: stopped     enabled: false-  when: (services['docker-update-hosts.service'] is defined)+  when: (ansible_facts['services']['docker-update-hosts.service'] is defined)  - name: "DNS | Remove docker-update-hosts.service"   ansible.builtin.file:     path: /etc/systemd/system/docker-update-hosts.service     state: absent -- name: "DNS | Delete 'docker-update-hosts'"-  ansible.builtin.file:-    path: "/usr/local/bin/docker-update-hosts"-    state: absent+- name: "DNS | Get URL for latest sdhm release"+  ansible.builtin.shell: "{{ docker_dns_release_lookup_command }}"+  args:+    executable: /bin/bash+  register: docker_dns_download_url -- name: "DNS | Execute Python role"-  ansible.builtin.include_role:-    name: "python"-  vars:-    python_version: "{{ docker_dns_python_version }}"-  when: (docker_dns_python_version != docker_controller_python_version)+- name: "DNS | Download sdhm"+  ansible.builtin.get_url:+    url: "{{ docker_dns_download_url.stdout }}"+    dest: "{{ docker_dns_binary_path }}"+    owner: "root"+    group: "root"+    mode: "0755"+  register: x+  until: "x is not failed"+  retries: "{{ ansible_retry_count+            if (not continuous_integration)+            else ansible_retry_count_ci }}"+  delay: 10 -- name: "DNS | Lookup Python {{ docker_dns_python_version }} installation"-  ansible.builtin.command: "{{ python_bin }} python find {{ docker_dns_python_version }} --managed-python"-  register: docker_dns_python_install_path_lookup+- name: "DNS | Get sdhm binary version"+  ansible.builtin.shell: "{{ docker_dns_binary_path }} --version | awk '{ print $3 }'"+  register: sdhm_binary_version   changed_when: false-  environment: "{{ python_environment }}"-  become: true-  become_user: "{{ user.name }}" -- name: "DNS | Set Python version"-  ansible.builtin.set_fact:-    docker_dns_python_install_path: "{{ docker_dns_python_install_path_lookup.stdout }}"+- name: "DNS | Display sdhm binary version"+  ansible.builtin.debug:+    msg: "sdhm {{ sdhm_binary_version.stdout }} installed."++- name: "DNS | Get next available port within the range of '8090-8180'"+  find_open_port:+    low_bound: "8090"+    high_bound: "8180"+    protocol: both+  register: port_lookup_8090  - name: "DNS | Import 'saltbox_managed_docker_update_hosts.service'"   ansible.builtin.template:

modified

roles/docker/tasks/subtasks/network.yml

@@ -127,7 +127,7 @@ - name: "Network | Remove IPv6 NAT Container (Legacy)"   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "ipv6nat"+    container_name: "ipv6nat"  - name: "Network | Unset variables"   ansible.builtin.set_fact:

modified

roles/docker/templates/docker-controller-helper.service.j2

@@ -15,7 +15,7 @@ After=docker.service saltbox_managed_docker_controller.service  [Service]-ExecStart=/srv/ansible/venv/bin/python3 /srv/git/saltbox/scripts/saltbox_docker_controller_helper.py+ExecStart={{ docker_controller_binary_path }} helper --controller-url "http://127.0.0.1:3377"  [Install] WantedBy=multi-user.target

modified

roles/docker/templates/docker-controller.service.j2

@@ -14,8 +14,7 @@  [Service] Type=simple-WorkingDirectory=/srv/git/saltbox/scripts-ExecStart={{ docker_controller_uvicorn_path }} saltbox_docker_controller:app --host 127.0.0.1 --port 3377+ExecStart={{ docker_controller_binary_path }} server --host 127.0.0.1 --port 3377 Restart=on-failure RestartSec=5s

modified

roles/docker/templates/docker-update-hosts.service.j2

@@ -9,12 +9,15 @@ #########################################################################  [Unit]-Description=Saltbox Docker Hosts DNS Resolution Helper-BindsTo=docker.service+Description=Saltbox Docker Hosts Manager After=docker.service+Requires=docker.service  [Service]-ExecStart={{ docker_dns_python_install_path }} /srv/git/saltbox/roles/docker/files/docker-update-hosts.py {{ docker_update_hosts_service_runtime_max }}+Type=simple+ExecStart={{ docker_dns_binary_path }} --networks {{ docker_dns_networks | join(',') }} --interval {{ docker_dns_periodic_validation }} --health-port {{ docker_dns_ports_8090 }}+Restart=always+RestartSec=10  [Install] WantedBy=multi-user.target

modified

roles/docker_socket_proxy/defaults/main.yml

@@ -18,96 +18,53 @@ ################################  # Container-docker_socket_proxy_docker_container: "{{ docker_socket_proxy_name }}"+docker_socket_proxy_role_docker_container: "{{ docker_socket_proxy_name }}"  # Image-docker_socket_proxy_docker_image_pull: true-docker_socket_proxy_docker_image_tag: "latest"-docker_socket_proxy_docker_image: "lscr.io/linuxserver/socket-proxy:{{ docker_socket_proxy_docker_image_tag }}"--# Ports-docker_socket_proxy_docker_ports_defaults: []-docker_socket_proxy_docker_ports_custom: []-docker_socket_proxy_docker_ports: "{{ docker_socket_proxy_docker_ports_defaults-                                      + docker_socket_proxy_docker_ports_custom }}"+docker_socket_proxy_role_docker_image_pull: true+docker_socket_proxy_role_docker_image_repo: "lscr.io/linuxserver/socket-proxy"+docker_socket_proxy_role_docker_image_tag: "latest"+docker_socket_proxy_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='docker_socket_proxy') }}:{{ lookup('role_var', '_docker_image_tag', role='docker_socket_proxy') }}"  # Envs-docker_socket_proxy_docker_envs_default:+docker_socket_proxy_role_docker_envs_default:   TZ: "{{ tz }}"-  DISABLE_IPV6: "{{ '0' if dns.ipv6 else '1' }}"-docker_socket_proxy_docker_envs_custom: {}-docker_socket_proxy_docker_envs: "{{ docker_socket_proxy_docker_envs_default-                                     | combine(docker_socket_proxy_docker_envs_custom) }}"--# Commands-docker_socket_proxy_docker_commands_default: []-docker_socket_proxy_docker_commands_custom: []-docker_socket_proxy_docker_commands: "{{ docker_socket_proxy_docker_commands_default-                                         + docker_socket_proxy_docker_commands_custom }}"+  DISABLE_IPV6: "{{ '0' if dns_ipv6_enabled else '1' }}"+docker_socket_proxy_role_docker_envs_custom: {}+docker_socket_proxy_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='docker_socket_proxy')+                                          | combine(lookup('role_var', '_docker_envs_custom', role='docker_socket_proxy')) }}"  # Volumes-docker_socket_proxy_docker_volumes_default:-  - "/var/run/docker.sock:/var/run/docker.sock:ro"-docker_socket_proxy_docker_volumes_custom: []-docker_socket_proxy_docker_volumes: "{{ docker_socket_proxy_docker_volumes_default-                                        + docker_socket_proxy_docker_volumes_custom }}"+docker_socket_proxy_role_docker_volumes_default:+  - "/var/run/docker.sock:/var/run/docker.sock"+docker_socket_proxy_role_docker_volumes_custom: []+docker_socket_proxy_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='docker_socket_proxy')+                                             + lookup('role_var', '_docker_volumes_custom', role='docker_socket_proxy') }}"  # Mounts-docker_socket_proxy_docker_mounts_default:+docker_socket_proxy_role_docker_mounts_default:   - target: /run     type: tmpfs-docker_socket_proxy_docker_mounts_custom: []-docker_socket_proxy_docker_mounts: "{{ docker_socket_proxy_docker_mounts_default-                                       + docker_socket_proxy_docker_mounts_custom }}"--# Devices-docker_socket_proxy_docker_devices_default: []-docker_socket_proxy_docker_devices_custom: []-docker_socket_proxy_docker_devices: "{{ docker_socket_proxy_docker_devices_default-                                        + docker_socket_proxy_docker_devices_custom }}"--# Hosts-docker_socket_proxy_docker_hosts_default: {}-docker_socket_proxy_docker_hosts_custom: {}-docker_socket_proxy_docker_hosts: "{{ docker_hosts_common-                                      | combine(docker_socket_proxy_docker_hosts_default)-                                      | combine(docker_socket_proxy_docker_hosts_custom) }}"--# Labels-docker_socket_proxy_docker_labels_default: {}-docker_socket_proxy_docker_labels_custom: {}-docker_socket_proxy_docker_labels: "{{ docker_labels_common-                                       | combine(docker_socket_proxy_docker_labels_default)-                                       | combine(docker_socket_proxy_docker_labels_custom) }}"+docker_socket_proxy_role_docker_mounts_custom: []+docker_socket_proxy_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='docker_socket_proxy')+                                            + lookup('role_var', '_docker_mounts_custom', role='docker_socket_proxy') }}"  # Hostname-docker_socket_proxy_docker_hostname: "{{ docker_socket_proxy_name }}"+docker_socket_proxy_role_docker_hostname: "{{ docker_socket_proxy_name }}"  # Networks-docker_socket_proxy_docker_networks_alias: "{{ docker_socket_proxy_name }}"-docker_socket_proxy_docker_networks_default: []-docker_socket_proxy_docker_networks_custom: []-docker_socket_proxy_docker_networks: "{{ docker_networks_common-                                         + docker_socket_proxy_docker_networks_default-                                         + docker_socket_proxy_docker_networks_custom }}"--# Capabilities-docker_socket_proxy_docker_capabilities_default: []-docker_socket_proxy_docker_capabilities_custom: []-docker_socket_proxy_docker_capabilities: "{{ docker_socket_proxy_docker_capabilities_default-                                             + docker_socket_proxy_docker_capabilities_custom }}"--# Security Opts-docker_socket_proxy_docker_security_opts_default: []-docker_socket_proxy_docker_security_opts_custom: []-docker_socket_proxy_docker_security_opts: "{{ docker_socket_proxy_docker_security_opts_default-                                              + docker_socket_proxy_docker_security_opts_custom }}"+docker_socket_proxy_role_docker_networks_alias: "{{ docker_socket_proxy_name }}"+docker_socket_proxy_role_docker_networks_default: []+docker_socket_proxy_role_docker_networks_custom: []+docker_socket_proxy_role_docker_networks: "{{ docker_networks_common+                                              + lookup('role_var', '_docker_networks_default', role='docker_socket_proxy')+                                              + lookup('role_var', '_docker_networks_custom', role='docker_socket_proxy') }}"  # Restart Policy-docker_socket_proxy_docker_restart_policy: unless-stopped+docker_socket_proxy_role_docker_restart_policy: unless-stopped  # State-docker_socket_proxy_docker_state: started+docker_socket_proxy_role_docker_state: started  # Read Only Filesystem-docker_socket_proxy_docker_read_only: true+docker_socket_proxy_role_docker_read_only: true

modified

roles/docker_socket_proxy/tasks/main.yml

@@ -1,8 +1,7 @@ #########################################################################-# Title:            Sandbox: docker_socket_proxy                        #+# Title:            Saltbox: docker_socket_proxy                        # # Author(s):        salty, JigSawFr                                     #-# URL:              https://github.com/saltyorg/Sandbox                 #-# URL:              https://github.com/Tecnativa/docker-socket-proxy    #+# URL:              https://github.com/saltyorg/Saltbox                 # # --                                                                    # ######################################################################### #                   GNU General Public License v3.0                     #@@ -11,7 +10,7 @@ - name: Remove legacy Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "docker-socket-proxy"+    container_name: "docker-socket-proxy"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/dozzle/defaults/main.yml

@@ -7,6 +7,12 @@ #                   GNU General Public License v3.0                      # ########################################################################## ---+################################+# Basics+################################++dozzle_name: dozzle+ ################################ # Docker Socket Proxy ################################@@ -19,169 +25,129 @@ # Settings ################################ -dozzle_additional_hosts: ""-dozzle_agent_hosts: ""-dozzle_agent_mode: false--################################-# Basics-################################--dozzle_name: dozzle+dozzle_role_additional_hosts: ""+dozzle_role_agent_hosts: ""+dozzle_role_agent_mode: false  ################################ # Paths ################################ -dozzle_paths_folder: "{{ dozzle_name }}"-dozzle_paths_location: "{{ server_appdata_path }}/{{ dozzle_paths_folder }}"-dozzle_paths_folders_list:-  - "{{ dozzle_paths_location }}"+dozzle_role_paths_folder: "{{ dozzle_name }}"+dozzle_role_paths_location: "{{ server_appdata_path }}/{{ dozzle_role_paths_folder }}"+dozzle_role_paths_folders_list:+  - "{{ dozzle_role_paths_location }}"  ################################ # Web ################################ -dozzle_web_subdomain: "{{ dozzle_name }}"-dozzle_web_domain: "{{ user.domain }}"-dozzle_web_port: "8080"-dozzle_web_url: "{{ 'https://' + (dozzle_web_subdomain + '.' + dozzle_web_domain-                 if (dozzle_web_subdomain | length > 0)-                 else dozzle_web_domain) }}"+dozzle_role_web_subdomain: "{{ dozzle_name }}"+dozzle_role_web_domain: "{{ user.domain }}"+dozzle_role_web_port: "8080"+dozzle_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='dozzle') + '.' + lookup('role_var', '_web_domain', role='dozzle')+                      if (lookup('role_var', '_web_subdomain', role='dozzle') | length > 0)+                      else lookup('role_var', '_web_domain', role='dozzle')) }}"  ################################ # DNS ################################ -dozzle_dns_record: "{{ dozzle_web_subdomain }}"-dozzle_dns_zone: "{{ dozzle_web_domain }}"-dozzle_dns_proxy: "{{ dns.proxied }}"+dozzle_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='dozzle') }}"+dozzle_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='dozzle') }}"+dozzle_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -dozzle_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-dozzle_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',dropsecurityheaders@file,themepark-' + lookup('vars', dozzle_name + '_name', default=dozzle_name)-                                         if (dozzle_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-dozzle_traefik_middleware_custom: ""-dozzle_traefik_certresolver: "{{ traefik_default_certresolver }}"-dozzle_traefik_enabled: true-dozzle_traefik_api_enabled: false-dozzle_traefik_api_endpoint: ""+dozzle_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+dozzle_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',dropsecurityheaders@file,themepark-' + dozzle_name+                                              if (lookup('role_var', '_themepark_enabled', role='dozzle') and global_themepark_plugin_enabled)+                                              else '') }}"+dozzle_role_traefik_middleware_custom: ""+dozzle_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+dozzle_role_traefik_enabled: true+dozzle_role_traefik_api_enabled: false+dozzle_role_traefik_api_endpoint: ""  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-dozzle_themepark_enabled: false-dozzle_themepark_app: "dozzle"-dozzle_themepark_theme: "{{ global_themepark_theme }}"-dozzle_themepark_domain: "{{ global_themepark_domain }}"-dozzle_themepark_addons: []+dozzle_role_themepark_enabled: false+dozzle_role_themepark_app: "dozzle"+dozzle_role_themepark_theme: "{{ global_themepark_theme }}"+dozzle_role_themepark_domain: "{{ global_themepark_domain }}"+dozzle_role_themepark_addons: []  ################################ # Docker ################################  # Container-dozzle_docker_container: "{{ dozzle_name }}"+dozzle_role_docker_container: "{{ dozzle_name }}"  # Image-dozzle_docker_image_pull: true-dozzle_docker_image_tag: "latest"-dozzle_docker_image: "amir20/dozzle:{{ dozzle_docker_image_tag }}"--# Ports-dozzle_docker_ports_defaults: []-dozzle_docker_ports_custom: []-dozzle_docker_ports: "{{ dozzle_docker_ports_defaults-                         + dozzle_docker_ports_custom }}"+dozzle_role_docker_image_pull: true+dozzle_role_docker_image_repo: "amir20/dozzle"+dozzle_role_docker_image_tag: "latest"+dozzle_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='dozzle') }}:{{ lookup('role_var', '_docker_image_tag', role='dozzle') }}"  # Envs-dozzle_docker_envs_default:-  DOZZLE_AUTH_PROVIDER: "{{ 'forward-proxy' if (dozzle_traefik_sso_middleware | length > 0) else omit }}"-  DOZZLE_REMOTE_AGENT: "{{ dozzle_agent_hosts if (dozzle_additional_hosts | length > 0) else omit }}"-  DOZZLE_REMOTE_HOST: "{{ 'tcp://' + dozzle_name + '-docker-socket-proxy:2375|' + traefik_host + ',' + dozzle_additional_hosts-                       if (dozzle_additional_hosts | length > 0)+dozzle_role_docker_envs_default:+  DOZZLE_AUTH_PROVIDER: "{{ 'forward-proxy' if (lookup('role_var', '_traefik_sso_middleware', role='dozzle') | length > 0) else omit }}"+  DOZZLE_REMOTE_AGENT: "{{ lookup('role_var', '_agent_hosts', role='dozzle') if (lookup('role_var', '_additional_hosts', role='dozzle') | length > 0) else omit }}"+  DOZZLE_REMOTE_HOST: "{{ 'tcp://' + dozzle_name + '-docker-socket-proxy:2375|' + traefik_host + ',' + lookup('role_var', '_additional_hosts', role='dozzle')+                       if (lookup('role_var', '_additional_hosts', role='dozzle') | length > 0)                        else 'tcp://' + dozzle_name + '-docker-socket-proxy:2375|' + traefik_host }}"-dozzle_docker_envs_custom: {}-dozzle_docker_envs: "{{ dozzle_docker_envs_default-                        | combine(dozzle_docker_envs_custom) }}"+  DOZZLE_AUTH_HEADER_USER: "{{ 'X-authentik-username' if 'authentik' in lookup('role_var', '_traefik_sso_middleware', role='dozzle') else omit }}"+  DOZZLE_AUTH_HEADER_EMAIL: "{{ 'X-authentik-email' if 'authentik' in lookup('role_var', '_traefik_sso_middleware', role='dozzle') else omit }}"+  DOZZLE_AUTH_HEADER_NAME: "{{ 'X-authentik-name' if 'authentik' in lookup('role_var', '_traefik_sso_middleware', role='dozzle') else omit }}"+dozzle_role_docker_envs_custom: {}+dozzle_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='dozzle')+                             | combine(lookup('role_var', '_docker_envs_custom', role='dozzle')) }}"  # Commands-dozzle_docker_commands_agent: "agent"-dozzle_docker_commands_default: []-dozzle_docker_commands_custom: []-dozzle_docker_commands: "{{ dozzle_docker_commands_agent-                            + dozzle_docker_commands_default-                            + dozzle_docker_commands_custom-                         if (dozzle_agent_mode)-                         else dozzle_docker_commands_default-                              + dozzle_docker_commands_custom }}"--# Volumes-dozzle_docker_volumes_default: []-dozzle_docker_volumes_custom: []-dozzle_docker_volumes: "{{ dozzle_docker_volumes_default-                           + dozzle_docker_volumes_custom }}"--# Devices-dozzle_docker_devices_default: []-dozzle_docker_devices_custom: []-dozzle_docker_devices: "{{ dozzle_docker_devices_default-                           + dozzle_docker_devices_custom }}"--# Hosts-dozzle_docker_hosts_default: {}-dozzle_docker_hosts_custom: {}-dozzle_docker_hosts: "{{ docker_hosts_common-                         | combine(dozzle_docker_hosts_default)-                         | combine(dozzle_docker_hosts_custom) }}"+dozzle_role_docker_commands_agent: "agent"+dozzle_role_docker_commands_default: []+dozzle_role_docker_commands_custom: []+dozzle_role_docker_commands: "{{ lookup('role_var', '_docker_commands_agent', role='dozzle')+                                 + lookup('role_var', '_docker_commands_default', role='dozzle')+                                 + lookup('role_var', '_docker_commands_custom', role='dozzle')+                              if lookup('role_var', '_agent_mode', role='dozzle')+                              else lookup('role_var', '_docker_commands_default', role='dozzle')+                                   + lookup('role_var', '_docker_commands_custom', role='dozzle') }}"  # Labels-dozzle_docker_labels_default: {}-dozzle_docker_labels_custom: {}-dozzle_docker_labels: "{{ docker_labels_common-                          | combine(dozzle_docker_labels_default)-                          | combine((traefik_themepark_labels-                                    if (dozzle_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    dozzle_docker_labels_custom) }}"+dozzle_role_docker_labels_default: {}+dozzle_role_docker_labels_custom: {}+dozzle_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='dozzle')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='dozzle') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='dozzle')) }}"  # Hostname-dozzle_docker_hostname: "{{ dozzle_name }}"+dozzle_role_docker_hostname: "{{ dozzle_name }}"  # Networks-dozzle_docker_networks_alias: "{{ dozzle_name }}"-dozzle_docker_networks_default: []-dozzle_docker_networks_custom: []-dozzle_docker_networks: "{{ docker_networks_common-                            + dozzle_docker_networks_default-                            + dozzle_docker_networks_custom }}"--# Capabilities-dozzle_docker_capabilities_default: []-dozzle_docker_capabilities_custom: []-dozzle_docker_capabilities: "{{ dozzle_docker_capabilities_default-                                + dozzle_docker_capabilities_custom }}"--# Security Opts-dozzle_docker_security_opts_default: []-dozzle_docker_security_opts_custom: []-dozzle_docker_security_opts: "{{ dozzle_docker_security_opts_default-                                  + dozzle_docker_security_opts_custom }}"+dozzle_role_docker_networks_alias: "{{ dozzle_name }}"+dozzle_role_docker_networks_default: []+dozzle_role_docker_networks_custom: []+dozzle_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='dozzle')+                                 + lookup('role_var', '_docker_networks_custom', role='dozzle') }}"  # Restart Policy-dozzle_docker_restart_policy: unless-stopped+dozzle_role_docker_restart_policy: unless-stopped  # State-dozzle_docker_state: started+dozzle_role_docker_state: started  # Dependencies-dozzle_depends_on: "{{ dozzle_name }}-docker-socket-proxy"-dozzle_depends_on_delay: "0"-dozzle_depends_on_healthchecks: "false"+dozzle_role_depends_on: "{{ dozzle_name }}-docker-socket-proxy"+dozzle_role_depends_on_delay: "0"+dozzle_role_depends_on_healthchecks: "false"

modified

roles/dozzle/tasks/main.yml

@@ -12,14 +12,14 @@     name: docker_socket_proxy   vars:     docker_socket_proxy_name: "{{ dozzle_name }}-docker-socket-proxy"-    docker_socket_proxy_docker_envs_custom: "{{ dozzle_docker_socket_proxy_envs }}"+    docker_socket_proxy_role_docker_envs_custom: "{{ dozzle_docker_socket_proxy_envs }}"  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/emby/defaults/main.yml

@@ -17,197 +17,169 @@ # Settings ################################ -emby_config_cache_size: 1024+emby_role_config_settings_is_behind_proxy: "true"+emby_role_config_settings_wan_ddns: "{{ lookup('role_var', '_web_subdomain', role='emby') }}.{{ lookup('role_var', '_web_domain', role='emby') }}"+emby_role_config_settings_public_port: "80"+emby_role_config_settings_public_https_port: "443"+emby_role_config_settings_enable_https: "true"+emby_role_config_settings_require_https: "false"+emby_role_config_settings_enable_upnp: "false"+emby_role_config_settings_database_cache_size_mb: "1024"  ################################ # Paths ################################ -emby_paths_folder: "{{ emby_name }}"-emby_paths_location: "{{ server_appdata_path }}/{{ emby_paths_folder }}"-emby_paths_transcodes_location: "{{ transcodes_path }}/{{ emby_paths_folder }}"-emby_paths_folders_list:-  - "{{ emby_paths_location }}"-  - "{{ emby_paths_location }}/config"-  - "{{ emby_paths_location }}/config/users"-  - "{{ emby_paths_transcodes_location }}"-emby_paths_config_location: "{{ emby_paths_location }}/config/system.xml"-emby_paths_dlna_xml_location: "{{ emby_paths_location }}/config/dlna.xml"+emby_role_paths_folder: "{{ emby_name }}"+emby_role_paths_location: "{{ server_appdata_path }}/{{ emby_role_paths_folder }}"+emby_role_paths_transcodes_location: "{{ transcodes_path }}/{{ emby_role_paths_folder }}"+emby_role_paths_folders_list:+  - "{{ emby_role_paths_location }}"+  - "{{ emby_role_paths_location }}/config"+  - "{{ emby_role_paths_location }}/config/users"+  - "{{ emby_role_paths_transcodes_location }}"+emby_role_paths_config_location: "{{ emby_role_paths_location }}/config/system.xml"+emby_role_paths_dlna_xml_location: "{{ emby_role_paths_location }}/config/dlna.xml"  ################################ # Web ################################ -emby_web_subdomain: "{{ emby_name }}"-emby_web_domain: "{{ user.domain }}"-emby_web_port: "8096"-emby_web_url: "{{ 'https://' + (lookup('vars', emby_name + '_web_subdomain', default=emby_web_subdomain) + '.' + lookup('vars', emby_name + '_web_domain', default=emby_web_domain)-               if (lookup('vars', emby_name + '_web_subdomain', default=emby_web_subdomain) | length > 0)-               else lookup('vars', emby_name + '_web_domain', default=emby_web_domain)) }}"+emby_role_web_subdomain: "{{ emby_name }}"+emby_role_web_domain: "{{ user.domain }}"+emby_role_web_port: "8096"+emby_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='emby') + '.' + lookup('role_var', '_web_domain', role='emby')+                    if (lookup('role_var', '_web_subdomain', role='emby') | length > 0)+                    else lookup('role_var', '_web_domain', role='emby')) }}"  ################################ # DNS ################################ -emby_dns_record: "{{ lookup('vars', emby_name + '_web_subdomain', default=emby_web_subdomain) }}"-emby_dns_zone: "{{ lookup('vars', emby_name + '_web_domain', default=emby_web_domain) }}"-emby_dns_proxy: "{{ dns.proxied }}"+emby_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='emby') }}"+emby_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='emby') }}"+emby_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -emby_traefik_sso_middleware: ""-emby_traefik_middleware_default: "{{ traefik_default_middleware-                                     + (',themepark-' + lookup('vars', emby_name + '_name', default=emby_name)-                                       if (emby_themepark_enabled and global_themepark_plugin_enabled)-                                       else '') }}"-emby_traefik_middleware_custom: ""-emby_traefik_certresolver: "{{ traefik_default_certresolver }}"-emby_traefik_enabled: true-emby_traefik_gzip_enabled: false-emby_traefik_api_enabled: false-emby_traefik_api_endpoint: ""+emby_role_traefik_sso_middleware: ""+emby_role_traefik_middleware_default: "{{ traefik_default_middleware+                                          + (',themepark-' + emby_name+                                            if (lookup('role_var', '_themepark_enabled', role='emby') and global_themepark_plugin_enabled)+                                            else '') }}"+emby_role_traefik_middleware_custom: ""+emby_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+emby_role_traefik_enabled: true+emby_role_traefik_gzip_enabled: false+emby_role_traefik_api_enabled: false+emby_role_traefik_api_endpoint: ""  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-emby_themepark_enabled: false-emby_themepark_app: "emby"-emby_themepark_theme: "{{ global_themepark_theme }}"-emby_themepark_domain: "{{ global_themepark_domain }}"-emby_themepark_addons: []+emby_role_themepark_enabled: false+emby_role_themepark_app: "emby"+emby_role_themepark_theme: "{{ global_themepark_theme }}"+emby_role_themepark_domain: "{{ global_themepark_domain }}"+emby_role_themepark_addons: []  ################################ # Config ################################ -emby_config_settings_default:-  - { xpath: 'IsBehindProxy', value: 'true' }-  - { xpath: 'WanDdns', value: '{{ lookup("vars", emby_name + "_web_subdomain", default=emby_web_subdomain) }}.{{ lookup("vars", emby_name + "_web_domain", default=emby_web_domain) }}' }-  - { xpath: 'PublicPort', value: '80' }-  - { xpath: 'PublicHttpsPort', value: '443' }-  - { xpath: 'EnableHttps', value: 'true' }-  - { xpath: 'RequireHttps', value: 'false' }-  - { xpath: 'EnableUPnP', value: 'false' }-  - { xpath: 'DatabaseCacheSizeMB', value: '{{ lookup("vars", emby_name + "_config_cache_size", default=emby_config_cache_size) }}' }+emby_role_config_settings_default:+  - xpath: 'IsBehindProxy'+    value: "{{ lookup('role_var', '_config_settings_is_behind_proxy', role='emby') }}"+  - xpath: 'WanDdns'+    value: "{{ lookup('role_var', '_config_settings_wan_ddns', role='emby') }}"+  - xpath: 'PublicPort'+    value: "{{ lookup('role_var', '_config_settings_public_port', role='emby') }}"+  - xpath: 'PublicHttpsPort'+    value: "{{ lookup('role_var', '_config_settings_public_https_port', role='emby') }}"+  - xpath: 'EnableHttps'+    value: "{{ lookup('role_var', '_config_settings_enable_https', role='emby') }}"+  - xpath: 'RequireHttps'+    value: "{{ lookup('role_var', '_config_settings_require_https', role='emby') }}"+  - xpath: 'EnableUPnP'+    value: "{{ lookup('role_var', '_config_settings_enable_upnp', role='emby') }}"+  - xpath: 'DatabaseCacheSizeMB'+    value: "{{ lookup('role_var', '_config_settings_database_cache_size_mb', role='emby') }}" -emby_config_settings_custom: []+emby_role_config_settings_custom: [] -emby_config_settings_list: "{{ lookup('vars', emby_name + '_config_settings_default', default=emby_config_settings_default) + lookup('vars', emby_name + '_config_settings_custom', default=emby_config_settings_custom) }}"+emby_role_config_settings_list: "{{ lookup('role_var', '_config_settings_default', role='emby') + lookup('role_var', '_config_settings_custom', role='emby') }}"  ################################ # Docker ################################  # Container-emby_docker_container: "{{ emby_name }}"+emby_role_docker_container: "{{ emby_name }}"  # Image-emby_docker_image_pull: true-emby_docker_image_repo: "lscr.io/linuxserver/emby"-emby_docker_image_tag: "latest"-emby_docker_image: "{{ lookup('vars', emby_name + '_docker_image_repo', default=emby_docker_image_repo)-                       + ':' + lookup('vars', emby_name + '_docker_image_tag', default=emby_docker_image_tag) }}"--# Ports-emby_docker_ports_defaults: []-emby_docker_ports_custom: []-emby_docker_ports: "{{ lookup('vars', emby_name + '_docker_ports_defaults', default=emby_docker_ports_defaults)-                       + lookup('vars', emby_name + '_docker_ports_custom', default=emby_docker_ports_custom) }}"+emby_role_docker_image_pull: true+emby_role_docker_image_repo: "lscr.io/linuxserver/emby"+emby_role_docker_image_tag: "latest"+emby_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='emby') }}:{{ lookup('role_var', '_docker_image_tag', role='emby') }}"  # Envs-emby_docker_envs_default:+emby_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"-emby_docker_envs_custom: {}-emby_docker_envs: "{{ lookup('vars', emby_name + '_docker_envs_default', default=emby_docker_envs_default)-                      | combine(lookup('vars', emby_name + '_docker_envs_custom', default=emby_docker_envs_custom)) }}"--# Commands-emby_docker_commands_default: []-emby_docker_commands_custom: []-emby_docker_commands: "{{ lookup('vars', emby_name + '_docker_commands_default', default=emby_docker_commands_default)-                          + lookup('vars', emby_name + '_docker_commands_custom', default=emby_docker_commands_custom) }}"+emby_role_docker_envs_custom: {}+emby_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='emby')+                           | combine(lookup('role_var', '_docker_envs_custom', role='emby')) }}"  # Volumes-emby_docker_volumes_default:-  - "{{ emby_paths_location }}:/config"+emby_role_docker_volumes_default:+  - "{{ emby_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"   - "/dev/shm:/dev/shm"-  - "{{ emby_paths_transcodes_location }}:/transcode"-emby_docker_volumes_legacy:+  - "{{ emby_role_paths_transcodes_location }}:/transcode"+emby_role_docker_volumes_legacy:   - "/mnt/unionfs/Media:/data"-emby_docker_volumes_custom: []-emby_docker_volumes: "{{ lookup('vars', emby_name + '_docker_volumes_default', default=emby_docker_volumes_default)-                         + lookup('vars', emby_name + '_docker_volumes_custom', default=emby_docker_volumes_custom)-                         + (lookup('vars', emby_name + '_docker_volumes_legacy', default=emby_docker_volumes_legacy)-                           if docker_legacy_volume-                           else []) }}"+emby_role_docker_volumes_custom: []+emby_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='emby')+                              + lookup('role_var', '_docker_volumes_custom', role='emby')+                              + (lookup('role_var', '_docker_volumes_legacy', role='emby')+                                if docker_legacy_volume+                                else []) }}"  # Mounts-emby_docker_mounts_default:+emby_role_docker_mounts_default:   - target: /tmp     type: tmpfs-emby_docker_mounts_custom: []-emby_docker_mounts: "{{ lookup('vars', emby_name + '_docker_mounts_default', default=emby_docker_mounts_default)-                        + lookup('vars', emby_name + '_docker_mounts_custom', default=emby_docker_mounts_custom) }}"--# Devices-emby_docker_devices_default: []-emby_docker_devices_custom: []-emby_docker_devices: "{{ lookup('vars', emby_name + '_docker_devices_default', default=emby_docker_devices_default)-                         + lookup('vars', emby_name + '_docker_devices_custom', default=emby_docker_devices_custom) }}"--# Hosts-emby_docker_hosts_default: {}-emby_docker_hosts_custom: {}-emby_docker_hosts: "{{ docker_hosts_common-                       | combine(lookup('vars', emby_name + '_docker_hosts_default', default=emby_docker_hosts_default))-                       | combine(lookup('vars', emby_name + '_docker_hosts_custom', default=emby_docker_hosts_custom)) }}"+emby_role_docker_mounts_custom: []+emby_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='emby')+                             + lookup('role_var', '_docker_mounts_custom', role='emby') }}"  # Labels-emby_docker_labels_default: {}-emby_docker_labels_custom: {}-emby_docker_labels: "{{ docker_labels_common-                        | combine(lookup('vars', emby_name + '_docker_labels_default', default=emby_docker_labels_default))-                        | combine((traefik_themepark_labels-                                  if (emby_themepark_enabled and global_themepark_plugin_enabled)-                                  else {}),-                                  lookup('vars', emby_name + '_docker_labels_custom', default=emby_docker_labels_custom)) }}"+emby_role_docker_labels_default: {}+emby_role_docker_labels_custom: {}+emby_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='emby')+                             | combine((traefik_themepark_labels+                                       if (lookup('role_var', '_themepark_enabled', role='emby') and global_themepark_plugin_enabled)+                                       else {}),+                                       lookup('role_var', '_docker_labels_custom', role='emby')) }}"  # Hostname-emby_docker_hostname: "{{ emby_name }}"--# Network Mode-emby_docker_network_mode_default: "{{ docker_networks_name_common }}"-emby_docker_network_mode: "{{ lookup('vars', emby_name + '_docker_network_mode_default', default=emby_docker_network_mode_default) }}"+emby_role_docker_hostname: "{{ emby_name }}"  # Networks-emby_docker_networks_alias: "{{ emby_name }}"-emby_docker_networks_default: []-emby_docker_networks_custom: []-emby_docker_networks: "{{ docker_networks_common-                          + lookup('vars', emby_name + '_docker_networks_default', default=emby_docker_networks_default)-                          + lookup('vars', emby_name + '_docker_networks_custom', default=emby_docker_networks_custom) }}"--# Capabilities-emby_docker_capabilities_default: []-emby_docker_capabilities_custom: []-emby_docker_capabilities: "{{ lookup('vars', emby_name + '_docker_capabilities_default', default=emby_docker_capabilities_default)-                              + lookup('vars', emby_name + '_docker_capabilities_custom', default=emby_docker_capabilities_custom) }}"--# Security Opts-emby_docker_security_opts_default: []-emby_docker_security_opts_custom: []-emby_docker_security_opts: "{{ lookup('vars', emby_name + '_docker_security_opts_default', default=emby_docker_security_opts_default)-                               + lookup('vars', emby_name + '_docker_security_opts_custom', default=emby_docker_security_opts_custom) }}"+emby_role_docker_networks_alias: "{{ emby_name }}"+emby_role_docker_networks_default: []+emby_role_docker_networks_custom: []+emby_role_docker_networks: "{{ docker_networks_common+                               + lookup('role_var', '_docker_networks_default', role='emby')+                               + lookup('role_var', '_docker_networks_custom', role='emby') }}"  # Restart Policy-emby_docker_restart_policy: unless-stopped+emby_role_docker_restart_policy: unless-stopped  # State-emby_docker_state: started+emby_role_docker_state: started

modified

roles/emby/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -22,10 +22,10 @@  - name: Docker Devices Task   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/set_docker_devices_variable.yml"-  when: gpu.intel or use_nvidia+  when: use_intel or use_nvidia  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install.yml"+  ansible.builtin.include_tasks: "subtasks/post-install.yml"

modified

roles/emby/tasks/subtasks/post-install.yml

@@ -13,7 +13,7 @@  - name: Post-Install | Ensure transcodes folder has the correct permissions   ansible.builtin.file:-    path: "{{ emby_paths_transcodes_location }}"+    path: "{{ lookup('role_var', '_paths_transcodes_location', role='emby') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -22,11 +22,11 @@ - name: Post-Install | Import 'dlna.xml'   ansible.builtin.copy:     src: "dlna.xml"-    dest: "{{ emby_paths_dlna_xml_location }}"+    dest: "{{ lookup('role_var', '_paths_dlna_xml_location', role='emby') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"     force: false  - name: Post-Install | Settings Tasks-  ansible.builtin.import_tasks: "settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"

modified

roles/emby/tasks/subtasks/settings.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Wait for config file to be created   ansible.builtin.wait_for:-    path: "{{ emby_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='emby') }}"     state: present  - name: Settings | Stop Docker container@@ -17,12 +17,13 @@  - name: Settings | Update config file   community.general.xml:-    path: "{{ emby_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='emby') }}"     xpath: "/ServerConfiguration/{{ item.xpath }}"     value: "{{ item.value }}"+    pretty_print: true   become: true   become_user: "{{ user.name }}"-  loop: "{{ emby_config_settings_list }}"+  loop: "{{ lookup('role_var', '_config_settings_list', role='emby') }}"  - name: Settings | Start Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/error_pages/defaults/main.yml

@@ -18,61 +18,37 @@ ################################  # Template options listed here https://github.com/tarampampam/error-pages-error_pages_template: "l7"+error_pages_role_template: "l7"  ################################ # Docker ################################  # Container-error_pages_docker_container: "{{ error_pages_name }}"+error_pages_role_docker_container: "{{ error_pages_name }}"  # Image-error_pages_docker_image_pull: true-error_pages_docker_image_tag: "latest"-error_pages_docker_image: "tarampampam/error-pages:{{ error_pages_docker_image_tag }}"--# Ports-error_pages_docker_ports_defaults: []-error_pages_docker_ports_custom: []-error_pages_docker_ports: "{{ error_pages_docker_ports_defaults-                              + error_pages_docker_ports_custom }}"+error_pages_role_docker_image_pull: true+error_pages_role_docker_image_repo: "tarampampam/error-pages"+error_pages_role_docker_image_tag: "latest"+error_pages_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='error_pages') }}:{{ lookup('role_var', '_docker_image_tag', role='error_pages') }}"  # Envs-error_pages_docker_envs_default:-  TEMPLATE_NAME: "{{ error_pages_template }}"-error_pages_docker_envs_custom: {}-error_pages_docker_envs: "{{ error_pages_docker_envs_default-                             | combine(error_pages_docker_envs_custom) }}"--# Commands-error_pages_docker_commands_default: []-error_pages_docker_commands_custom: []-error_pages_docker_commands: "{{ error_pages_docker_commands_default-                                 + error_pages_docker_commands_custom }}"+error_pages_role_docker_envs_default:+  TEMPLATE_NAME: "{{ lookup('role_var', '_template', role='error_pages') }}"+error_pages_role_docker_envs_custom: {}+error_pages_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='error_pages')+                                  | combine(lookup('role_var', '_docker_envs_custom', role='error_pages')) }}"  # Volumes-error_pages_docker_volumes_default:-  - "/opt/error-pages:/opt/html"-error_pages_docker_volumes_custom: []-error_pages_docker_volumes: "{{ error_pages_docker_volumes_default-                                + error_pages_docker_volumes_custom }}"--# Devices-error_pages_docker_devices_default: []-error_pages_docker_devices_custom: []-error_pages_docker_devices: "{{ error_pages_docker_devices_default-                                + error_pages_docker_devices_custom }}"--# Hosts-error_pages_docker_hosts_default: {}-error_pages_docker_hosts_custom: {}-error_pages_docker_hosts: "{{ docker_hosts_common-                              | combine(error_pages_docker_hosts_default)-                              | combine(error_pages_docker_hosts_custom) }}"+error_pages_role_docker_volumes_default:+  - "{{ server_appdata_path }}/error-pages:/opt/html"+error_pages_role_docker_volumes_custom: []+error_pages_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='error_pages')+                                     + lookup('role_var', '_docker_volumes_custom', role='error_pages') }}"  # Labels-error_pages_docker_labels_default:+error_pages_role_docker_labels_default:   traefik.enable: "true"   traefik.http.routers.error-pages-router.rule: "PathPrefix(`/`)"   traefik.http.routers.error-pages-router.priority: "5"@@ -82,36 +58,23 @@   traefik.http.middlewares.error-pages-middleware.errors.service: "error-pages-service"   traefik.http.middlewares.error-pages-middleware.errors.query: "/{status}.html"   traefik.http.services.error-pages-service.loadbalancer.server.port: "8080"-error_pages_docker_labels_custom: {}-error_pages_docker_labels: "{{ docker_labels_common-                               | combine(error_pages_docker_labels_default)-                               | combine(error_pages_docker_labels_custom) }}"+error_pages_role_docker_labels_custom: {}+error_pages_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='error_pages')+                                    | combine(lookup('role_var', '_docker_labels_custom', role='error_pages')) }}"  # Hostname-error_pages_docker_hostname: "{{ error_pages_name }}"+error_pages_role_docker_hostname: "{{ error_pages_name }}"  # Networks-error_pages_docker_networks_alias: "{{ error_pages_name }}"-error_pages_docker_networks_default: []-error_pages_docker_networks_custom: []-error_pages_docker_networks: "{{ docker_networks_common-                                 + error_pages_docker_networks_default-                                 + error_pages_docker_networks_custom }}"--# Capabilities-error_pages_docker_capabilities_default: []-error_pages_docker_capabilities_custom: []-error_pages_docker_capabilities: "{{ error_pages_docker_capabilities_default-                                     + error_pages_docker_capabilities_custom }}"--# Security Opts-error_pages_docker_security_opts_default: []-error_pages_docker_security_opts_custom: []-error_pages_docker_security_opts: "{{ error_pages_docker_security_opts_default-                                      + error_pages_docker_security_opts_custom }}"+error_pages_role_docker_networks_alias: "{{ error_pages_name }}"+error_pages_role_docker_networks_default: []+error_pages_role_docker_networks_custom: []+error_pages_role_docker_networks: "{{ docker_networks_common+                                      + lookup('role_var', '_docker_networks_default', role='error_pages')+                                      + lookup('role_var', '_docker_networks_custom', role='error_pages') }}"  # Restart Policy-error_pages_docker_restart_policy: unless-stopped+error_pages_role_docker_restart_policy: unless-stopped  # State-error_pages_docker_state: started+error_pages_role_docker_state: started

modified

roles/error_pages/tasks/main.yml

@@ -9,13 +9,13 @@ --- - name: Check if legacy folder exists   ansible.builtin.stat:-    path: "/opt/error_pages"+    path: "{{ server_appdata_path }}/error_pages"   register: error_pages_legacy_folder  - name: Migrate error pages directory   migrate_folder:-    legacy_path: /opt/error_pages-    new_path: /opt/error-pages+    legacy_path: "{{ server_appdata_path }}/error_pages"+    new_path: "{{ server_appdata_path }}/error-pages"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: '0775'@@ -24,12 +24,12 @@  - name: Check if folder already exists   ansible.builtin.stat:-    path: "/opt/error-pages"+    path: "{{ server_appdata_path }}/error-pages"   register: error_pages_folder  - name: Create directory   ansible.builtin.file:-    path: "/opt/error-pages"+    path: "{{ server_appdata_path }}/error-pages"     state: directory     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -43,12 +43,12 @@     user: "{{ uid }}:{{ gid }}"     command: "build --config-file ./error-pages.yml /out"     volumes:-      - "/opt/error-pages:/out:rw"+      - "{{ server_appdata_path }}/error-pages:/out:rw"     networks:       - name: saltbox     container_default_behavior: compatibility     tls_hostname: localhost-    auto_remove: yes+    auto_remove: true     state: started     pull: true   when: (not error_pages_folder.stat.exists)@@ -56,7 +56,7 @@ - name: Remove legacy Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:-    var_prefix: "error_pages"+    container_name: "error_pages"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/glances/tasks/main.yml

@@ -17,13 +17,6 @@     glances_python: "3.12"     glances_path: "/srv/glances"     glances_venv_path: "/srv/glances/venv"--- name: "Execute Python role"-  ansible.builtin.include_role:-    name: "python"-  vars:-    python_version: "3.10"-  when: ansible_distribution_version is version('22.04', '!=')  - name: Delete venv folder   ansible.builtin.file:

modified

roles/gluetun/defaults/main.yml

@@ -1,10 +1,10 @@ ##########################################################################-# Title:            Sandbox: Gluetun | Default Variables                 #-# Author(s):        owine                                                #-# URL:              https://github.com/saltyorg/Sandbox                  #-# --                                                                     #+# Title:         Saltbox: Gluetun | Default Variables                    #+# Author(s):     owine                                                  #+# URL:           https://github.com/saltyorg/Saltbox                    #+# --                                                                    # ##########################################################################-#                   GNU General Public License v3.0                      #+#                   GNU General Public License v3.0                     # ########################################################################## --- ################################@@ -16,162 +16,466 @@ ################################ # Settings ################################-# These variables map to the appropriate Docker ENVs-# Review the gluetun wiki (https://github.com/qdm12/gluetun/wiki)-gluetun_vpn_service_provider: ""-gluetun_vpn_type: ""-gluetun_openvpn_custom_config: ""-gluetun_openvpn_endpoint_ip: ""-gluetun_openvpn_endpoint_port: ""-gluetun_openvpn_user: ""-gluetun_openvpn_password: ""-gluetun_openvpn_key_passphrase: ""-gluetun_vpn_endpoint_ip: ""-gluetun_vpn_endpoint_port: ""-gluetun_wireguard_endpoint_ip: ""-gluetun_wireguard_endpoint_port: ""-gluetun_wireguard_mtu: ""-gluetun_wireguard_public_key: ""-gluetun_wireguard_private_key: ""-gluetun_wireguard_preshared_key: ""-gluetun_wireguard_addresses: ""-gluetun_server_countries: ""-gluetun_server_cities: ""-gluetun_server_hostnames: ""-gluetun_server_names: ""-gluetun_server_regions: ""-gluetun_firewall_vpn_input_ports: ""-gluetun_firewall_input_ports: ""-gluetun_firewall_outbound_subnets: ""-gluetun_docker_resolver: true++# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki++# VPN - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/vpn-server-selection.md+# VPN service provider (e.g., mullvad, nordvpn, private internet access, etc.)+gluetun_role_vpn_service_provider: ""+# VPN type: openvpn or wireguard+gluetun_role_vpn_type: ""+# Network interface name for the VPN tunnel (e.g., tun0, wg0)+gluetun_role_vpn_interface: ""+# VPN server endpoint IP address (optional override)+gluetun_role_vpn_endpoint_ip: ""+# VPN server endpoint port (optional override)+gluetun_role_vpn_endpoint_port: ""+# VPN - Sub-section End++# OpenVPN - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/openvpn.md+# OpenVPN username for authentication+gluetun_role_openvpn_user: ""+# OpenVPN password for authentication+gluetun_role_openvpn_password: ""+# OpenVPN protocol: udp or tcp+gluetun_role_openvpn_protocol: ""+# OpenVPN server endpoint IP (optional override)+gluetun_role_openvpn_endpoint_ip: ""+# OpenVPN server endpoint port (optional override)+gluetun_role_openvpn_endpoint_port: ""+# OpenVPN version: 2.5 or 2.6+gluetun_role_openvpn_version: ""+# OpenVPN verbosity level (0-6)+gluetun_role_openvpn_verbosity: ""+# Additional OpenVPN flags to pass to the openvpn command+gluetun_role_openvpn_flags: ""+# Comma-separated list of ciphers to use+gluetun_role_openvpn_ciphers: ""+# OpenVPN auth algorithm (e.g., sha256, sha512)+gluetun_role_openvpn_auth: ""+# User to run OpenVPN process as (e.g., root, nonroot)+gluetun_role_openvpn_process_user: ""+# OpenVPN MSS fix value+gluetun_role_openvpn_mssfix: ""+# Path to custom OpenVPN configuration file+gluetun_role_openvpn_custom_config: ""+# OpenVPN client certificate (base64 or path)+gluetun_role_openvpn_cert: ""+# OpenVPN client private key (base64 or path)+gluetun_role_openvpn_key: ""+# Set to "yes" if the OpenVPN key is encrypted+gluetun_role_openvpn_encrypted_key: ""+# Passphrase to decrypt the OpenVPN key+gluetun_role_openvpn_key_passphrase: ""+# OpenVPN - Sub-section End++# WireGuard - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/wireguard.md+# WireGuard client private key+gluetun_role_wireguard_private_key: ""+# WireGuard preshared key for additional security+gluetun_role_wireguard_preshared_key: ""+# WireGuard server public key+gluetun_role_wireguard_public_key: ""+# Comma-separated list of IP addresses for the WireGuard interface+gluetun_role_wireguard_addresses: ""+# Comma-separated list of allowed IP ranges+gluetun_role_wireguard_allowed_ips: ""+# WireGuard server endpoint IP (optional override)+gluetun_role_wireguard_endpoint_ip: ""+# WireGuard server endpoint port (optional override)+gluetun_role_wireguard_endpoint_port: ""+# WireGuard MTU value+gluetun_role_wireguard_mtu: ""+# WireGuard implementation: kernelspace or userspace+gluetun_role_wireguard_implementation: ""+# WireGuard persistent keepalive interval (e.g., 25s)+gluetun_role_wireguard_persistent_keepalive_interval: ""+# WireGuard - Sub-section End++# Server Selection - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/vpn-server-selection.md+# Comma-separated list of server regions+gluetun_role_server_regions: ""+# Comma-separated list of server countries+gluetun_role_server_countries: ""+# Comma-separated list of server cities+gluetun_role_server_cities: ""+# Comma-separated list of server hostnames+gluetun_role_server_hostnames: ""+# Comma-separated list of server names+gluetun_role_server_names: ""+# Comma-separated list of server categories+gluetun_role_server_categories: ""+# Server number (provider-specific)+gluetun_role_server_number: ""+# Filter by ISP name+gluetun_role_isp: ""+# Only use servers owned by the VPN provider (on/off)+gluetun_role_owned_only: ""+# Only use servers optimized for streaming (on/off)+gluetun_role_stream_only: ""+# Only use free tier servers (on/off)+gluetun_role_free_only: ""+# Only use premium tier servers (on/off)+gluetun_role_premium_only: ""+# Only use Secure Core servers - ProtonVPN (on/off)+gluetun_role_secure_core_only: ""+# Only use Tor-enabled servers (on/off)+gluetun_role_tor_only: ""+# Only use multi-hop servers (on/off)+gluetun_role_multihop_only: ""+# Only use servers that support port forwarding (on/off)+gluetun_role_port_forward_only: ""+# Server Selection - Sub-section End++# Firewall - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/firewall.md+# Comma-separated list of ports to allow through the VPN firewall+gluetun_role_firewall_vpn_input_ports: ""+# Comma-separated list of ports to allow on the host side+gluetun_role_firewall_input_ports: ""+# Comma-separated list of subnets to allow outbound traffic to+gluetun_role_firewall_outbound_subnets: ""+# Enable firewall debug logging (on/off)+gluetun_role_firewall_debug: ""+# Firewall - Sub-section End++# DNS - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/dns.md+# DNS server type: local or remote+gluetun_role_dns_server: ""+# Upstream resolver type: dot, doh, or plaintext+gluetun_role_dns_upstream_resolver_type: ""+# Comma-separated list of upstream DNS resolvers+gluetun_role_dns_upstream_resolvers: ""+# Enable DNS caching (on/off)+gluetun_role_dns_caching: ""+# Allow IPv6 DNS queries (on/off)+gluetun_role_dns_upstream_ipv6: ""+# Comma-separated list of IPs to block in DNS responses+gluetun_role_dns_block_ips: ""+# Comma-separated list of IP prefixes to block in DNS responses+gluetun_role_dns_block_ip_prefixes: ""+# Block malicious domains (on/off)+gluetun_role_block_malicious: ""+# Block surveillance domains (on/off)+gluetun_role_block_surveillance: ""+# Block ads domains (on/off)+gluetun_role_block_ads: ""+# Comma-separated list of hostnames to unblock+gluetun_role_dns_unblock_hostnames: ""+# Comma-separated list of hostnames exempt from DNS rebinding protection+gluetun_role_dns_rebinding_protection_exempt_hostnames: ""+# Comma-separated list of private address ranges for DNS+gluetun_role_dns_private_addresses: ""+# DNS blocklists update period (e.g., 24h)+gluetun_role_dns_update_period: ""+# Address for DNS server to listen on (e.g., 127.0.0.1:53)+gluetun_role_dns_address: ""+# Keep original nameserver - deprecated in v3.41+, Saltbox default: false+gluetun_role_docker_resolver: false+# DNS - Sub-section End++# Health - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md+# Address for the health server to listen on+gluetun_role_health_server_address: ""+# Comma-separated list of addresses to check for health+gluetun_role_health_target_addresses: ""+# Comma-separated list of IP addresses for ICMP health checks+gluetun_role_health_icmp_target_ips: ""+# Type of small health check: ping or http+gluetun_role_health_small_check_type: ""+# Restart VPN when unhealthy (on/off)+gluetun_role_health_restart_vpn: ""+# Health - Sub-section End++# HTTP Proxy - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/http-proxy.md+# Enable HTTP proxy (on/off)+gluetun_role_httpproxy: "on"+# Enable stealth mode for HTTP proxy (on/off)+gluetun_role_httpproxy_stealth: "on"+# Enable HTTP proxy logging (on/off)+gluetun_role_httpproxy_log: ""+# Address for HTTP proxy to listen on (e.g., :8888)+gluetun_role_httpproxy_listening_address: ""+# HTTP proxy authentication username+gluetun_role_httpproxy_user: ""+# HTTP proxy authentication password+gluetun_role_httpproxy_password: ""+# HTTP Proxy - Sub-section End++# Shadowsocks - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/shadowsocks.md+# Enable Shadowsocks server (on/off)+gluetun_role_shadowsocks: ""+# Enable Shadowsocks logging (on/off)+gluetun_role_shadowsocks_log: ""+# Address for Shadowsocks to listen on (e.g., :8388)+gluetun_role_shadowsocks_listening_address: ""+# Shadowsocks password for authentication+gluetun_role_shadowsocks_password: ""+# Shadowsocks cipher (e.g., chacha20-ietf-poly1305)+gluetun_role_shadowsocks_cipher: ""+# Shadowsocks - Sub-section End++# Control Server - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/control-server.md+# Enable control server logging (on/off)+gluetun_role_http_control_server_log: ""+# Address for control server to listen on (e.g., :8000)+gluetun_role_http_control_server_address: ""+# Path to auth config file for control server+gluetun_role_http_control_server_auth_config_filepath: ""+# Default role for control server auth (admin/viewer/none)+gluetun_role_http_control_server_auth_default_role: ""+# Control Server - Sub-section End++# Port Forwarding - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/port-forwarding.md+# Enable VPN port forwarding (on/off)+gluetun_role_vpn_port_forwarding: ""+# Listening port for port forwarding+gluetun_role_vpn_port_forwarding_listening_port: ""+# Port forwarding provider (e.g., protonvpn, pia)+gluetun_role_vpn_port_forwarding_provider: ""+# Path to file for storing port forwarding status+gluetun_role_vpn_port_forwarding_status_file: ""+# Username for port forwarding authentication+gluetun_role_vpn_port_forwarding_username: ""+# Password for port forwarding authentication+gluetun_role_vpn_port_forwarding_password: ""+# Command to run when port forwarding is established+gluetun_role_vpn_port_forwarding_up_command: ""+# Command to run when port forwarding is terminated+gluetun_role_vpn_port_forwarding_down_command: ""+# Port Forwarding - Sub-section End++# Updater - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/updater.md+# Server list update period (e.g., 24h, 0 to disable)+gluetun_role_updater_period: ""+# Minimum ratio of servers to keep when updating+gluetun_role_updater_min_ratio: ""+# Comma-separated list of VPN providers to update servers for+gluetun_role_updater_vpn_service_providers: ""+# ProtonVPN account email for server list updates+gluetun_role_updater_protonvpn_email: ""+# ProtonVPN account password for server list updates+gluetun_role_updater_protonvpn_password: ""+# Updater - Sub-section End++# Public IP - Sub-section Start+# [GLOBAL] Reference: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/public-ip.md+# Enable public IP fetching (on/off)+gluetun_role_publicip_enabled: ""+# Path to file for storing public IP+gluetun_role_publicip_file: ""+# Public IP API to use (e.g., ipinfo, ip2location)+gluetun_role_publicip_api: ""+# API token for public IP service+gluetun_role_publicip_api_token: ""+# Public IP - Sub-section End++# Logging - Sub-section Start+# Log level: debug, info, warning, error+gluetun_role_log_level: ""+# Logging - Sub-section End++# Provider Specific - Sub-section Start+# PIA OpenVPN encryption preset: normal, strong, none+gluetun_role_private_internet_access_openvpn_encryption_preset: ""+# Provider Specific - Sub-section End++# Misc - Sub-section Start+# Enable version information logging on startup (on/off)+gluetun_role_version_information: ""+# Path to storage file for persisting data+gluetun_role_storage_filepath: ""+# Enable pprof profiling server (on/off)+gluetun_role_pprof_enabled: ""+# Misc - Sub-section End  ################################ # Paths ################################ -gluetun_paths_folder: "{{ gluetun_name }}"-gluetun_paths_location: "{{ server_appdata_path }}/{{ gluetun_paths_folder }}"-gluetun_paths_folders_list:-  - "{{ gluetun_paths_location }}"+gluetun_role_paths_folder: "{{ gluetun_name }}"+gluetun_role_paths_location: "{{ server_appdata_path }}/{{ gluetun_role_paths_folder }}"+gluetun_role_paths_folders_list:+  - "{{ gluetun_role_paths_location }}"  ################################ # Docker ################################  # Container-gluetun_docker_container: "{{ gluetun_name }}"+gluetun_role_docker_container: "{{ gluetun_name }}"  # Image-gluetun_docker_image_pull: true-gluetun_docker_image_repo: "qmcgaw/gluetun"-gluetun_docker_image_tag: "v3"-gluetun_docker_image: "{{ lookup('vars', gluetun_name + '_docker_image_repo', default=gluetun_docker_image_repo)-                          + ':' + lookup('vars', gluetun_name + '_docker_image_tag', default=gluetun_docker_image_tag) }}"--# Ports-gluetun_docker_ports_defaults: []-gluetun_docker_ports_custom: []-gluetun_docker_ports: "{{ lookup('vars', gluetun_name + '_docker_ports_defaults', default=gluetun_docker_ports_defaults)-                          + lookup('vars', gluetun_name + '_docker_ports_custom', default=gluetun_docker_ports_custom) }}"--# Envs-gluetun_docker_envs_default:-  DNS_KEEP_NAMESERVER: "{{ 'on' if lookup('vars', gluetun_name + '_docker_resolver', default=gluetun_docker_resolver) else 'off' }}"-  FIREWALL_INPUT_PORTS: "{{ lookup('vars', gluetun_name + '_firewall_input_ports', default='') if (lookup('vars', gluetun_name + '_firewall_input_ports', default='') | length > 0) else omit }}"-  FIREWALL_OUTBOUND_SUBNETS: "{{ lookup('vars', gluetun_name + '_firewall_outbound_subnets', default='') if (lookup('vars', gluetun_name + '_firewall_outbound_subnets', default='') | length > 0) else omit }}"-  FIREWALL_VPN_INPUT_PORTS: "{{ lookup('vars', gluetun_name + '_firewall_vpn_input_ports', default='') if (lookup('vars', gluetun_name + '_firewall_vpn_input_ports', default='') | length > 0) else omit }}"-  HTTPPROXY: "on"-  HTTPPROXY_STEALTH: "on"-  OPENVPN_CUSTOM_CONFIG: "{{ lookup('vars', gluetun_name + '_openvpn_custom_config', default='') if (lookup('vars', gluetun_name + '_openvpn_custom_config', default='') | length > 0) else omit }}"-  OPENVPN_ENDPOINT_IP: "{{ lookup('vars', gluetun_name + '_openvpn_endpoint_ip', default='') if (lookup('vars', gluetun_name + '_openvpn_endpoint_ip', default='') | length > 0) else omit }}"-  OPENVPN_ENDPOINT_PORT: "{{ lookup('vars', gluetun_name + '_openvpn_endpoint_port', default='') if (lookup('vars', gluetun_name + '_openvpn_endpoint_port', default='') | length > 0) else omit }}"-  OPENVPN_KEY_PASSPHRASE: "{{ lookup('vars', gluetun_name + '_openvpn_key_passphrase', default='') if (lookup('vars', gluetun_name + '_openvpn_key_passphrase', default='') | length > 0) else omit }}"-  OPENVPN_PASSWORD: "{{ lookup('vars', gluetun_name + '_openvpn_password', default='') if (lookup('vars', gluetun_name + '_openvpn_password', default='') | length > 0) else omit }}"-  OPENVPN_USER: "{{ lookup('vars', gluetun_name + '_openvpn_user', default='') if (lookup('vars', gluetun_name + '_openvpn_user', default='') | length > 0) else omit }}"+gluetun_role_docker_image_pull: true+gluetun_role_docker_image_repo: "qmcgaw/gluetun"+gluetun_role_docker_image_tag: "v3.41"+gluetun_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='gluetun') }}:{{ lookup('role_var', '_docker_image_tag', role='gluetun') }}"++# Skip docs+gluetun_role_docker_envs_default:+  BLOCK_ADS: "{{ lookup('role_var', '_block_ads', role='gluetun') if (lookup('role_var', '_block_ads', role='gluetun') | length > 0) else omit }}"+  BLOCK_MALICIOUS: "{{ lookup('role_var', '_block_malicious', role='gluetun') if (lookup('role_var', '_block_malicious', role='gluetun') | length > 0) else omit }}"+  BLOCK_SURVEILLANCE: "{{ lookup('role_var', '_block_surveillance', role='gluetun') if (lookup('role_var', '_block_surveillance', role='gluetun') | length > 0) else omit }}"+  DNS_ADDRESS: "{{ lookup('role_var', '_dns_address', role='gluetun') if (lookup('role_var', '_dns_address', role='gluetun') | length > 0) else omit }}"+  DNS_BLOCK_IP_PREFIXES: "{{ lookup('role_var', '_dns_block_ip_prefixes', role='gluetun') if (lookup('role_var', '_dns_block_ip_prefixes', role='gluetun') | length > 0) else omit }}"+  DNS_BLOCK_IPS: "{{ lookup('role_var', '_dns_block_ips', role='gluetun') if (lookup('role_var', '_dns_block_ips', role='gluetun') | length > 0) else omit }}"+  DNS_CACHING: "{{ lookup('role_var', '_dns_caching', role='gluetun') if (lookup('role_var', '_dns_caching', role='gluetun') | length > 0) else omit }}"+  DNS_KEEP_NAMESERVER: "{{ 'on' if (lookup('role_var', '_docker_resolver', role='gluetun') | bool) else 'off' }}"+  DNS_PRIVATE_ADDRESSES: "{{ lookup('role_var', '_dns_private_addresses', role='gluetun') if (lookup('role_var', '_dns_private_addresses', role='gluetun') | length > 0) else omit }}"+  DNS_REBINDING_PROTECTION_EXEMPT_HOSTNAMES: "{{ lookup('role_var', '_dns_rebinding_protection_exempt_hostnames', role='gluetun') if (lookup('role_var', '_dns_rebinding_protection_exempt_hostnames', role='gluetun') | length > 0) else omit }}"+  DNS_SERVER: "{{ lookup('role_var', '_dns_server', role='gluetun') if (lookup('role_var', '_dns_server', role='gluetun') | length > 0) else omit }}"+  DNS_UNBLOCK_HOSTNAMES: "{{ lookup('role_var', '_dns_unblock_hostnames', role='gluetun') if (lookup('role_var', '_dns_unblock_hostnames', role='gluetun') | length > 0) else omit }}"+  DNS_UPDATE_PERIOD: "{{ lookup('role_var', '_dns_update_period', role='gluetun') if (lookup('role_var', '_dns_update_period', role='gluetun') | length > 0) else omit }}"+  DNS_UPSTREAM_IPV6: "{{ lookup('role_var', '_dns_upstream_ipv6', role='gluetun') if (lookup('role_var', '_dns_upstream_ipv6', role='gluetun') | length > 0) else omit }}"+  DNS_UPSTREAM_RESOLVER_TYPE: "{{ lookup('role_var', '_dns_upstream_resolver_type', role='gluetun') if (lookup('role_var', '_dns_upstream_resolver_type', role='gluetun') | length > 0) else omit }}"+  DNS_UPSTREAM_RESOLVERS: "{{ lookup('role_var', '_dns_upstream_resolvers', role='gluetun') if (lookup('role_var', '_dns_upstream_resolvers', role='gluetun') | length > 0) else omit }}"+  FIREWALL_DEBUG: "{{ lookup('role_var', '_firewall_debug', role='gluetun') if (lookup('role_var', '_firewall_debug', role='gluetun') | length > 0) else omit }}"+  FIREWALL_INPUT_PORTS: "{{ lookup('role_var', '_firewall_input_ports', role='gluetun') if (lookup('role_var', '_firewall_input_ports', role='gluetun') | length > 0) else omit }}"+  FIREWALL_OUTBOUND_SUBNETS: "{{ lookup('role_var', '_firewall_outbound_subnets', role='gluetun') if (lookup('role_var', '_firewall_outbound_subnets', role='gluetun') | length > 0) else omit }}"+  FIREWALL_VPN_INPUT_PORTS: "{{ lookup('role_var', '_firewall_vpn_input_ports', role='gluetun') if (lookup('role_var', '_firewall_vpn_input_ports', role='gluetun') | length > 0) else omit }}"+  FREE_ONLY: "{{ lookup('role_var', '_free_only', role='gluetun') if (lookup('role_var', '_free_only', role='gluetun') | length > 0) else omit }}"+  HEALTH_ICMP_TARGET_IPS: "{{ lookup('role_var', '_health_icmp_target_ips', role='gluetun') if (lookup('role_var', '_health_icmp_target_ips', role='gluetun') | length > 0) else omit }}"+  HEALTH_RESTART_VPN: "{{ lookup('role_var', '_health_restart_vpn', role='gluetun') if (lookup('role_var', '_health_restart_vpn', role='gluetun') | length > 0) else omit }}"+  HEALTH_SERVER_ADDRESS: "{{ lookup('role_var', '_health_server_address', role='gluetun') if (lookup('role_var', '_health_server_address', role='gluetun') | length > 0) else omit }}"+  HEALTH_SMALL_CHECK_TYPE: "{{ lookup('role_var', '_health_small_check_type', role='gluetun') if (lookup('role_var', '_health_small_check_type', role='gluetun') | length > 0) else omit }}"+  HEALTH_TARGET_ADDRESSES: "{{ lookup('role_var', '_health_target_addresses', role='gluetun') if (lookup('role_var', '_health_target_addresses', role='gluetun') | length > 0) else omit }}"+  HTTP_CONTROL_SERVER_ADDRESS: "{{ lookup('role_var', '_http_control_server_address', role='gluetun') if (lookup('role_var', '_http_control_server_address', role='gluetun') | length > 0) else omit }}"+  HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH: "{{ lookup('role_var', '_http_control_server_auth_config_filepath', role='gluetun') if (lookup('role_var', '_http_control_server_auth_config_filepath', role='gluetun') | length > 0) else omit }}"+  HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE: "{{ lookup('role_var', '_http_control_server_auth_default_role', role='gluetun') if (lookup('role_var', '_http_control_server_auth_default_role', role='gluetun') | length > 0) else omit }}"+  HTTP_CONTROL_SERVER_LOG: "{{ lookup('role_var', '_http_control_server_log', role='gluetun') if (lookup('role_var', '_http_control_server_log', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY: "{{ lookup('role_var', '_httpproxy', role='gluetun') if (lookup('role_var', '_httpproxy', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY_LISTENING_ADDRESS: "{{ lookup('role_var', '_httpproxy_listening_address', role='gluetun') if (lookup('role_var', '_httpproxy_listening_address', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY_LOG: "{{ lookup('role_var', '_httpproxy_log', role='gluetun') if (lookup('role_var', '_httpproxy_log', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY_PASSWORD: "{{ lookup('role_var', '_httpproxy_password', role='gluetun') if (lookup('role_var', '_httpproxy_password', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY_STEALTH: "{{ lookup('role_var', '_httpproxy_stealth', role='gluetun') if (lookup('role_var', '_httpproxy_stealth', role='gluetun') | length > 0) else omit }}"+  HTTPPROXY_USER: "{{ lookup('role_var', '_httpproxy_user', role='gluetun') if (lookup('role_var', '_httpproxy_user', role='gluetun') | length > 0) else omit }}"+  ISP: "{{ lookup('role_var', '_isp', role='gluetun') if (lookup('role_var', '_isp', role='gluetun') | length > 0) else omit }}"+  LOG_LEVEL: "{{ lookup('role_var', '_log_level', role='gluetun') if (lookup('role_var', '_log_level', role='gluetun') | length > 0) else omit }}"+  MULTIHOP_ONLY: "{{ lookup('role_var', '_multihop_only', role='gluetun') if (lookup('role_var', '_multihop_only', role='gluetun') | length > 0) else omit }}"+  OPENVPN_AUTH: "{{ lookup('role_var', '_openvpn_auth', role='gluetun') if (lookup('role_var', '_openvpn_auth', role='gluetun') | length > 0) else omit }}"+  OPENVPN_CERT: "{{ lookup('role_var', '_openvpn_cert', role='gluetun') if (lookup('role_var', '_openvpn_cert', role='gluetun') | length > 0) else omit }}"+  OPENVPN_CIPHERS: "{{ lookup('role_var', '_openvpn_ciphers', role='gluetun') if (lookup('role_var', '_openvpn_ciphers', role='gluetun') | length > 0) else omit }}"+  OPENVPN_CUSTOM_CONFIG: "{{ lookup('role_var', '_openvpn_custom_config', role='gluetun') if (lookup('role_var', '_openvpn_custom_config', role='gluetun') | length > 0) else omit }}"+  OPENVPN_ENCRYPTED_KEY: "{{ lookup('role_var', '_openvpn_encrypted_key', role='gluetun') if (lookup('role_var', '_openvpn_encrypted_key', role='gluetun') | length > 0) else omit }}"+  OPENVPN_ENDPOINT_IP: "{{ lookup('role_var', '_openvpn_endpoint_ip', role='gluetun') if (lookup('role_var', '_openvpn_endpoint_ip', role='gluetun') | length > 0) else omit }}"+  OPENVPN_ENDPOINT_PORT: "{{ lookup('role_var', '_openvpn_endpoint_port', role='gluetun') if (lookup('role_var', '_openvpn_endpoint_port', role='gluetun') | length > 0) else omit }}"+  OPENVPN_FLAGS: "{{ lookup('role_var', '_openvpn_flags', role='gluetun') if (lookup('role_var', '_openvpn_flags', role='gluetun') | length > 0) else omit }}"+  OPENVPN_KEY: "{{ lookup('role_var', '_openvpn_key', role='gluetun') if (lookup('role_var', '_openvpn_key', role='gluetun') | length > 0) else omit }}"+  OPENVPN_KEY_PASSPHRASE: "{{ lookup('role_var', '_openvpn_key_passphrase', role='gluetun') if (lookup('role_var', '_openvpn_key_passphrase', role='gluetun') | length > 0) else omit }}"+  OPENVPN_MSSFIX: "{{ lookup('role_var', '_openvpn_mssfix', role='gluetun') if (lookup('role_var', '_openvpn_mssfix', role='gluetun') | length > 0) else omit }}"+  OPENVPN_PASSWORD: "{{ lookup('role_var', '_openvpn_password', role='gluetun') if (lookup('role_var', '_openvpn_password', role='gluetun') | length > 0) else omit }}"+  OPENVPN_PROCESS_USER: "{{ lookup('role_var', '_openvpn_process_user', role='gluetun') if (lookup('role_var', '_openvpn_process_user', role='gluetun') | length > 0) else omit }}"+  OPENVPN_PROTOCOL: "{{ lookup('role_var', '_openvpn_protocol', role='gluetun') if (lookup('role_var', '_openvpn_protocol', role='gluetun') | length > 0) else omit }}"+  OPENVPN_USER: "{{ lookup('role_var', '_openvpn_user', role='gluetun') if (lookup('role_var', '_openvpn_user', role='gluetun') | length > 0) else omit }}"+  OPENVPN_VERBOSITY: "{{ lookup('role_var', '_openvpn_verbosity', role='gluetun') if (lookup('role_var', '_openvpn_verbosity', role='gluetun') | length > 0) else omit }}"+  OPENVPN_VERSION: "{{ lookup('role_var', '_openvpn_version', role='gluetun') if (lookup('role_var', '_openvpn_version', role='gluetun') | length > 0) else omit }}"+  OWNED_ONLY: "{{ lookup('role_var', '_owned_only', role='gluetun') if (lookup('role_var', '_owned_only', role='gluetun') | length > 0) else omit }}"   PGID: "{{ gid }}"+  PORT_FORWARD_ONLY: "{{ lookup('role_var', '_port_forward_only', role='gluetun') if (lookup('role_var', '_port_forward_only', role='gluetun') | length > 0) else omit }}"+  PPROF_ENABLED: "{{ lookup('role_var', '_pprof_enabled', role='gluetun') if (lookup('role_var', '_pprof_enabled', role='gluetun') | length > 0) else omit }}"+  PREMIUM_ONLY: "{{ lookup('role_var', '_premium_only', role='gluetun') if (lookup('role_var', '_premium_only', role='gluetun') | length > 0) else omit }}"+  PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET: "{{ lookup('role_var', '_private_internet_access_openvpn_encryption_preset', role='gluetun') if (lookup('role_var', '_private_internet_access_openvpn_encryption_preset', role='gluetun') | length > 0) else omit }}"+  PUBLICIP_API: "{{ lookup('role_var', '_publicip_api', role='gluetun') if (lookup('role_var', '_publicip_api', role='gluetun') | length > 0) else omit }}"+  PUBLICIP_API_TOKEN: "{{ lookup('role_var', '_publicip_api_token', role='gluetun') if (lookup('role_var', '_publicip_api_token', role='gluetun') | length > 0) else omit }}"+  PUBLICIP_ENABLED: "{{ lookup('role_var', '_publicip_enabled', role='gluetun') if (lookup('role_var', '_publicip_enabled', role='gluetun') | length > 0) else omit }}"+  PUBLICIP_FILE: "{{ lookup('role_var', '_publicip_file', role='gluetun') if (lookup('role_var', '_publicip_file', role='gluetun') | length > 0) else omit }}"   PUID: "{{ uid }}"-  SERVER_CITIES: "{{ lookup('vars', gluetun_name + '_server_cities', default='') if (lookup('vars', gluetun_name + '_server_cities', default='') | length > 0) else omit }}"-  SERVER_COUNTRIES: "{{ lookup('vars', gluetun_name + '_server_countries', default='') if (lookup('vars', gluetun_name + '_server_countries', default='') | length > 0) else omit }}"-  SERVER_HOSTNAMES: "{{ lookup('vars', gluetun_name + '_server_hostnames', default='') if (lookup('vars', gluetun_name + '_server_hostnames', default='') | length > 0) else omit }}"-  SERVER_NAMES: "{{ lookup('vars', gluetun_name + '_server_names', default='') if (lookup('vars', gluetun_name + '_server_names', default='') | length > 0) else omit }}"-  SERVER_REGIONS: "{{ lookup('vars', gluetun_name + '_server_regions', default='') if (lookup('vars', gluetun_name + '_server_regions', default='') | length > 0) else omit }}"+  SECURE_CORE_ONLY: "{{ lookup('role_var', '_secure_core_only', role='gluetun') if (lookup('role_var', '_secure_core_only', role='gluetun') | length > 0) else omit }}"+  SERVER_CATEGORIES: "{{ lookup('role_var', '_server_categories', role='gluetun') if (lookup('role_var', '_server_categories', role='gluetun') | length > 0) else omit }}"+  SERVER_CITIES: "{{ lookup('role_var', '_server_cities', role='gluetun') if (lookup('role_var', '_server_cities', role='gluetun') | length > 0) else omit }}"+  SERVER_COUNTRIES: "{{ lookup('role_var', '_server_countries', role='gluetun') if (lookup('role_var', '_server_countries', role='gluetun') | length > 0) else omit }}"+  SERVER_HOSTNAMES: "{{ lookup('role_var', '_server_hostnames', role='gluetun') if (lookup('role_var', '_server_hostnames', role='gluetun') | length > 0) else omit }}"+  SERVER_NAMES: "{{ lookup('role_var', '_server_names', role='gluetun') if (lookup('role_var', '_server_names', role='gluetun') | length > 0) else omit }}"+  SERVER_NUMBER: "{{ lookup('role_var', '_server_number', role='gluetun') if (lookup('role_var', '_server_number', role='gluetun') | length > 0) else omit }}"+  SERVER_REGIONS: "{{ lookup('role_var', '_server_regions', role='gluetun') if (lookup('role_var', '_server_regions', role='gluetun') | length > 0) else omit }}"+  SHADOWSOCKS: "{{ lookup('role_var', '_shadowsocks', role='gluetun') if (lookup('role_var', '_shadowsocks', role='gluetun') | length > 0) else omit }}"+  SHADOWSOCKS_CIPHER: "{{ lookup('role_var', '_shadowsocks_cipher', role='gluetun') if (lookup('role_var', '_shadowsocks_cipher', role='gluetun') | length > 0) else omit }}"+  SHADOWSOCKS_LISTENING_ADDRESS: "{{ lookup('role_var', '_shadowsocks_listening_address', role='gluetun') if (lookup('role_var', '_shadowsocks_listening_address', role='gluetun') | length > 0) else omit }}"+  SHADOWSOCKS_LOG: "{{ lookup('role_var', '_shadowsocks_log', role='gluetun') if (lookup('role_var', '_shadowsocks_log', role='gluetun') | length > 0) else omit }}"+  SHADOWSOCKS_PASSWORD: "{{ lookup('role_var', '_shadowsocks_password', role='gluetun') if (lookup('role_var', '_shadowsocks_password', role='gluetun') | length > 0) else omit }}"+  STORAGE_FILEPATH: "{{ lookup('role_var', '_storage_filepath', role='gluetun') if (lookup('role_var', '_storage_filepath', role='gluetun') | length > 0) else omit }}"+  STREAM_ONLY: "{{ lookup('role_var', '_stream_only', role='gluetun') if (lookup('role_var', '_stream_only', role='gluetun') | length > 0) else omit }}"+  TOR_ONLY: "{{ lookup('role_var', '_tor_only', role='gluetun') if (lookup('role_var', '_tor_only', role='gluetun') | length > 0) else omit }}"   TZ: "{{ tz }}"-  VPN_ENDPOINT_IP: "{{ lookup('vars', gluetun_name + '_vpn_endpoint_ip', default='') if (lookup('vars', gluetun_name + '_vpn_endpoint_ip', default='') | length > 0) else omit }}"-  VPN_ENDPOINT_PORT: "{{ lookup('vars', gluetun_name + '_vpn_endpoint_port', default='') if (lookup('vars', gluetun_name + '_vpn_endpoint_port', default='') | length > 0) else omit }}"-  VPN_SERVICE_PROVIDER: "{{ lookup('vars', gluetun_name + '_vpn_service_provider', default='') if (lookup('vars', gluetun_name + '_vpn_service_provider', default='') | length > 0) else omit }}"-  VPN_TYPE: "{{ lookup('vars', gluetun_name + '_vpn_type', default='') if (lookup('vars', gluetun_name + '_vpn_type', default='') | length > 0) else omit }}"-  WIREGUARD_ADDRESSES: "{{ lookup('vars', gluetun_name + '_wireguard_addresses', default='') if (lookup('vars', gluetun_name + '_wireguard_addresses', default='') | length > 0) else omit }}"-  WIREGUARD_ENDPOINT_IP: "{{ lookup('vars', gluetun_name + '_wireguard_endpoint_ip', default='') if (lookup('vars', gluetun_name + '_wireguard_endpoint_ip', default='') | length > 0) else omit }}"-  WIREGUARD_ENDPOINT_PORT: "{{ lookup('vars', gluetun_name + '_wireguard_endpoint_port', default='') if (lookup('vars', gluetun_name + '_wireguard_endpoint_port', default='') | length > 0) else omit }}"-  WIREGUARD_MTU: "{{ lookup('vars', gluetun_name + '_wireguard_mtu', default='') if (lookup('vars', gluetun_name + '_wireguard_mtu', default='') | length > 0) else omit }}"-  WIREGUARD_PRESHARED_KEY: "{{ lookup('vars', gluetun_name + '_wireguard_preshared_key', default='') if (lookup('vars', gluetun_name + '_wireguard_preshared_key', default='') | length > 0) else omit }}"-  WIREGUARD_PRIVATE_KEY: "{{ lookup('vars', gluetun_name + '_wireguard_private_key', default='') if (lookup('vars', gluetun_name + '_wireguard_private_key', default='') | length > 0) else omit }}"-  WIREGUARD_PUBLIC_KEY: "{{ lookup('vars', gluetun_name + '_wireguard_public_key', default='') if (lookup('vars', gluetun_name + '_wireguard_public_key', default='') | length > 0) else omit }}"-gluetun_docker_envs_custom: {}-gluetun_docker_envs: "{{ lookup('vars', gluetun_name + '_docker_envs_default', default=gluetun_docker_envs_default)-                         | combine(lookup('vars', gluetun_name + '_docker_envs_custom', default=gluetun_docker_envs_custom)) }}"--# Commands-gluetun_docker_commands_default: []-gluetun_docker_commands_custom: []-gluetun_docker_commands: "{{ lookup('vars', gluetun_name + '_docker_commands_default', default=gluetun_docker_commands_default)-                             + lookup('vars', gluetun_name + '_docker_commands_custom', default=gluetun_docker_commands_custom) }}"+  UPDATER_MIN_RATIO: "{{ lookup('role_var', '_updater_min_ratio', role='gluetun') if (lookup('role_var', '_updater_min_ratio', role='gluetun') | length > 0) else omit }}"+  UPDATER_PERIOD: "{{ lookup('role_var', '_updater_period', role='gluetun') if (lookup('role_var', '_updater_period', role='gluetun') | length > 0) else omit }}"+  UPDATER_PROTONVPN_EMAIL: "{{ lookup('role_var', '_updater_protonvpn_email', role='gluetun') if (lookup('role_var', '_updater_protonvpn_email', role='gluetun') | length > 0) else omit }}"+  UPDATER_PROTONVPN_PASSWORD: "{{ lookup('role_var', '_updater_protonvpn_password', role='gluetun') if (lookup('role_var', '_updater_protonvpn_password', role='gluetun') | length > 0) else omit }}"+  UPDATER_VPN_SERVICE_PROVIDERS: "{{ lookup('role_var', '_updater_vpn_service_providers', role='gluetun') if (lookup('role_var', '_updater_vpn_service_providers', role='gluetun') | length > 0) else omit }}"+  VERSION_INFORMATION: "{{ lookup('role_var', '_version_information', role='gluetun') if (lookup('role_var', '_version_information', role='gluetun') | length > 0) else omit }}"+  VPN_ENDPOINT_IP: "{{ lookup('role_var', '_vpn_endpoint_ip', role='gluetun') if (lookup('role_var', '_vpn_endpoint_ip', role='gluetun') | length > 0) else omit }}"+  VPN_ENDPOINT_PORT: "{{ lookup('role_var', '_vpn_endpoint_port', role='gluetun') if (lookup('role_var', '_vpn_endpoint_port', role='gluetun') | length > 0) else omit }}"+  VPN_INTERFACE: "{{ lookup('role_var', '_vpn_interface', role='gluetun') if (lookup('role_var', '_vpn_interface', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING: "{{ lookup('role_var', '_vpn_port_forwarding', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_DOWN_COMMAND: "{{ lookup('role_var', '_vpn_port_forwarding_down_command', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_down_command', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_LISTENING_PORT: "{{ lookup('role_var', '_vpn_port_forwarding_listening_port', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_listening_port', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_PASSWORD: "{{ lookup('role_var', '_vpn_port_forwarding_password', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_password', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_PROVIDER: "{{ lookup('role_var', '_vpn_port_forwarding_provider', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_provider', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_STATUS_FILE: "{{ lookup('role_var', '_vpn_port_forwarding_status_file', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_status_file', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_UP_COMMAND: "{{ lookup('role_var', '_vpn_port_forwarding_up_command', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_up_command', role='gluetun') | length > 0) else omit }}"+  VPN_PORT_FORWARDING_USERNAME: "{{ lookup('role_var', '_vpn_port_forwarding_username', role='gluetun') if (lookup('role_var', '_vpn_port_forwarding_username', role='gluetun') | length > 0) else omit }}"+  VPN_SERVICE_PROVIDER: "{{ lookup('role_var', '_vpn_service_provider', role='gluetun') if (lookup('role_var', '_vpn_service_provider', role='gluetun') | length > 0) else omit }}"+  VPN_TYPE: "{{ lookup('role_var', '_vpn_type', role='gluetun') if (lookup('role_var', '_vpn_type', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_ADDRESSES: "{{ lookup('role_var', '_wireguard_addresses', role='gluetun') if (lookup('role_var', '_wireguard_addresses', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_ALLOWED_IPS: "{{ lookup('role_var', '_wireguard_allowed_ips', role='gluetun') if (lookup('role_var', '_wireguard_allowed_ips', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_ENDPOINT_IP: "{{ lookup('role_var', '_wireguard_endpoint_ip', role='gluetun') if (lookup('role_var', '_wireguard_endpoint_ip', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_ENDPOINT_PORT: "{{ lookup('role_var', '_wireguard_endpoint_port', role='gluetun') if (lookup('role_var', '_wireguard_endpoint_port', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_IMPLEMENTATION: "{{ lookup('role_var', '_wireguard_implementation', role='gluetun') if (lookup('role_var', '_wireguard_implementation', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_MTU: "{{ lookup('role_var', '_wireguard_mtu', role='gluetun') if (lookup('role_var', '_wireguard_mtu', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL: "{{ lookup('role_var', '_wireguard_persistent_keepalive_interval', role='gluetun') if (lookup('role_var', '_wireguard_persistent_keepalive_interval', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_PRESHARED_KEY: "{{ lookup('role_var', '_wireguard_preshared_key', role='gluetun') if (lookup('role_var', '_wireguard_preshared_key', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_PRIVATE_KEY: "{{ lookup('role_var', '_wireguard_private_key', role='gluetun') if (lookup('role_var', '_wireguard_private_key', role='gluetun') | length > 0) else omit }}"+  WIREGUARD_PUBLIC_KEY: "{{ lookup('role_var', '_wireguard_public_key', role='gluetun') if (lookup('role_var', '_wireguard_public_key', role='gluetun') | length > 0) else omit }}"+gluetun_role_docker_envs_custom: {}+gluetun_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='gluetun')+                              | combine(lookup('role_var', '_docker_envs_custom', role='gluetun')) }}"  # Volumes-gluetun_docker_volumes_global: false-gluetun_docker_volumes_default:-  - "{{ gluetun_paths_location }}:/gluetun"-gluetun_docker_volumes_custom: []-gluetun_docker_volumes: "{{ lookup('vars', gluetun_name + '_docker_volumes_default', default=gluetun_docker_volumes_default)-                            + lookup('vars', gluetun_name + '_docker_volumes_custom', default=gluetun_docker_volumes_custom) }}"--# Devices-gluetun_docker_devices_default: []-gluetun_docker_devices_custom: []-gluetun_docker_devices: "{{ lookup('vars', gluetun_name + '_docker_devices_default', default=gluetun_docker_devices_default)-                            + lookup('vars', gluetun_name + '_docker_devices_custom', default=gluetun_docker_devices_custom) }}"--# Hosts-gluetun_docker_hosts_default: {}-gluetun_docker_hosts_custom: {}-gluetun_docker_hosts: "{{ docker_hosts_common-                          | combine(lookup('vars', gluetun_name + '_docker_hosts_default', default=gluetun_docker_hosts_default))-                          | combine(lookup('vars', gluetun_name + '_docker_hosts_custom', default=gluetun_docker_hosts_custom)) }}"+gluetun_role_docker_volumes_global: false+gluetun_role_docker_volumes_default:+  - "{{ gluetun_role_paths_location }}:/gluetun"+gluetun_role_docker_volumes_custom: []+gluetun_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='gluetun')+                                 + lookup('role_var', '_docker_volumes_custom', role='gluetun') }}"  # Labels-gluetun_docker_labels_default:+gluetun_role_docker_labels_default:   com.centurylinklabs.watchtower.enable: "false"-gluetun_docker_labels_custom: {}-gluetun_docker_labels: "{{ docker_labels_common-                           | combine(lookup('vars', gluetun_name + '_docker_labels_default', default=gluetun_docker_labels_default))-                           | combine(lookup('vars', gluetun_name + '_docker_labels_custom', default=gluetun_docker_labels_custom)) }}"+gluetun_role_docker_labels_custom: {}+gluetun_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='gluetun')+                                | combine(lookup('role_var', '_docker_labels_custom', role='gluetun')) }}"  # Hostname-gluetun_docker_hostname: "{{ gluetun_name }}"+gluetun_role_docker_hostname: "{{ gluetun_name }}"  # Networks-gluetun_docker_networks_alias: "{{ gluetun_name }}"-gluetun_docker_networks_default: []-gluetun_docker_networks_custom: []-gluetun_docker_networks: "{{ docker_networks_common-                             + lookup('vars', gluetun_name + '_docker_networks_default', default=gluetun_docker_networks_default)-                             + lookup('vars', gluetun_name + '_docker_networks_custom', default=gluetun_docker_networks_custom) }}"+gluetun_role_docker_networks_alias: "{{ gluetun_name }}"+gluetun_role_docker_networks_default: []+gluetun_role_docker_networks_custom: []+gluetun_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='gluetun')+                                  + lookup('role_var', '_docker_networks_custom', role='gluetun') }}"  # Capabilities-gluetun_docker_capabilities_default:+gluetun_role_docker_capabilities_default:   - NET_ADMIN-gluetun_docker_capabilities_custom: []-gluetun_docker_capabilities: "{{ lookup('vars', gluetun_name + '_docker_capabilities_default', default=gluetun_docker_capabilities_default)-                                 + lookup('vars', gluetun_name + '_docker_capabilities_custom', default=gluetun_docker_capabilities_custom) }}"--# Security Opts-gluetun_docker_security_opts_default: []-gluetun_docker_security_opts_custom: []-gluetun_docker_security_opts: "{{ lookup('vars', gluetun_name + '_docker_security_opts_default', default=gluetun_docker_security_opts_default)-                                  + lookup('vars', gluetun_name + '_docker_security_opts_custom', default=gluetun_docker_security_opts_custom) }}"+gluetun_role_docker_capabilities_custom: []+gluetun_role_docker_capabilities: "{{ lookup('role_var', '_docker_capabilities_default', role='gluetun')+                                      + lookup('role_var', '_docker_capabilities_custom', role='gluetun') }}"  # Restart Policy-gluetun_docker_restart_policy: unless-stopped+gluetun_role_docker_restart_policy: unless-stopped  # State-gluetun_docker_state: started+gluetun_role_docker_state: started

modified

roles/gluetun/tasks/main.yml

@@ -1,7 +1,7 @@ ##########################################################################-# Title:            Sandbox: Gluetun                                     #+# Title:            Saltbox: Gluetun                                     # # Author(s):        owine                                                #-# URL:              https://github.com/saltyorg/Sandbox                  #+# URL:              https://github.com/saltyorg/Saltbox                  # # --                                                                     # ########################################################################## #                   GNU General Public License v3.0                      #

modified

roles/gluetun/tasks/main2.yml

@@ -1,7 +1,7 @@ ##########################################################################-# Title:            Sandbox: Gluetun                                     #+# Title:            Saltbox: Gluetun                                     # # Author(s):        owine                                                #-# URL:              https://github.com/saltyorg/Sandbox                  #+# URL:              https://github.com/saltyorg/Saltbox                  # # --                                                                     # ########################################################################## #                   GNU General Public License v3.0                      #

modified

roles/grafana/defaults/main.yml

@@ -1,9 +1,9 @@ #########################################################################-# Title:            Saltbox: Grafana Role | Default Variables           #-# Author(s):        desimaniac, salty                                   #-# URL:              https://github.com/saltyorg/Saltbox                 #+# Title:            Saltbox: Grafana | Default Variables               #+# Author(s):        desimaniac, salty                                  #+# URL:              https://github.com/saltyorg/Saltbox                # #########################################################################-#                   GNU General Public License v3.0                     #+#                   GNU General Public License v3.0                    # ######################################################################### --- ################################@@ -13,144 +13,101 @@ grafana_name: grafana  ################################+# Settings+################################++# Comma separated list of plugins+grafana_role_plugins: ""++################################ # Paths ################################ -grafana_paths_folder: "{{ grafana_name }}"-grafana_paths_location: "{{ server_appdata_path }}/{{ grafana_paths_folder }}"-grafana_paths_folders_list:-  - "{{ grafana_paths_location }}"+grafana_role_paths_folder: "{{ grafana_name }}"+grafana_role_paths_location: "{{ server_appdata_path }}/{{ grafana_role_paths_folder }}"+grafana_role_paths_folders_list:+  - "{{ grafana_role_paths_location }}"  ################################ # Web ################################ -grafana_web_subdomain: "{{ grafana_name }}"-grafana_web_domain: "{{ user.domain }}"-grafana_web_port: "3000"-grafana_web_url: "{{ 'https://' + (grafana_web_subdomain + '.' + grafana_web_domain-                  if (grafana_web_subdomain | length > 0)-                  else grafana_web_domain) }}"+grafana_role_web_subdomain: "{{ grafana_name }}"+grafana_role_web_domain: "{{ user.domain }}"+grafana_role_web_port: "3000"+grafana_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='grafana') + '.' + lookup('role_var', '_web_domain', role='grafana')+                       if (lookup('role_var', '_web_subdomain', role='grafana') | length > 0)+                       else lookup('role_var', '_web_domain', role='grafana')) }}"  ################################ # DNS ################################ -grafana_dns_record: "{{ grafana_web_subdomain }}"-grafana_dns_zone: "{{ grafana_web_domain }}"-grafana_dns_proxy: "{{ dns.proxied }}"+grafana_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='grafana') }}"+grafana_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='grafana') }}"+grafana_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -grafana_traefik_sso_middleware: ""-grafana_traefik_middleware_default: "{{ traefik_default_middleware }}"-grafana_traefik_middleware_custom: ""-grafana_traefik_certresolver: "{{ traefik_default_certresolver }}"-grafana_traefik_enabled: true-grafana_traefik_api_enabled: false-grafana_traefik_api_endpoint: ""--################################-# Plugins-################################--# Comma separated list of plugins-grafana_plugins: ""+grafana_role_traefik_sso_middleware: ""+grafana_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+grafana_role_traefik_middleware_custom: ""+grafana_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+grafana_role_traefik_enabled: true+grafana_role_traefik_api_enabled: false+grafana_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-grafana_docker_container: "{{ grafana_name }}"+grafana_role_docker_container: "{{ grafana_name }}"  # Image-grafana_docker_image_pull: true-grafana_docker_image_tag: "latest"-grafana_docker_image: "grafana/grafana:{{ grafana_docker_image_tag }}"--# Ports-grafana_docker_ports_defaults: []-grafana_docker_ports_custom: []-grafana_docker_ports: "{{ grafana_docker_ports_defaults-                          + grafana_docker_ports_custom }}"+grafana_role_docker_image_pull: true+grafana_role_docker_image_repo: "grafana/grafana"+grafana_role_docker_image_tag: "latest"+grafana_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='grafana') }}:{{ lookup('role_var', '_docker_image_tag', role='grafana') }}"  # Envs-grafana_docker_envs_default:+grafana_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"-  GF_SERVER_ROOT_URL: "https://grafana.{{ user.domain }}"+  GF_SERVER_ROOT_URL: "{{ lookup('role_var', '_web_url', role='grafana') }}"   GF_SECURITY_ADMIN_USER: "{{ user.name }}"   GF_SECURITY_ADMIN_PASSWORD: "{{ user.pass }}"-  GF_INSTALL_PLUGINS: "{{ grafana_plugins }}"-grafana_docker_envs_custom: {}-grafana_docker_envs: "{{ grafana_docker_envs_default-                          | combine(grafana_docker_envs_custom) }}"--# Commands-grafana_docker_commands_default: []-grafana_docker_commands_custom: []-grafana_docker_commands: "{{ grafana_docker_commands_default-                              + grafana_docker_commands_custom }}"+  GF_INSTALL_PLUGINS: "{{ lookup('role_var', '_plugins', role='grafana') }}"+grafana_role_docker_envs_custom: {}+grafana_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='grafana')+                              | combine(lookup('role_var', '_docker_envs_custom', role='grafana')) }}"  # Volumes-grafana_docker_volumes_default:-  - "{{ grafana_paths_location }}:/var/lib/grafana"-grafana_docker_volumes_custom: []-grafana_docker_volumes: "{{ grafana_docker_volumes_default-                            + grafana_docker_volumes_custom }}"--# Devices-grafana_docker_devices_default: []-grafana_docker_devices_custom: []-grafana_docker_devices: "{{ grafana_docker_devices_default-                            + grafana_docker_devices_custom }}"--# Hosts-grafana_docker_hosts_default: {}-grafana_docker_hosts_custom: {}-grafana_docker_hosts: "{{ docker_hosts_common-                          | combine(grafana_docker_hosts_default)-                          | combine(grafana_docker_hosts_custom) }}"--# Labels-grafana_docker_labels_default: {}-grafana_docker_labels_custom: {}-grafana_docker_labels: "{{ docker_labels_common-                            | combine(grafana_docker_labels_default)-                            | combine(grafana_docker_labels_custom) }}"+grafana_role_docker_volumes_default:+  - "{{ grafana_role_paths_location }}:/var/lib/grafana"+grafana_role_docker_volumes_custom: []+grafana_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='grafana')+                                 + lookup('role_var', '_docker_volumes_custom', role='grafana') }}"  # Hostname-grafana_docker_hostname: "{{ grafana_name }}"+grafana_role_docker_hostname: "{{ grafana_name }}"  # Networks-grafana_docker_networks_alias: "{{ grafana_name }}"-grafana_docker_networks_default: []-grafana_docker_networks_custom: []-grafana_docker_networks: "{{ docker_networks_common-                              + grafana_docker_networks_default-                              + grafana_docker_networks_custom }}"--# Capabilities-grafana_docker_capabilities_default: []-grafana_docker_capabilities_custom: []-grafana_docker_capabilities: "{{ grafana_docker_capabilities_default-                                  + grafana_docker_capabilities_custom }}"--# Security Opts-grafana_docker_security_opts_default: []-grafana_docker_security_opts_custom: []-grafana_docker_security_opts: "{{ grafana_docker_security_opts_default-                                  + grafana_docker_security_opts_custom }}"+grafana_role_docker_networks_alias: "{{ grafana_name }}"+grafana_role_docker_networks_default: []+grafana_role_docker_networks_custom: []+grafana_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='grafana')+                                  + lookup('role_var', '_docker_networks_custom', role='grafana') }}"  # Restart Policy-grafana_docker_restart_policy: unless-stopped+grafana_role_docker_restart_policy: unless-stopped  # State-grafana_docker_state: started+grafana_role_docker_state: started  # User-grafana_docker_user: "{{ uid }}:{{ gid }}"+grafana_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/grafana/tasks/main.yml

@@ -9,9 +9,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/hetzner/tasks/main.yml

@@ -8,7 +8,7 @@ ######################################################################### --- - name: "Hetzner Tasks"-  ansible.builtin.import_tasks: "subtasks/hetzner.yml"+  ansible.builtin.include_tasks: "subtasks/hetzner.yml"  - name: "Restart Tasks"   ansible.builtin.include_tasks: "subtasks/restart.yml"

modified

roles/hetzner/tasks/subtasks/hetzner.yml

@@ -10,7 +10,7 @@ - name: Hetzner | Install 'pciutils'   ansible.builtin.apt:     name: pciutils-    state: present+    state: latest  - name: Hetzner | Fetch PCI info   ansible.builtin.shell: "lspci -v -s $(lspci | grep -E '.*VGA.*Intel.*' | cut -d' ' -f 1) 2>/dev/null || :"

modified

roles/hetzner_nfs/tasks/hetzner_nfs_mount.yml

@@ -15,7 +15,7 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"   with_items:-    - /opt/hetzner_nfs+    - "{{ server_appdata_path }}/hetzner_nfs"     - /mnt/feeder  - name: Import 'hosts.deny' file@@ -38,7 +38,7 @@  - name: Install nfs requirements   ansible.builtin.apt:-    state: present+    state: latest     name:       - rpcbind       - nfs-common@@ -46,7 +46,7 @@ - name: Import 'init_vlan.sh' file   ansible.builtin.template:     src: client/init_vlan.sh.j2-    dest: /opt/hetzner_nfs/init_vlan.sh+    dest: "{{ server_appdata_path }}/hetzner_nfs/init_vlan.sh"     owner: '{{ user.name }}'     group: '{{ user.name }}'     mode: "0775"@@ -82,7 +82,7 @@     regexp: '(^After\=network-online\.target).*'     line: '\1 init_vlan.service'     state: present-    backrefs: yes+    backrefs: true   when: mergerfs_service.stat.exists  - name: Replace '/mnt/local' with '/mnt/feeder' in '{{ mergerfs_service_name }}'

modified

roles/hetzner_nfs/tasks/hetzner_nfs_server.yml

@@ -15,7 +15,7 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"   with_items:-    - /opt/hetzner_nfs+    - "{{ server_appdata_path }}/hetzner_nfs"  - name: Import 'hosts.deny' file   ansible.builtin.template:@@ -28,7 +28,7 @@  - name: Install nfs server   ansible.builtin.apt:-    state: present+    state: latest     name:       - rpcbind       - nfs-kernel-server@@ -48,7 +48,7 @@ - name: Import 'init_vlan.sh' file   ansible.builtin.template:     src: server/init_vlan.sh.j2-    dest: /opt/hetzner_nfs/init_vlan.sh+    dest: "{{ server_appdata_path }}/hetzner_nfs/init_vlan.sh"     owner: '{{ user.name }}'     group: '{{ user.name }}'     mode: "0775"

modified

roles/hetzner_nfs/tasks/hetzner_nfs_server_uninstall.yml

@@ -35,7 +35,7 @@     - "/etc/systemd/system/nfs_vlan.service"     - "/etc/exports"     - "/etc/hosts.deny"-    - "/opt/hetzner_nfs"+    - "{{ server_appdata_path }}/hetzner_nfs"  - name: Reboot message   ansible.builtin.debug:

modified

roles/hetzner_nfs/tasks/hetzner_nfs_unmount.yml

@@ -35,7 +35,7 @@     - "/etc/systemd/system/nfs_vlan.service"     - "/etc/hosts.allow"     - "/etc/hosts.deny"-    - "/opt/hetzner_nfs"+    - "{{ server_appdata_path }}/hetzner_nfs"     - "/mnt/feeder"    # mergerfs edits@@ -46,7 +46,7 @@     regexp: '(^After\=.*)\sinit_vlan\.service\s(.*)'     line: '\1 \2'     state: present-    backrefs: yes+    backrefs: true   when: mergerfs_service.stat.exists  - name: Replace '/mnt/feeder' with '/mnt/local' in '{{ mergerfs_service_name }}'

modified

roles/hetzner_nfs/tasks/services_stop.yml

@@ -18,7 +18,7 @@  - name: Get 'docker.service' state   ansible.builtin.set_fact:-    docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"+    docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"   when: docker_binary.stat.exists  - name: Gather list of running Docker containers@@ -52,7 +52,7 @@  - name: Get '{{ mergerfs_service_name }}' state   ansible.builtin.set_fact:-    mergerfs_service_running: "{{ (services[mergerfs_service_name] is defined) and (services[mergerfs_service_name]['state'] == 'running') }}"+    mergerfs_service_running: "{{ (ansible_facts['services'][mergerfs_service_name] is defined) and (ansible_facts['services'][mergerfs_service_name]['state'] == 'running') }}"   when: mergerfs_service.stat.exists  - name: Stop existing '{{ mergerfs_service_name }}'

modified

roles/hetzner_nfs/templates/client/init_vlan.sh.j2

@@ -1,7 +1,7 @@ #!/bin/bash-sudo ip link add link {{ ansible_default_ipv4.interface }} name {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} type vlan id {{ hetzner_nfs.vlan_id }}-sudo ip link set {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} mtu 1400-sudo ip link set dev {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} up-sudo ip addr add 192.168.100.{{ hetzner_nfs.mount_client }}/24 brd 192.168.100.255 dev {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }}+sudo ip link add link {{ ansible_facts['default_ipv4']['interface'] }} name {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} type vlan id {{ hetzner_nfs.vlan_id }}+sudo ip link set {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} mtu 1400+sudo ip link set dev {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} up+sudo ip addr add 192.168.100.{{ hetzner_nfs.mount_client }}/24 brd 192.168.100.255 dev {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} sudo umount /mnt/feeder sudo mount 192.168.100.2:/mnt/local /mnt/feeder

modified

roles/hetzner_nfs/templates/client/nfs_vlan.service.j2

@@ -6,7 +6,7 @@ After=network.target network-online.target  [Service]-ExecStart=/opt/hetzner_nfs/init_vlan.sh+ExecStart={{ server_appdata_path }}/hetzner_nfs/init_vlan.sh  [Install] WantedBy=multi-user.target

modified

roles/hetzner_nfs/templates/server/init_vlan.sh.j2

@@ -1,5 +1,5 @@ #!/bin/bash-sudo ip link add link {{ ansible_default_ipv4.interface }} name {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} type vlan id {{ hetzner_nfs.vlan_id }}-sudo ip link set {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} mtu 1400-sudo ip link set dev {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }} up-sudo ip addr add 192.168.100.{{ hetzner_nfs.server }}/24 brd 192.168.100.255 dev {{ ansible_default_ipv4.interface }}.{{ hetzner_nfs.vlan_id }}+sudo ip link add link {{ ansible_facts['default_ipv4']['interface'] }} name {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} type vlan id {{ hetzner_nfs.vlan_id }}+sudo ip link set {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} mtu 1400+sudo ip link set dev {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }} up+sudo ip addr add 192.168.100.{{ hetzner_nfs.server }}/24 brd 192.168.100.255 dev {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_nfs.vlan_id }}

modified

roles/hetzner_nfs/templates/server/nfs_vlan.service.j2

@@ -6,7 +6,7 @@ After=network.target network-online.target  [Service]-ExecStart=/opt/hetzner_nfs/init_vlan.sh+ExecStart={{ server_appdata_path }}/hetzner_nfs/init_vlan.sh  [Install] WantedBy=multi-user.target

modified

roles/hetzner_vlan/tasks/main.yml

@@ -9,7 +9,7 @@ --- - name: Setup Netplan VLAN   ansible.builtin.shell: |-    yyq -i '.network.vlans += {"{{ ansible_default_ipv4.interface }}.{{ hetzner_vlan.vlan_id }}": {"id": {{ hetzner_vlan.vlan_id }}, "link": "{{ ansible_default_ipv4.interface }}", "mtu": 1400, "addresses": ["192.168.100.{{ hetzner_vlan.client_number }}/24"]}}' /etc/netplan/01-netcfg.yaml+    yyq -i '.network.vlans += {"{{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_vlan.vlan_id }}": {"id": {{ hetzner_vlan.vlan_id }}, "link": "{{ ansible_facts['default_ipv4']['interface'] }}", "mtu": 1400, "addresses": ["192.168.100.{{ hetzner_vlan.client_number }}/24"]}}' /etc/netplan/01-netcfg.yaml   when: ('hetzner-vlan-deploy' in ansible_run_tags)  - name: Remove Netplan VLAN@@ -22,5 +22,5 @@   when: hetzner_vlan_netplan_apply  - name: Remove VLAN link-  ansible.builtin.shell: ip link delete {{ ansible_default_ipv4.interface }}.{{ hetzner_vlan.vlan_id }}+  ansible.builtin.shell: ip link delete {{ ansible_facts['default_ipv4']['interface'] }}.{{ hetzner_vlan.vlan_id }}   when: ('hetzner-vlan-remove' in ansible_run_tags) and hetzner_vlan_netplan_apply

modified

roles/jackett/defaults/main.yml

@@ -17,145 +17,108 @@ # Paths ################################ -jackett_paths_folder: "{{ jackett_name }}"-jackett_paths_location: "{{ server_appdata_path }}/{{ jackett_paths_folder }}"-jackett_paths_folders_list:-  - "{{ jackett_paths_location }}"+jackett_role_paths_folder: "{{ jackett_name }}"+jackett_role_paths_location: "{{ server_appdata_path }}/{{ jackett_role_paths_folder }}"+jackett_role_paths_folders_list:+  - "{{ jackett_role_paths_location }}"  ################################ # Web ################################ -jackett_web_subdomain: "{{ jackett_name }}"-jackett_web_domain: "{{ user.domain }}"-jackett_web_port: "9117"-jackett_web_url: "{{ 'https://' + (jackett_web_subdomain + '.' + jackett_web_domain-                  if (jackett_web_subdomain | length > 0)-                  else jackett_web_domain) }}"+jackett_role_web_subdomain: "{{ jackett_name }}"+jackett_role_web_domain: "{{ user.domain }}"+jackett_role_web_port: "9117"+jackett_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='jackett') + '.' + lookup('role_var', '_web_domain', role='jackett')+                       if (lookup('role_var', '_web_subdomain', role='jackett') | length > 0)+                       else lookup('role_var', '_web_domain', role='jackett')) }}"  ################################ # DNS ################################ -jackett_dns_record: "{{ jackett_web_subdomain }}"-jackett_dns_zone: "{{ jackett_web_domain }}"-jackett_dns_proxy: "{{ dns.proxied }}"+jackett_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='jackett') }}"+jackett_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='jackett') }}"+jackett_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -jackett_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-jackett_traefik_middleware_default: "{{ traefik_default_middleware-                                        + (',themepark-' + lookup('vars', jackett_name + '_name', default=jackett_name)-                                          if (jackett_themepark_enabled and global_themepark_plugin_enabled)-                                          else '') }}"-jackett_traefik_middleware_custom: ""-jackett_traefik_certresolver: "{{ traefik_default_certresolver }}"-jackett_traefik_enabled: true-jackett_traefik_api_enabled: true-jackett_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/dl`)"+jackett_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+jackett_role_traefik_middleware_default: "{{ traefik_default_middleware+                                             + (',themepark-' + jackett_name+                                               if (lookup('role_var', '_themepark_enabled', role='jackett') and global_themepark_plugin_enabled)+                                               else '') }}"+jackett_role_traefik_middleware_custom: ""+jackett_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+jackett_role_traefik_enabled: true+jackett_role_traefik_api_enabled: true+jackett_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/dl`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-jackett_themepark_enabled: false-jackett_themepark_app: "jackett"-jackett_themepark_theme: "{{ global_themepark_theme }}"-jackett_themepark_domain: "{{ global_themepark_domain }}"-jackett_themepark_addons: []+jackett_role_themepark_enabled: false+jackett_role_themepark_app: "jackett"+jackett_role_themepark_theme: "{{ global_themepark_theme }}"+jackett_role_themepark_domain: "{{ global_themepark_domain }}"+jackett_role_themepark_addons: []  ################################ # Docker ################################  # Container-jackett_docker_container: "{{ jackett_name }}"+jackett_role_docker_container: "{{ jackett_name }}"  # Image-jackett_docker_image_pull: true-jackett_docker_image_tag: "release"-jackett_docker_image: "ghcr.io/hotio/jackett:{{ jackett_docker_image_tag }}"--# Ports-jackett_docker_ports_defaults: []-jackett_docker_ports_custom: []-jackett_docker_ports: "{{ jackett_docker_ports_defaults-                          + jackett_docker_ports_custom }}"+jackett_role_docker_image_pull: true+jackett_role_docker_image_repo: "ghcr.io/hotio/jackett"+jackett_role_docker_image_tag: "release"+jackett_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='jackett') }}:{{ lookup('role_var', '_docker_image_tag', role='jackett') }}"  # Envs-jackett_docker_envs_default:+jackett_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-jackett_docker_envs_custom: {}-jackett_docker_envs: "{{ jackett_docker_envs_default-                         | combine(jackett_docker_envs_custom) }}"--# Commands-jackett_docker_commands_default: []-jackett_docker_commands_custom: []-jackett_docker_commands: "{{ jackett_docker_commands_default-                             + jackett_docker_commands_custom }}"+jackett_role_docker_envs_custom: {}+jackett_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='jackett')+                              | combine(lookup('role_var', '_docker_envs_custom', role='jackett')) }}"  # Volumes-jackett_docker_volumes_default:-  - "{{ jackett_paths_location }}:/config"-jackett_docker_volumes_custom: []-jackett_docker_volumes: "{{ jackett_docker_volumes_default-                            + jackett_docker_volumes_custom }}"--# Devices-jackett_docker_devices_default: []-jackett_docker_devices_custom: []-jackett_docker_devices: "{{ jackett_docker_devices_default-                            + jackett_docker_devices_custom }}"--# Hosts-jackett_docker_hosts_default: {}-jackett_docker_hosts_custom: {}-jackett_docker_hosts: "{{ docker_hosts_common-                          | combine(jackett_docker_hosts_default)-                          | combine(jackett_docker_hosts_custom) }}"+jackett_role_docker_volumes_default:+  - "{{ jackett_role_paths_location }}:/config"+jackett_role_docker_volumes_custom: []+jackett_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='jackett')+                                 + lookup('role_var', '_docker_volumes_custom', role='jackett') }}"  # Labels-jackett_docker_labels_default: {}-jackett_docker_labels_custom: {}-jackett_docker_labels: "{{ docker_labels_common-                           | combine(lookup('vars', jackett_name + '_docker_labels_default', default=jackett_docker_labels_default))-                           | combine((traefik_themepark_labels-                                     if (jackett_themepark_enabled and global_themepark_plugin_enabled)-                                     else {}),-                                     lookup('vars', jackett_name + '_docker_labels_custom', default=jackett_docker_labels_custom)) }}"+jackett_role_docker_labels_default: {}+jackett_role_docker_labels_custom: {}+jackett_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='jackett')+                                | combine((traefik_themepark_labels+                                          if (lookup('role_var', '_themepark_enabled', role='jackett') and global_themepark_plugin_enabled)+                                          else {}),+                                          lookup('role_var', '_docker_labels_custom', role='jackett')) }}"  # Hostname-jackett_docker_hostname: "{{ jackett_name }}"+jackett_role_docker_hostname: "{{ jackett_name }}"  # Networks-jackett_docker_networks_alias: "{{ jackett_name }}"-jackett_docker_networks_default: []-jackett_docker_networks_custom: []-jackett_docker_networks: "{{ docker_networks_common-                             + jackett_docker_networks_default-                             + jackett_docker_networks_custom }}"--# Capabilities-jackett_docker_capabilities_default: []-jackett_docker_capabilities_custom: []-jackett_docker_capabilities: "{{ jackett_docker_capabilities_default-                                 + jackett_docker_capabilities_custom }}"--# Security Opts-jackett_docker_security_opts_default: []-jackett_docker_security_opts_custom: []-jackett_docker_security_opts: "{{ jackett_docker_security_opts_default-                                  + jackett_docker_security_opts_custom }}"+jackett_role_docker_networks_alias: "{{ jackett_name }}"+jackett_role_docker_networks_default: []+jackett_role_docker_networks_custom: []+jackett_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='jackett')+                                  + lookup('role_var', '_docker_networks_custom', role='jackett') }}"  # Restart Policy-jackett_docker_restart_policy: unless-stopped+jackett_role_docker_restart_policy: unless-stopped  # State-jackett_docker_state: started+jackett_role_docker_state: started

modified

roles/jackett/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/jellyfin/defaults/main.yml

@@ -1,10 +1,10 @@ #########################################################################-# Title:         Saltbox: Jellyfin                                      #-# Author(s):     kowalski, desimaniac, owine                            #-# URL:           https://github.com/saltyorg/Saltbox                    #-# --                                                                    #+# Title:         Saltbox: Jellyfin | Default Variables                  #+# Author(s):     kowalski, desimaniac, owine                           #+# URL:           https://github.com/saltyorg/Saltbox                   #+# --                                                                   # #########################################################################-#                   GNU General Public License v3.0                     #+#                   GNU General Public License v3.0                    # ######################################################################### --- ################################@@ -14,187 +14,166 @@ jellyfin_instances: ["jellyfin"]  ################################+# Settings+################################++# System+jellyfin_role_system_settings_public_port: "80"+jellyfin_role_system_settings_public_https_port: "443"+jellyfin_role_system_settings_enable_folder_view: "true"+jellyfin_role_system_settings_quick_connect_available: "true"+jellyfin_role_system_settings_enable_remote_access: "true"+jellyfin_role_system_settings_server_name: "saltbox"++# Network+jellyfin_role_network_settings_public_http_port: "80"+jellyfin_role_network_settings_public_https_port: "443"+jellyfin_role_network_settings_known_proxies:+  - traefik+jellyfin_role_network_settings_published_server_uri_by_subnet:+  - "external={{ lookup('role_var', '_web_url', role='jellyfin') }}:443"++################################ # Paths ################################ -jellyfin_paths_folder: "{{ jellyfin_name }}"-jellyfin_paths_location: "{{ server_appdata_path }}/{{ jellyfin_paths_folder }}"-jellyfin_paths_transcodes_location: "{{ transcodes_path }}/{{ jellyfin_paths_folder }}"-jellyfin_paths_folders_list:-  - "{{ jellyfin_paths_location }}"-  - "{{ jellyfin_paths_location }}/data"-  - "{{ jellyfin_paths_location }}/log"-  - "{{ jellyfin_paths_location }}/cache"-  - "{{ jellyfin_paths_transcodes_location }}"-jellyfin_paths_dlna_location: "{{ jellyfin_paths_location }}/dlna.xml"-jellyfin_paths_sys_xml_location: "{{ jellyfin_paths_location }}/system.xml"-jellyfin_paths_net_xml_location: "{{ jellyfin_paths_location }}/network.xml"-jellyfin_paths_xml_loct_old: "{{ jellyfin_paths_location }}/app/config/system.xml"+jellyfin_role_paths_folder: "{{ jellyfin_name }}"+jellyfin_role_paths_location: "{{ server_appdata_path }}/{{ jellyfin_role_paths_folder }}"+jellyfin_role_paths_transcodes_location: "{{ transcodes_path }}/{{ jellyfin_role_paths_folder }}"+jellyfin_role_paths_folders_list:+  - "{{ jellyfin_role_paths_location }}"+  - "{{ jellyfin_role_paths_location }}/data"+  - "{{ jellyfin_role_paths_location }}/log"+  - "{{ jellyfin_role_paths_location }}/cache"+  - "{{ jellyfin_role_paths_transcodes_location }}"+jellyfin_role_paths_dlna_location: "{{ jellyfin_role_paths_location }}/dlna.xml"+jellyfin_role_paths_sys_xml_location: "{{ jellyfin_role_paths_location }}/system.xml"+jellyfin_role_paths_net_xml_location: "{{ jellyfin_role_paths_location }}/network.xml"+jellyfin_role_paths_xml_location_old: "{{ jellyfin_role_paths_location }}/app/config/system.xml"  ################################ # Web ################################ -jellyfin_web_subdomain: "{{ jellyfin_name }}"-jellyfin_web_domain: "{{ user.domain }}"-jellyfin_web_port: "8096"-jellyfin_web_url: "{{ 'https://' + (lookup('vars', jellyfin_name + '_web_subdomain', default=jellyfin_web_subdomain) + '.' + lookup('vars', jellyfin_name + '_web_domain', default=jellyfin_web_domain)-                   if (lookup('vars', jellyfin_name + '_web_subdomain', default=jellyfin_web_subdomain) | length > 0)-                   else lookup('vars', jellyfin_name + '_web_domain', default=jellyfin_web_domain)) }}"+jellyfin_role_web_subdomain: "{{ jellyfin_name }}"+jellyfin_role_web_domain: "{{ user.domain }}"+jellyfin_role_web_port: "8096"+jellyfin_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='jellyfin') + '.' + lookup('role_var', '_web_domain', role='jellyfin')+                        if (lookup('role_var', '_web_subdomain', role='jellyfin') | length > 0)+                        else lookup('role_var', '_web_domain', role='jellyfin')) }}"  ################################ # DNS ################################ -jellyfin_dns_record: "{{ lookup('vars', jellyfin_name + '_web_subdomain', default=jellyfin_web_subdomain) }}"-jellyfin_dns_zone: "{{ lookup('vars', jellyfin_name + '_web_domain', default=jellyfin_web_domain) }}"-jellyfin_dns_proxy: "{{ dns.proxied }}"+jellyfin_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='jellyfin') }}"+jellyfin_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='jellyfin') }}"+jellyfin_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -jellyfin_traefik_sso_middleware: ""-jellyfin_traefik_middleware_default: "{{ traefik_default_middleware }}"-jellyfin_traefik_middleware_custom: ""-jellyfin_traefik_certresolver: "{{ traefik_default_certresolver }}"-jellyfin_traefik_enabled: true-jellyfin_traefik_api_enabled: false-jellyfin_traefik_api_endpoint: ""-jellyfin_traefik_gzip_enabled: false+jellyfin_role_traefik_sso_middleware: ""+jellyfin_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+jellyfin_role_traefik_middleware_custom: ""+jellyfin_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+jellyfin_role_traefik_enabled: true+jellyfin_role_traefik_api_enabled: false+jellyfin_role_traefik_api_endpoint: ""+jellyfin_role_traefik_gzip_enabled: false  ################################ # Config ################################ -# System-jellyfin_system_settings_default:-  - { xpath: 'PublicPort', value: '80' }-  - { xpath: 'PublicHttpsPort', value: '443' }-  - { xpath: 'EnableFolderView', value: 'true' }-  - { xpath: 'QuickConnectAvailable', value: 'true' }-  - { xpath: 'EnableRemoteAccess', value: 'true' }-  - { xpath: 'ServerName', value: 'saltbox' }-jellyfin_system_settings_custom: []-jellyfin_system_settings_list: "{{ lookup('vars', jellyfin_name + '_system_settings_default', default=jellyfin_system_settings_default) + lookup('vars', jellyfin_name + '_system_settings_custom', default=jellyfin_system_settings_custom) }}"+jellyfin_role_system_settings_default:+  - xpath: 'PublicPort'+    value: "{{ lookup('role_var', '_system_settings_public_port', role='jellyfin') }}"+  - xpath: 'PublicHttpsPort'+    value: "{{ lookup('role_var', '_system_settings_public_https_port', role='jellyfin') }}"+  - xpath: 'EnableFolderView'+    value: "{{ lookup('role_var', '_system_settings_enable_folder_view', role='jellyfin') }}"+  - xpath: 'QuickConnectAvailable'+    value: "{{ lookup('role_var', '_system_settings_quick_connect_available', role='jellyfin') }}"+  - xpath: 'EnableRemoteAccess'+    value: "{{ lookup('role_var', '_system_settings_enable_remote_access', role='jellyfin') }}"+  - xpath: 'ServerName'+    value: "{{ lookup('role_var', '_system_settings_server_name', role='jellyfin') }}"+jellyfin_role_system_settings_custom: []+jellyfin_role_system_settings_list: "{{ lookup('role_var', '_system_settings_default', role='jellyfin') + lookup('role_var', '_system_settings_custom', role='jellyfin') }}" -# Network-jellyfin_network_settings_default:-  - { xpath: 'KnownProxies', set_children: [{ 'string': 'traefik' }] }-  - { xpath: 'PublicPort', value: '80' }-  - { xpath: 'PublicHttpsPort', value: '443' }-  - { xpath: 'PublishedServerUriBySubnet', set_children: [{ 'string': 'external={{ jellyfin_web_url }}:443' }] }-jellyfin_network_settings_custom: []-jellyfin_network_settings_list: "{{ lookup('vars', jellyfin_name + '_network_settings_default', default=jellyfin_network_settings_default) + lookup('vars', jellyfin_name + '_network_settings_custom', default=jellyfin_network_settings_custom) }}"+jellyfin_role_network_settings_default:+  - xpath: 'PublicPort'+    value: "{{ lookup('role_var', '_network_settings_public_http_port', role='jellyfin') }}"+  - xpath: 'PublicHttpsPort'+    value: "{{ lookup('role_var', '_network_settings_public_https_port', role='jellyfin') }}"+  - xpath: 'KnownProxies'+    set_children: "{{ lookup('role_var', '_network_settings_known_proxies', role='jellyfin') | map('community.general.dict_kv', 'string') | list }}"+  - xpath: 'PublishedServerUriBySubnet'+    set_children: "{{ lookup('role_var', '_network_settings_published_server_uri_by_subnet', role='jellyfin') | map('community.general.dict_kv', 'string') | list }}"+jellyfin_role_network_settings_custom: []+jellyfin_role_network_settings_list: "{{ lookup('role_var', '_network_settings_default', role='jellyfin') + lookup('role_var', '_network_settings_custom', role='jellyfin') }}"  ################################ # Docker ################################  # Container-jellyfin_docker_container: "{{ jellyfin_name }}"+jellyfin_role_docker_container: "{{ jellyfin_name }}"  # Image-jellyfin_docker_image_pull: true-jellyfin_docker_image_repo: "ghcr.io/hotio/jellyfin"-jellyfin_docker_image_tag: "release"-jellyfin_docker_image: "{{ lookup('vars', jellyfin_name + '_docker_image_repo', default=jellyfin_docker_image_repo)-                           + ':' + lookup('vars', jellyfin_name + '_docker_image_tag', default=jellyfin_docker_image_tag) }}"--# Ports-jellyfin_docker_ports_defaults: []-jellyfin_docker_ports_custom: []-jellyfin_docker_ports: "{{ lookup('vars', jellyfin_name + '_docker_ports_defaults', default=jellyfin_docker_ports_defaults)-                           + lookup('vars', jellyfin_name + '_docker_ports_custom', default=jellyfin_docker_ports_custom) }}"+jellyfin_role_docker_image_pull: true+jellyfin_role_docker_image_repo: "ghcr.io/hotio/jellyfin"+jellyfin_role_docker_image_tag: "release"+jellyfin_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='jellyfin') }}:{{ lookup('role_var', '_docker_image_tag', role='jellyfin') }}"  # Envs-jellyfin_docker_envs_default:+jellyfin_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"   DOTNET_USE_POLLING_FILE_WATCHER: "1"-jellyfin_docker_envs_custom: {}-jellyfin_docker_envs: "{{ lookup('vars', jellyfin_name + '_docker_envs_default', default=jellyfin_docker_envs_default)-                          | combine(lookup('vars', jellyfin_name + '_docker_envs_custom', default=jellyfin_docker_envs_custom)) }}"--# Commands-jellyfin_docker_commands_default: []-jellyfin_docker_commands_custom: []-jellyfin_docker_commands: "{{ lookup('vars', jellyfin_name + '_docker_commands_default', default=jellyfin_docker_commands_default)-                              + lookup('vars', jellyfin_name + '_docker_commands_custom', default=jellyfin_docker_commands_custom) }}"+jellyfin_role_docker_envs_custom: {}+jellyfin_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='jellyfin')+                               | combine(lookup('role_var', '_docker_envs_custom', role='jellyfin')) }}"  # Volumes-jellyfin_docker_volumes_default:-  - "{{ jellyfin_paths_location }}:/config:rw"+jellyfin_role_docker_volumes_default:+  - "{{ jellyfin_role_paths_location }}:/config:rw"   - "{{ server_appdata_path }}/scripts:/scripts"   - "/dev/shm:/dev/shm"-  - "{{ jellyfin_paths_transcodes_location }}:/transcode"-jellyfin_docker_volumes_legacy:+  - "{{ jellyfin_role_paths_transcodes_location }}:/transcode"+jellyfin_role_docker_volumes_legacy:   - "/mnt/unionfs/Media:/data"-jellyfin_docker_volumes_custom: []-jellyfin_docker_volumes: "{{ lookup('vars', jellyfin_name + '_docker_volumes_default', default=jellyfin_docker_volumes_default)-                             + lookup('vars', jellyfin_name + '_docker_volumes_custom', default=jellyfin_docker_volumes_custom)-                             + (lookup('vars', jellyfin_name + '_docker_volumes_legacy', default=jellyfin_docker_volumes_legacy)-                               if docker_legacy_volume-                               else []) }}"+jellyfin_role_docker_volumes_custom: []+jellyfin_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='jellyfin')+                                  + lookup('role_var', '_docker_volumes_custom', role='jellyfin')+                                  + (lookup('role_var', '_docker_volumes_legacy', role='jellyfin')+                                    if docker_legacy_volume+                                    else []) }}"  # Mounts-jellyfin_docker_mounts_default:+jellyfin_role_docker_mounts_default:   - target: /tmp     type: tmpfs-jellyfin_docker_mounts_custom: []-jellyfin_docker_mounts: "{{ lookup('vars', jellyfin_name + '_docker_mounts_default', default=jellyfin_docker_mounts_default)-                            + lookup('vars', jellyfin_name + '_docker_mounts_custom', default=jellyfin_docker_mounts_custom) }}"--# Devices-jellyfin_docker_devices_default: []-jellyfin_docker_devices_custom: []-jellyfin_docker_devices: "{{ lookup('vars', jellyfin_name + '_docker_devices_default', default=jellyfin_docker_devices_default)-                             + lookup('vars', jellyfin_name + '_docker_devices_custom', default=jellyfin_docker_devices_custom) }}"--# Hosts-jellyfin_docker_hosts_default: {}-jellyfin_docker_hosts_custom: {}-jellyfin_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', jellyfin_name + '_docker_hosts_default', default=jellyfin_docker_hosts_default))-                           | combine(lookup('vars', jellyfin_name + '_docker_hosts_custom', default=jellyfin_docker_hosts_custom)) }}"--# Labels-jellyfin_docker_labels_default: {}-jellyfin_docker_labels_custom: {}-jellyfin_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', jellyfin_name + '_docker_labels_default', default=jellyfin_docker_labels_default))-                            | combine(lookup('vars', jellyfin_name + '_docker_labels_custom', default=jellyfin_docker_labels_custom)) }}"+jellyfin_role_docker_mounts_custom: []+jellyfin_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='jellyfin')+                                 + lookup('role_var', '_docker_mounts_custom', role='jellyfin') }}"  # Hostname-jellyfin_docker_hostname: "{{ jellyfin_name }}"--# Network Mode-jellyfin_docker_network_mode_default: "{{ docker_networks_name_common }}"-jellyfin_docker_network_mode: "{{ lookup('vars', jellyfin_name + '_docker_network_mode_default', default=jellyfin_docker_network_mode_default) }}"+jellyfin_role_docker_hostname: "{{ jellyfin_name }}"  # Networks-jellyfin_docker_networks_alias: "{{ jellyfin_name }}"-jellyfin_docker_networks_default: []-jellyfin_docker_networks_custom: []-jellyfin_docker_networks: "{{ docker_networks_common-                              + lookup('vars', jellyfin_name + '_docker_networks_default', default=jellyfin_docker_networks_default)-                              + lookup('vars', jellyfin_name + '_docker_networks_custom', default=jellyfin_docker_networks_custom) }}"--# Capabilities-jellyfin_docker_capabilities_default: []-jellyfin_docker_capabilities_custom: []-jellyfin_docker_capabilities: "{{ lookup('vars', jellyfin_name + '_docker_capabilities_default', default=jellyfin_docker_capabilities_default)-                                  + lookup('vars', jellyfin_name + '_docker_capabilities_custom', default=jellyfin_docker_capabilities_custom) }}"--# Security Opts-jellyfin_docker_security_opts_default: []-jellyfin_docker_security_opts_custom: []-jellyfin_docker_security_opts: "{{ lookup('vars', jellyfin_name + '_docker_security_opts_default', default=jellyfin_docker_security_opts_default)-                                   + lookup('vars', jellyfin_name + '_docker_security_opts_custom', default=jellyfin_docker_security_opts_custom) }}"+jellyfin_role_docker_networks_alias: "{{ jellyfin_name }}"+jellyfin_role_docker_networks_default: []+jellyfin_role_docker_networks_custom: []+jellyfin_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='jellyfin')+                                   + lookup('role_var', '_docker_networks_custom', role='jellyfin') }}"  # Restart Policy-jellyfin_docker_restart_policy: unless-stopped+jellyfin_role_docker_restart_policy: unless-stopped  # State-jellyfin_docker_state: started+jellyfin_role_docker_state: started

modified

roles/jellyfin/tasks/main2.yml

@@ -9,9 +9,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -21,17 +21,17 @@  - name: Docker Devices Task   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/set_docker_devices_variable.yml"-  when: gpu.intel or use_nvidia+  when: use_intel or use_nvidia  - name: Import preinstall task-  ansible.builtin.import_tasks: "subtasks/preinstall.yml"+  ansible.builtin.include_tasks: "subtasks/preinstall.yml"   when: (not continuous_integration)  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Import postinstall task-  ansible.builtin.import_tasks: "subtasks/postinstall.yml"+  ansible.builtin.include_tasks: "subtasks/postinstall.yml"   when:     - (not continuous_integration)     - (not jellyfin_existing_install.stat.exists)

modified

roles/jellyfin/tasks/subtasks/postinstall.yml

@@ -12,7 +12,7 @@  - name: Post-Install | Ensure transcodes folder has the correct permissions   ansible.builtin.file:-    path: "{{ jellyfin_paths_transcodes_location }}"+    path: "{{ lookup('role_var', '_paths_transcodes_location', role='jellyfin') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -20,12 +20,12 @@  - name: Post-Install | Ensure config folder has the correct permissions   ansible.builtin.file:-    path: "{{ jellyfin_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='jellyfin') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"     recurse: true  - name: Post-Install | Settings Tasks-  ansible.builtin.import_tasks: "settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"   when: (not jellyfin_existing_install.stat.exists)

modified

roles/jellyfin/tasks/subtasks/preinstall.yml

@@ -11,26 +11,26 @@ # Migrate old non hotio setup ################################ -- name: Preinstall MIGRATE | Check if `{{ jellyfin_paths_xml_loct_old | basename }}` exists+- name: Preinstall | Check if `{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') | basename }}` exists   ansible.builtin.stat:-    path: "{{ jellyfin_paths_xml_loct_old }}"+    path: "{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') }}"   register: jellyfin_xml_old -- name: Preinstall MIGRATE | New `{{ jellyfin_paths_xml_loct_old | basename }}` tasks+- name: Preinstall | New `{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') | basename }}` tasks   when: jellyfin_xml_old.stat.exists   block:-    - name: Preinstall MIGRATE | Import `{{ jellyfin_paths_xml_loct_old | basename }}` if it exists+    - name: Preinstall | Import `{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') | basename }}` if it exists       ansible.builtin.copy:-        src: "{{ jellyfin_paths_xml_loct_old }}"-        dest: "{{ jellyfin_paths_sys_xml_location }}"+        src: "{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') }}"+        dest: "{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') }}"         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0664"         force: false -    - name: Preinstall MIGRATE | Remove old `{{ jellyfin_paths_xml_loct_old | basename }}` if it exists"+    - name: Preinstall | Remove old `{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') | basename }}` if it exists"       ansible.builtin.file:-        path: "{{ jellyfin_paths_xml_loct_old }}"+        path: "{{ lookup('role_var', '_paths_xml_location_old', role='jellyfin') }}"         state: absent  # Low priority as migrate should not be needed.@@ -41,34 +41,34 @@ # Register | STATS 'n' FACTS ################################ -- name: Preinstall STAT | Check if `{{ jellyfin_paths_sys_xml_location | basename }}` exists+- name: Preinstall | Check if `{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') | basename }}` exists   ansible.builtin.stat:-    path: "{{ jellyfin_paths_sys_xml_location }}"+    path: "{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') }}"   register: jellyfin_sys_xml -- name: Preinstall STAT | Check also if `{{ jellyfin_paths_sys_xml_location | basename }}` exists+- name: Preinstall | Check also if `{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') | basename }}` exists   ansible.builtin.stat:-    path: "{{ jellyfin_paths_sys_xml_location }}"+    path: "{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') }}"   register: jellyfin_existing_install -- name: Preinstall STAT | Check if `{{ jellyfin_paths_net_xml_location | basename }}` exists+- name: Preinstall | Check if `{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') | basename }}` exists   ansible.builtin.stat:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"   register: network_xml -- name: Preinstall STAT | Check if `{{ jellyfin_paths_dlna_location | basename }}` exists+- name: Preinstall | Check if `{{ lookup('role_var', '_paths_dlna_location', role='jellyfin') | basename }}` exists   ansible.builtin.stat:-    path: "{{ jellyfin_paths_dlna_location }}"+    path: "{{ lookup('role_var', '_paths_dlna_location', role='jellyfin') }}"   register: jellyfin_dlna  ################################ # Block DLNA network spam ################################ -- name: Import 'dlna.xml' config+- name: Preinstall | Import 'dlna.xml' config   ansible.builtin.copy:     src: "dlna.xml"-    dest: "{{ jellyfin_paths_dlna_location }}"+    dest: "{{ lookup('role_var', '_paths_dlna_location', role='jellyfin') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"@@ -77,7 +77,7 @@  - name: Preinstall | Migrate 'KnownProxies' to new format in 'network.xml'   community.general.xml:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"     xpath: /NetworkConfiguration/KnownProxies     value: ''     pretty_print: true@@ -85,14 +85,14 @@   become_user: "{{ user.name }}"   when: network_xml.stat.exists -- name: Settings | Update 'network.xml' file+- name: Preinstall | Update 'network.xml' file   community.general.xml:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"     xpath: "/NetworkConfiguration/{{ item.xpath }}"     value: "{{ item.value | default(omit) }}"     set_children: "{{ item.set_children | default(omit) }}"     pretty_print: true   become: true   become_user: "{{ user.name }}"-  loop: "{{ jellyfin_network_settings_list }}"+  loop: "{{ lookup('role_var', '_network_settings_list', role='jellyfin') }}"   when: network_xml.stat.exists

modified

roles/jellyfin/tasks/subtasks/settings.yml

@@ -6,40 +6,40 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Restart Docker container+- name: Settings | Restart Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/restart_docker_container.yml" -- name: Post-Install | Wait for 'system.xml' file to be created+- name: Settings | Wait for 'system.xml' file to be created   ansible.builtin.wait_for:-    path: "{{ jellyfin_paths_sys_xml_location }}"+    path: "{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') }}"     state: present -- name: "Post-Install | Prompt user to complete the wizard"+- name: "Settings | Prompt user to complete the wizard"   ansible.builtin.pause:-    prompt: "Please open {{ jellyfin_web_url }}/web/index.html#!/wizardstart.html. Hit enter after having finished the wizard"+    prompt: "Please open {{ lookup('role_var', '_web_url', role='jellyfin') }}/web/index.html#!/wizardstart.html. Hit enter after having finished the wizard" -- name: Post-Install | Wait for 'network.xml' file to be created+- name: Settings | Wait for 'network.xml' file to be created   ansible.builtin.wait_for:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"     state: present -- name: Stop Docker container+- name: Settings | Stop Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"  - name: Settings | Update 'system.xml' file   community.general.xml:-    path: "{{ jellyfin_paths_sys_xml_location }}"+    path: "{{ lookup('role_var', '_paths_sys_xml_location', role='jellyfin') }}"     xpath: "/ServerConfiguration/{{ item.xpath }}"     value: "{{ item.value | default(omit) }}"     set_children: "{{ item.set_children | default(omit) }}"     pretty_print: true   become: true   become_user: "{{ user.name }}"-  loop: "{{ jellyfin_system_settings_list }}"+  loop: "{{ lookup('role_var', '_system_settings_list', role='jellyfin') }}"  - name: Settings | Migrate 'KnownProxies' to new format in 'network.xml'   community.general.xml:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"     xpath: /NetworkConfiguration/KnownProxies     value: ''     pretty_print: true@@ -48,14 +48,14 @@  - name: Settings | Update 'network.xml' file   community.general.xml:-    path: "{{ jellyfin_paths_net_xml_location }}"+    path: "{{ lookup('role_var', '_paths_net_xml_location', role='jellyfin') }}"     xpath: "/NetworkConfiguration/{{ item.xpath }}"     value: "{{ item.value | default(omit) }}"     set_children: "{{ item.set_children | default(omit) }}"     pretty_print: true   become: true   become_user: "{{ user.name }}"-  loop: "{{ jellyfin_network_settings_list }}"+  loop: "{{ lookup('role_var', '_network_settings_list', role='jellyfin') }}" -- name: Start Docker container+- name: Settings | Start Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/kernel/tasks/main.yml

@@ -18,9 +18,9 @@ - name: Ubuntu 20.04 HWE Update Tasks   ansible.builtin.include_tasks: "subtasks/03_update_focal.yml"   when:-    - (ansible_distribution == 'Ubuntu')-    - (ansible_distribution_version is version('20.04', '=='))-    - (ansible_kernel is version('5.8', '<'))+    - (ansible_facts['distribution'] == 'Ubuntu')+    - (ansible_facts['distribution_version'] is version('20.04', '=='))+    - (ansible_facts['kernel'] is version('5.8', '<'))     - (not continuous_integration)     - kernel_install_hwe @@ -28,9 +28,9 @@ - name: Ubuntu 22.04 Update Tasks   ansible.builtin.include_tasks: "subtasks/04_update_jammy.yml"   when:-    - (ansible_distribution == 'Ubuntu')-    - (ansible_distribution_version is version('22.04', '=='))-    - (ansible_kernel is version('5.19', '<'))+    - (ansible_facts['distribution'] == 'Ubuntu')+    - (ansible_facts['distribution_version'] is version('22.04', '=='))+    - (ansible_facts['kernel'] is version('5.19', '<'))     - (not continuous_integration)     - kernel_install_hwe @@ -38,9 +38,9 @@ - name: Ubuntu 24.04 Update Tasks   ansible.builtin.include_tasks: "subtasks/05_update_noble.yml"   when:-    - (ansible_distribution == 'Ubuntu')-    - (ansible_distribution_version is version('24.04', '=='))-    - (ansible_kernel is version('6.11', '<'))+    - (ansible_facts['distribution'] == 'Ubuntu')+    - (ansible_facts['distribution_version'] is version('24.04', '=='))+    - (ansible_facts['kernel'] is version('6.11', '<'))     - (not continuous_integration)     - kernel_install_hwe

modified

roles/kernel/tasks/subtasks/02_cron.yml

@@ -10,7 +10,7 @@ - name: Cron | Install cron   ansible.builtin.apt:     name: cron-    state: present+    state: latest  - name: Cron | Purge old kernels on reboot   ansible.builtin.cron:

modified

roles/kernel/tasks/subtasks/03_update_focal.yml

@@ -10,6 +10,7 @@ - name: Update | Update linux kernel   ansible.builtin.apt:     name: "{{ kernel_update_apt_package }}"+    install_recommends: true     update_cache: true     state: latest   register: r

modified

roles/kernel/tasks/subtasks/04_update_jammy.yml

@@ -10,6 +10,7 @@ - name: Update | Update linux kernel   ansible.builtin.apt:     name: "{{ kernel_update_apt_package_22 }}"+    install_recommends: true     update_cache: true     state: latest   register: r@@ -19,8 +20,8 @@     name:       - gcc-12       - g++-12-    state: present-    update_cache: yes+    state: latest+    update_cache: true  - name: Update | Set gcc-12 and g++-12 as the default compilers   ansible.builtin.shell: update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12

modified

roles/kernel/tasks/subtasks/05_update_noble.yml

@@ -10,6 +10,7 @@ - name: Update | Update linux kernel   ansible.builtin.apt:     name: "{{ kernel_update_apt_package_24 }}"+    install_recommends: true     update_cache: true     state: latest   register: r

modified

roles/lidarr/defaults/main.yml

@@ -17,167 +17,121 @@ # Settings ################################ -lidarr_external_auth: true+lidarr_role_external_auth: true  ################################ # Paths ################################ -lidarr_paths_folder: "{{ lidarr_name }}"-lidarr_paths_location: "{{ server_appdata_path }}/{{ lidarr_paths_folder }}"-lidarr_paths_folders_list:-  - "{{ lidarr_paths_location }}"-lidarr_paths_config_location: "{{ lidarr_paths_location }}/config.xml"+lidarr_role_paths_folder: "{{ lidarr_name }}"+lidarr_role_paths_location: "{{ server_appdata_path }}/{{ lidarr_role_paths_folder }}"+lidarr_role_paths_folders_list:+  - "{{ lidarr_role_paths_location }}"+lidarr_role_paths_config_location: "{{ lidarr_role_paths_location }}/config.xml"  ################################ # Web ################################ -lidarr_web_subdomain: "{{ lidarr_name }}"-lidarr_web_domain: "{{ user.domain }}"-lidarr_web_port: "8686"-lidarr_web_url: "{{ 'https://' + (lookup('vars', lidarr_name + '_web_subdomain', default=lidarr_web_subdomain) + '.' + lookup('vars', lidarr_name + '_web_domain', default=lidarr_web_domain)-                 if (lookup('vars', lidarr_name + '_web_subdomain', default=lidarr_web_subdomain) | length > 0)-                 else lookup('vars', lidarr_name + '_web_domain', default=lidarr_web_domain)) }}"+lidarr_role_web_subdomain: "{{ lidarr_name }}"+lidarr_role_web_domain: "{{ user.domain }}"+lidarr_role_web_port: "8686"+lidarr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='lidarr') + '.' + lookup('role_var', '_web_domain', role='lidarr')+                      if (lookup('role_var', '_web_subdomain', role='lidarr') | length > 0)+                      else lookup('role_var', '_web_domain', role='lidarr')) }}"  ################################ # DNS ################################ -lidarr_dns_record: "{{ lookup('vars', lidarr_name + '_web_subdomain', default=lidarr_web_subdomain) }}"-lidarr_dns_zone: "{{ lookup('vars', lidarr_name + '_web_domain', default=lidarr_web_domain) }}"-lidarr_dns_proxy: "{{ dns.proxied }}"+lidarr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='lidarr') }}"+lidarr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='lidarr') }}"+lidarr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -lidarr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-lidarr_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',themepark-' + lookup('vars', lidarr_name + '_name', default=lidarr_name)-                                         if (lidarr_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-lidarr_traefik_middleware_custom: ""-lidarr_traefik_certresolver: "{{ traefik_default_certresolver }}"-lidarr_traefik_enabled: true-lidarr_traefik_api_enabled: true-lidarr_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"+lidarr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+lidarr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + lidarr_name+                                              if (lookup('role_var', '_themepark_enabled', role='lidarr') and global_themepark_plugin_enabled)+                                              else '') }}"+lidarr_role_traefik_middleware_custom: ""+lidarr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+lidarr_role_traefik_enabled: true+lidarr_role_traefik_api_enabled: true+lidarr_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"  ################################-# API-################################--# default to blank-lidarr_api_key:--################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-lidarr_themepark_enabled: false-lidarr_themepark_app: "lidarr"-lidarr_themepark_theme: "{{ global_themepark_theme }}"-lidarr_themepark_domain: "{{ global_themepark_domain }}"-lidarr_themepark_addons: []+lidarr_role_themepark_enabled: false+lidarr_role_themepark_app: "lidarr"+lidarr_role_themepark_theme: "{{ global_themepark_theme }}"+lidarr_role_themepark_domain: "{{ global_themepark_domain }}"+lidarr_role_themepark_addons: []  ################################ # Docker ################################  # Container-lidarr_docker_container: "{{ lidarr_name }}"+lidarr_role_docker_container: "{{ lidarr_name }}"  # Image-lidarr_docker_image_pull: true-lidarr_docker_image_repo: "ghcr.io/hotio/lidarr"-lidarr_docker_image_tag: "release"-lidarr_docker_image: "{{ lookup('vars', lidarr_name + '_docker_image_repo', default=lidarr_docker_image_repo)-                         + ':' + lookup('vars', lidarr_name + '_docker_image_tag', default=lidarr_docker_image_tag) }}"--# Ports-lidarr_docker_ports_defaults: []-lidarr_docker_ports_custom: []-lidarr_docker_ports: "{{ lookup('vars', lidarr_name + '_docker_ports_defaults', default=lidarr_docker_ports_defaults)-                         + lookup('vars', lidarr_name + '_docker_ports_custom', default=lidarr_docker_ports_custom) }}"+lidarr_role_docker_image_pull: true+lidarr_role_docker_image_repo: "ghcr.io/hotio/lidarr"+lidarr_role_docker_image_tag: "release"+lidarr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='lidarr') }}:{{ lookup('role_var', '_docker_image_tag', role='lidarr') }}"  # Envs-lidarr_docker_envs_default:+lidarr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-lidarr_docker_envs_custom: {}-lidarr_docker_envs: "{{ lookup('vars', lidarr_name + '_docker_envs_default', default=lidarr_docker_envs_default)-                        | combine(lookup('vars', lidarr_name + '_docker_envs_custom', default=lidarr_docker_envs_custom)) }}"--# Commands-lidarr_docker_commands_default: []-lidarr_docker_commands_custom: []-lidarr_docker_commands: "{{ lookup('vars', lidarr_name + '_docker_commands_default', default=lidarr_docker_commands_default)-                            + lookup('vars', lidarr_name + '_docker_commands_custom', default=lidarr_docker_commands_custom) }}"+lidarr_role_docker_envs_custom: {}+lidarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='lidarr')+                             | combine(lookup('role_var', '_docker_envs_custom', role='lidarr')) }}"  # Volumes-lidarr_docker_volumes_default:-  - "{{ lidarr_paths_location }}:/config"+lidarr_role_docker_volumes_default:+  - "{{ lidarr_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"+lidarr_role_docker_volumes_legacy:   - "/mnt/unionfs/Media/Music:/music"-lidarr_docker_volumes_custom: []-lidarr_docker_volumes: "{{ lookup('vars', lidarr_name + '_docker_volumes_default', default=lidarr_docker_volumes_default)-                           + lookup('vars', lidarr_name + '_docker_volumes_custom', default=lidarr_docker_volumes_custom) }}"--# Devices-lidarr_docker_devices_default: []-lidarr_docker_devices_custom: []-lidarr_docker_devices: "{{ lookup('vars', lidarr_name + '_docker_devices_default', default=lidarr_docker_devices_default)-                           + lookup('vars', lidarr_name + '_docker_devices_custom', default=lidarr_docker_devices_custom) }}"--# Hosts-lidarr_docker_hosts_default: {}-lidarr_docker_hosts_custom: {}-lidarr_docker_hosts: "{{ docker_hosts_common-                         | combine(lookup('vars', lidarr_name + '_docker_hosts_default', default=lidarr_docker_hosts_default))-                         | combine(lookup('vars', lidarr_name + '_docker_hosts_custom', default=lidarr_docker_hosts_custom)) }}"+lidarr_role_docker_volumes_custom: []+lidarr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='lidarr')+                                + lookup('role_var', '_docker_volumes_custom', role='lidarr')+                                + (lookup('role_var', '_docker_volumes_legacy', role='lidarr')+                                  if docker_legacy_volume+                                  else []) }}"  # Labels-lidarr_docker_labels_default: {}-lidarr_docker_labels_custom: {}-lidarr_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', lidarr_name + '_docker_labels_default', default=lidarr_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (lidarr_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', lidarr_name + '_docker_labels_custom', default=lidarr_docker_labels_custom)) }}"+lidarr_role_docker_labels_default: {}+lidarr_role_docker_labels_custom: {}+lidarr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='lidarr')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='lidarr') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='lidarr')) }}"  # Hostname-lidarr_docker_hostname: "{{ lidarr_name }}"--# Network Mode-lidarr_docker_network_mode_default: "{{ docker_networks_name_common }}"-lidarr_docker_network_mode: "{{ lookup('vars', lidarr_name + '_docker_network_mode_default', default=lidarr_docker_network_mode_default) }}"+lidarr_role_docker_hostname: "{{ lidarr_name }}"  # Networks-lidarr_docker_networks_alias: "{{ lidarr_name }}"-lidarr_docker_networks_default: []-lidarr_docker_networks_custom: []-lidarr_docker_networks: "{{ docker_networks_common-                            + lookup('vars', lidarr_name + '_docker_networks_default', default=lidarr_docker_networks_default)-                            + lookup('vars', lidarr_name + '_docker_networks_custom', default=lidarr_docker_networks_custom) }}"--# Capabilities-lidarr_docker_capabilities_default: []-lidarr_docker_capabilities_custom: []-lidarr_docker_capabilities: "{{ lookup('vars', lidarr_name + '_docker_capabilities_default', default=lidarr_docker_capabilities_default)-                                + lookup('vars', lidarr_name + '_docker_capabilities_custom', default=lidarr_docker_capabilities_custom) }}"--# Security Opts-lidarr_docker_security_opts_default: []-lidarr_docker_security_opts_custom: []-lidarr_docker_security_opts: "{{ lookup('vars', lidarr_name + '_docker_security_opts_default', default=lidarr_docker_security_opts_default)-                                 + lookup('vars', lidarr_name + '_docker_security_opts_custom', default=lidarr_docker_security_opts_custom) }}"+lidarr_role_docker_networks_alias: "{{ lidarr_name }}"+lidarr_role_docker_networks_default: []+lidarr_role_docker_networks_custom: []+lidarr_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='lidarr')+                                 + lookup('role_var', '_docker_networks_custom', role='lidarr') }}"  # Restart Policy-lidarr_docker_restart_policy: unless-stopped+lidarr_role_docker_restart_policy: unless-stopped  # State-lidarr_docker_state: started+lidarr_role_docker_state: started

modified

roles/lidarr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -24,5 +24,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: "Tweak Settings when SSO is enabled"-  ansible.builtin.import_tasks: "subtasks/auth.yml"-  when: (lookup('vars', lidarr_name + '_traefik_sso_middleware', default=lidarr_traefik_sso_middleware) | length > 0) and lookup('vars', lidarr_name + '_external_auth', default=lidarr_external_auth)+  ansible.builtin.include_tasks: "subtasks/auth.yml"+  when: (lookup('role_var', '_traefik_sso_middleware', role='lidarr') | length > 0) and lookup('role_var', '_external_auth', role='lidarr')

modified

roles/lidarr/tasks/subtasks/auth.yml

@@ -9,7 +9,7 @@ --- - name: Auth | Wait for 'config.xml' to be created   ansible.builtin.wait_for:-    path: "/opt/{{ lidarr_name }}/config.xml"+    path: "{{ lookup('role_var', '_paths_config_location', role='lidarr') }}"     state: present  - name: Auth | Wait for 10 seconds@@ -18,7 +18,7 @@  - name: Auth | Lookup AuthenticationMethod value   community.general.xml:-    path: "/opt/{{ lidarr_name }}/config.xml"+    path: "{{ lookup('role_var', '_paths_config_location', role='lidarr') }}"     xpath: "/Config/AuthenticationMethod"     content: "text"   register: xmlresp@@ -28,7 +28,7 @@   block:     - name: Auth | Change the 'AuthenticationMethod' attribute to 'External'       community.general.xml:-        path: "/opt/{{ lidarr_name }}/config.xml"+        path: "{{ lookup('role_var', '_paths_config_location', role='lidarr') }}"         xpath: "/Config/AuthenticationMethod"         value: "External"

modified

roles/lldap/defaults/main.yml

@@ -18,150 +18,113 @@ ################################  # Toggles if the configuration template uses SMTP or not.-lldap_smtp_enabled: false+lldap_role_smtp_enabled: false # The SMTP server.-lldap_smtp_server: "smtp.gmail.com"+lldap_role_smtp_server: "smtp.gmail.com" # The SMTP port.-lldap_smtp_port: "587"+lldap_role_smtp_port: "587" # How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS".-lldap_smtp_encryption: "TLS"+lldap_role_smtp_encryption: "TLS" # The SMTP user, usually your email address.-lldap_smtp_user: "sender@gmail.com"+lldap_role_smtp_user: "sender@gmail.com" # The SMTP password.-lldap_smtp_password: "password"+lldap_role_smtp_password: "password" # is a free-form name, followed by an email between <>.-lldap_smtp_from: "LLDAP Admin <sender@gmail.com>"+lldap_role_smtp_from: "LLDAP Admin <sender@gmail.com>" # The header field, optional: how the sender appears in the email. # The first is a free-form name, followed by an email between <>.-lldap_smtp_reply_to: "Do not reply <noreply@localhost>"+lldap_role_smtp_reply_to: "Do not reply <noreply@localhost>"  ################################ # Paths ################################ -lldap_paths_folder: "{{ lldap_name }}"-lldap_paths_location: "{{ server_appdata_path }}/{{ lldap_paths_folder }}"-lldap_paths_folders_list:-  - "{{ lldap_paths_location }}"+lldap_role_paths_folder: "{{ lldap_name }}"+lldap_role_paths_location: "{{ server_appdata_path }}/{{ lldap_role_paths_folder }}"+lldap_role_paths_folders_list:+  - "{{ lldap_role_paths_location }}"  ################################ # Web ################################ -lldap_web_subdomain: "lldap"-lldap_web_domain: "{{ user.domain }}"-lldap_web_port: "17170"-lldap_web_url: "{{ 'https://' + (lldap_web_subdomain + '.' + lldap_web_domain-                if (lldap_web_subdomain | length > 0)-                else lldap_web_domain) }}"+lldap_role_web_subdomain: "lldap"+lldap_role_web_domain: "{{ user.domain }}"+lldap_role_web_port: "17170"+lldap_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='lldap') + '.' + lookup('role_var', '_web_domain', role='lldap')+                     if (lookup('role_var', '_web_subdomain', role='lldap') | length > 0)+                     else lookup('role_var', '_web_domain', role='lldap')) }}"  ################################ # DNS ################################ -lldap_dns_record: "{{ lldap_web_subdomain }}"-lldap_dns_zone: "{{ lldap_web_domain }}"-lldap_dns_proxy: "{{ dns.proxied }}"+lldap_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='lldap') }}"+lldap_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='lldap') }}"+lldap_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -lldap_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-lldap_traefik_middleware_default: "{{ traefik_default_middleware }}"-lldap_traefik_middleware_custom: ""-lldap_traefik_certresolver: "{{ traefik_default_certresolver }}"-lldap_traefik_enabled: true-lldap_traefik_api_enabled: false-lldap_traefik_api_endpoint: ""+lldap_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+lldap_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+lldap_role_traefik_middleware_custom: ""+lldap_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+lldap_role_traefik_enabled: true+lldap_role_traefik_api_enabled: false+lldap_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-lldap_docker_container: "{{ lldap_name }}"+lldap_role_docker_container: "{{ lldap_name }}"  # Image-lldap_docker_image_pull: true-lldap_docker_image_repo: "nitnelave/lldap"-lldap_docker_image_tag: "stable"-lldap_docker_image: "{{ lldap_docker_image_repo-                        + ':' + lldap_docker_image_tag }}"--# Ports-lldap_docker_ports_defaults: []-lldap_docker_ports_custom: []-lldap_docker_ports: "{{ lldap_docker_ports_defaults-                        + lldap_docker_ports_custom }}"+lldap_role_docker_image_pull: true+lldap_role_docker_image_repo: "nitnelave/lldap"+lldap_role_docker_image_tag: "stable"+lldap_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='lldap') }}:{{ lookup('role_var', '_docker_image_tag', role='lldap') }}"  # Envs-lldap_docker_envs_default:+lldap_role_docker_envs_default:   TZ: "{{ tz }}"   UID: "{{ uid }}"   GID: "{{ gid }}"-lldap_docker_envs_custom: {}-lldap_docker_envs: "{{ lldap_docker_envs_default-                       | combine(lldap_docker_envs_custom) }}"--# Commands-lldap_docker_commands_default: []-lldap_docker_commands_custom: []-lldap_docker_commands: "{{ lldap_docker_commands_default-                           + lldap_docker_commands_custom }}"+lldap_role_docker_envs_custom: {}+lldap_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='lldap')+                            | combine(lookup('role_var', '_docker_envs_custom', role='lldap')) }}"  # Volumes-lldap_docker_volumes_default:-  - "{{ lldap_paths_location }}:/data"-lldap_docker_volumes_custom: []-lldap_docker_volumes: "{{ lldap_docker_volumes_default-                          + lldap_docker_volumes_custom }}"--# Devices-lldap_docker_devices_default: []-lldap_docker_devices_custom: []-lldap_docker_devices: "{{ lldap_docker_devices_default-                          + lldap_docker_devices_custom }}"--# Hosts-lldap_docker_hosts_default: {}-lldap_docker_hosts_custom: {}-lldap_docker_hosts: "{{ docker_hosts_common-                        | combine(lldap_docker_hosts_default)-                        | combine(lldap_docker_hosts_custom) }}"--# Labels-lldap_docker_labels_default: {}-lldap_docker_labels_custom: {}-lldap_docker_labels: "{{ docker_labels_common-                         | combine(lldap_docker_labels_default)-                         | combine(lldap_docker_labels_custom) }}"+lldap_role_docker_volumes_default:+  - "{{ lldap_role_paths_location }}:/data"+lldap_role_docker_volumes_custom: []+lldap_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='lldap')+                               + lookup('role_var', '_docker_volumes_custom', role='lldap') }}"  # Hostname-lldap_docker_hostname: "{{ lldap_name }}"+lldap_role_docker_hostname: "{{ lldap_name }}"  # Networks-lldap_docker_networks_alias: "{{ lldap_name }}"-lldap_docker_networks_default: []-lldap_docker_networks_custom: []-lldap_docker_networks: "{{ docker_networks_common-                           + lldap_docker_networks_default-                           + lldap_docker_networks_custom }}"--# Capabilities-lldap_docker_capabilities_default: []-lldap_docker_capabilities_custom: []-lldap_docker_capabilities: "{{ lldap_docker_capabilities_default-                               + lldap_docker_capabilities_custom }}"--# Security Opts-lldap_docker_security_opts_default: []-lldap_docker_security_opts_custom: []-lldap_docker_security_opts: "{{ lldap_docker_security_opts_default-                                + lldap_docker_security_opts_custom }}"+lldap_role_docker_networks_alias: "{{ lldap_name }}"+lldap_role_docker_networks_default: []+lldap_role_docker_networks_custom: []+lldap_role_docker_networks: "{{ docker_networks_common+                                + lookup('role_var', '_docker_networks_default', role='lldap')+                                + lookup('role_var', '_docker_networks_custom', role='lldap') }}"  # Restart Policy-lldap_docker_restart_policy: unless-stopped+lldap_role_docker_restart_policy: unless-stopped  # State-lldap_docker_state: started+lldap_role_docker_state: started++lldap_role_docker_healthcheck:+  test: ["CMD", "/app/lldap", "healthcheck", "--config-file", "/data/lldap_config.toml"]+  interval: 30s+  timeout: 30s+  retries: 3+  start_period: 30s+  start_interval: 1s

modified

roles/lldap/tasks/main.yml

@@ -10,16 +10,16 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"  - name: Reset lldap directory   ansible.builtin.file:-    path: "{{ lldap_paths_location }}"+    path: "{{ lldap_role_paths_location }}"     state: absent   when: ('lldap-reset' in ansible_run_tags) @@ -28,13 +28,13 @@  - name: Check if 'lldap_config.toml' exists   ansible.builtin.stat:-    path: "{{ lldap_paths_location }}/lldap_config.toml"+    path: "{{ lldap_role_paths_location }}/lldap_config.toml"   register: lldap_config_stat  - name: Import default 'lldap_config.toml'   ansible.builtin.template:     src: lldap_config.toml.j2-    dest: "{{ lldap_paths_location }}/lldap_config.toml"+    dest: "{{ lldap_role_paths_location }}/lldap_config.toml"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"

modified

roles/lldap/templates/lldap_config.toml.j2

@@ -27,7 +27,7 @@ http_port = 17170  ## The public URL of the server, for password reset links.-http_url = "{{ lldap_web_url }}"+http_url = "{{ lookup('role_var', '_web_url', role='lldap') }}"  ## Random secret for JWT signature. ## This secret should be random, and should be shared with application@@ -116,15 +116,15 @@ ## To set these options from environment variables, use the following format ## (example with "password"): LLDAP_SMTP_OPTIONS__PASSWORD [smtp_options]-{% if lldap_smtp_enabled %}+{% if lookup('role_var', '_smtp_enabled', role='lldap') %} enable_password_reset=true-server="{{ lldap_smtp_server }}"-port={{ lldap_smtp_port }}-smtp_encryption="{{ lldap_smtp_encryption }}"-user="{{ lldap_smtp_user }}"-password="{{ lldap_smtp_password }}"-from="{{ lldap_smtp_from }}"-reply_to="{{ lldap_smtp_reply_to }}"+server="{{ lookup('role_var', '_smtp_server', role='lldap') }}"+port={{ lookup('role_var', '_smtp_port', role='lldap') }}+smtp_encryption="{{ lookup('role_var', '_smtp_encryption', role='lldap') }}"+user="{{ lookup('role_var', '_smtp_user', role='lldap') }}"+password="{{ lookup('role_var', '_smtp_password', role='lldap') }}"+from="{{ lookup('role_var', '_smtp_from', role='lldap') }}"+reply_to="{{ lookup('role_var', '_smtp_reply_to', role='lldap') }}" {% else %} ## Whether to enabled password reset via email, from LLDAP. #enable_password_reset=true

modified

roles/mainline/tasks/main.yml

@@ -14,7 +14,7 @@ - name: Identify apt source files   ansible.builtin.find:     paths: /etc/apt/sources.list.d/-    recurse: no+    recurse: false   register: apt_source_files  - name: Check if file contains 'cappelikan'@@ -32,7 +32,7 @@  - name: Update APT package index   ansible.builtin.apt:-    update_cache: yes+    update_cache: true  - name: Ensure '/etc/apt/keyrings' exists   ansible.builtin.file:@@ -56,7 +56,7 @@  - name: Add cappelikan/ppa   ansible.builtin.apt_repository:-    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/cappelikan.asc] https://ppa.launchpadcontent.net/cappelikan/ppa/ubuntu {{ ansible_distribution_release }} main"+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/cappelikan.asc] https://ppa.launchpadcontent.net/cappelikan/ppa/ubuntu {{ ansible_facts['distribution_release'] }} main"     state: present     update_cache: true   register: result

modified

roles/mariadb/defaults/main.yml

@@ -17,125 +17,76 @@ # Settings ################################ -mariadb_docker_env_password: "password321"-mariadb_docker_env_user: "{{ user.name }}"-mariadb_docker_env_db: "saltbox"+mariadb_role_docker_env_password: "password321"+mariadb_role_docker_env_user: "{{ user.name }}"+mariadb_role_docker_env_db: "saltbox"  ################################ # Paths ################################ -mariadb_paths_folder: "{{ mariadb_name }}"-mariadb_paths_location: "{{ server_appdata_path }}/{{ mariadb_paths_folder }}"-mariadb_paths_folders_list:-  - "{{ mariadb_paths_location }}"+mariadb_role_paths_folder: "{{ mariadb_name }}"+mariadb_role_paths_location: "{{ server_appdata_path }}/{{ mariadb_role_paths_folder }}"+mariadb_role_paths_folders_list:+  - "{{ mariadb_role_paths_location }}"  ################################ # Migration Settings ################################ -mariadb_docker_envs_mysql_root_password: password321-mariadb_docker_image_migration: "lscr.io/linuxserver/mariadb:10.6.13"-mariadb_docker_volumes_migration:-  - "{{ mariadb_paths_location }}:/config"+mariadb_role_docker_envs_mysql_root_password: password321+mariadb_role_docker_image_migration: "lscr.io/linuxserver/mariadb:10.6.13"+mariadb_role_docker_volumes_migration:+  - "{{ mariadb_role_paths_location }}:/config"  ################################ # Docker ################################  # Container-mariadb_docker_container: "{{ mariadb_name }}"+mariadb_role_docker_container: "{{ mariadb_name }}"  # Image-mariadb_docker_image_pull: true-mariadb_docker_image_repo: "mariadb"-mariadb_docker_image_tag: "10"-mariadb_docker_image: "{{ lookup('vars', mariadb_name + '_docker_image_repo', default=mariadb_docker_image_repo)-                          + ':' + lookup('vars', mariadb_name + '_docker_image_tag', default=mariadb_docker_image_tag) }}"--# Ports-mariadb_docker_ports_defaults: []-mariadb_docker_ports_custom: []-mariadb_docker_ports: "{{ lookup('vars', mariadb_name + '_docker_ports_default', default=mariadb_docker_ports_defaults)-                          + lookup('vars', mariadb_name + '_docker_ports_custom', default=mariadb_docker_ports_custom) }}"+mariadb_role_docker_image_pull: true+mariadb_role_docker_image_repo: "mariadb"+mariadb_role_docker_image_tag: "10"+mariadb_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='mariadb') }}:{{ lookup('role_var', '_docker_image_tag', role='mariadb') }}"  # Envs-mariadb_docker_envs_default:+mariadb_role_docker_envs_default:   TZ: "{{ tz }}"-  MARIADB_ROOT_PASSWORD: "{{ lookup('vars', mariadb_name + '_docker_env_password', default=mariadb_docker_env_password) }}"-  MARIADB_USER: "{{ lookup('vars', mariadb_name + '_docker_env_user', default=mariadb_docker_env_user) }}"-  MARIADB_PASSWORD: "{{ lookup('vars', mariadb_name + '_docker_env_password', default=mariadb_docker_env_password) }}"-  MARIADB_DATABASE: "{{ lookup('vars', mariadb_name + '_docker_env_db', default=mariadb_docker_env_db) }}"+  MARIADB_ROOT_PASSWORD: "{{ lookup('role_var', '_docker_env_password', role='mariadb') }}"+  MARIADB_USER: "{{ lookup('role_var', '_docker_env_user', role='mariadb') }}"+  MARIADB_PASSWORD: "{{ lookup('role_var', '_docker_env_password', role='mariadb') }}"+  MARIADB_DATABASE: "{{ lookup('role_var', '_docker_env_db', role='mariadb') }}"   MARIADB_AUTO_UPGRADE: "1"-mariadb_docker_envs_custom: {}-mariadb_docker_envs: "{{ lookup('vars', mariadb_name + '_docker_envs_default', default=mariadb_docker_envs_default)-                         | combine(lookup('vars', mariadb_name + '_docker_envs_custom', default=mariadb_docker_envs_custom)) }}"--# Commands-mariadb_docker_commands_default: []-mariadb_docker_commands_custom: []-mariadb_docker_commands: "{{ lookup('vars', mariadb_name + '_docker_commands_default', default=mariadb_docker_commands_default)-                             + lookup('vars', mariadb_name + '_docker_commands_custom', default=mariadb_docker_commands_custom) }}"+mariadb_role_docker_envs_custom: {}+mariadb_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='mariadb')+                              | combine(lookup('role_var', '_docker_envs_custom', role='mariadb')) }}"  # Volumes-mariadb_docker_volumes_default:-  - "{{ mariadb_paths_location }}:/var/lib/mysql"-mariadb_docker_volumes_custom: []-mariadb_docker_volumes: "{{ lookup('vars', mariadb_name + '_docker_volumes_default', default=mariadb_docker_volumes_default)-                            + lookup('vars', mariadb_name + '_docker_volumes_custom', default=mariadb_docker_volumes_custom) }}"--# Devices-mariadb_docker_devices_default: []-mariadb_docker_devices_custom: []-mariadb_docker_devices: "{{ lookup('vars', mariadb_name + '_docker_devices_default', default=mariadb_docker_devices_default)-                            + lookup('vars', mariadb_name + '_docker_devices_custom', default=mariadb_docker_devices_custom) }}"--# Hosts-mariadb_docker_hosts_default: {}-mariadb_docker_hosts_custom: {}-mariadb_docker_hosts: "{{ docker_hosts_common-                          | combine(lookup('vars', mariadb_name + '_docker_hosts_default', default=mariadb_docker_hosts_default))-                          | combine(lookup('vars', mariadb_name + '_docker_hosts_custom', default=mariadb_docker_hosts_custom)) }}"--# Labels-mariadb_docker_labels_default: {}-mariadb_docker_labels_custom: {}-mariadb_docker_labels: "{{ docker_labels_common-                           | combine(lookup('vars', mariadb_name + '_docker_labels_default', default=mariadb_docker_labels_default))-                           | combine(lookup('vars', mariadb_name + '_docker_labels_custom', default=mariadb_docker_labels_custom)) }}"+mariadb_role_docker_volumes_default:+  - "{{ mariadb_role_paths_location }}:/var/lib/mysql"+mariadb_role_docker_volumes_custom: []+mariadb_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='mariadb')+                                 + lookup('role_var', '_docker_volumes_custom', role='mariadb') }}"  # Hostname-mariadb_docker_hostname: "{{ mariadb_name }}"--# Network Mode-mariadb_docker_network_mode_default: "{{ docker_networks_name_common }}"-mariadb_docker_network_mode: "{{ lookup('vars', mariadb_name + '_docker_network_mode_default', default=mariadb_docker_network_mode_default) }}"+mariadb_role_docker_hostname: "{{ mariadb_name }}"  # Networks-mariadb_docker_networks_alias: "{{ mariadb_name }}"-mariadb_docker_networks_default: []-mariadb_docker_networks_custom: []-mariadb_docker_networks: "{{ docker_networks_common-                             + lookup('vars', mariadb_name + '_docker_networks_default', default=mariadb_docker_networks_default)-                             + lookup('vars', mariadb_name + '_docker_networks_dcustom', default=mariadb_docker_networks_custom) }}"--# Capabilities-mariadb_docker_capabilities_default: []-mariadb_docker_capabilities_custom: []-mariadb_docker_capabilities: "{{ lookup('vars', mariadb_name + '_docker_capabilities_default', default=mariadb_docker_capabilities_default)-                                 + lookup('vars', mariadb_name + '_docker_capabilities_custom', default=mariadb_docker_capabilities_custom) }}"--# Security Opts-mariadb_docker_security_opts_default: []-mariadb_docker_security_opts_custom: []-mariadb_docker_security_opts: "{{ lookup('vars', mariadb_name + '_docker_security_opts_default', default=mariadb_docker_security_opts_default)-                                  + lookup('vars', mariadb_name + '_docker_security_opts_custom', default=mariadb_docker_security_opts_custom) }}"+mariadb_role_docker_networks_alias: "{{ mariadb_name }}"+mariadb_role_docker_networks_default: []+mariadb_role_docker_networks_custom: []+mariadb_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='mariadb')+                                  + lookup('role_var', '_docker_networks_custom', role='mariadb') }}"  # Restart Policy-mariadb_docker_restart_policy: unless-stopped+mariadb_role_docker_restart_policy: unless-stopped  # State-mariadb_docker_state: started+mariadb_role_docker_state: started  # User-mariadb_docker_user: "{{ uid }}:{{ gid }}"+mariadb_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/mariadb/tasks/post-migration.yml

@@ -9,7 +9,7 @@ --- - name: Check for 'dump.sql'   ansible.builtin.stat:-    path: "/opt/mariadb_legacy/dump.sql"+    path: "{{ server_appdata_path }}/mariadb_legacy/dump.sql"   register: dump  - name: Import databases@@ -21,7 +21,7 @@      - name: Restore data from dump file       ansible.builtin.shell: |-        docker exec -i mariadb sh -c 'exec mariadb -uroot -p"$MARIADB_ROOT_PASSWORD"' < /opt/mariadb_legacy/dump.sql+        docker exec -i mariadb sh -c 'exec mariadb -uroot -p"$MARIADB_ROOT_PASSWORD"' < {{ server_appdata_path }}/mariadb_legacy/dump.sql      - name: Force MariaDB upgrade       ansible.builtin.shell: |

modified

roles/mariadb/tasks/pre-migration.yml

@@ -7,9 +7,9 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Check for '/opt/mariadb/databases'+- name: Check for '{{ server_appdata_path }}/mariadb/databases'   ansible.builtin.stat:-    path: "/opt/mariadb/databases"+    path: "{{ server_appdata_path }}/mariadb/databases"   register: subfolder  - name: Dump and backup databases@@ -24,9 +24,9 @@           PUID: "{{ uid }}"           PGID: "{{ gid }}"           TZ: "{{ tz }}"-          MYSQL_ROOT_PASSWORD: "{{ mariadb_docker_envs_mysql_root_password }}"+          MYSQL_ROOT_PASSWORD: "{{ lookup('role_var', '_docker_envs_mysql_root_password', role='mariadb') }}"         hostname: "mariadb"-        image: "{{ mariadb_docker_image_migration }}"+        image: "{{ lookup('role_var', '_docker_image_migration', role='mariadb') }}"         log_driver: "{{ (docker_log_driver != 'default') | ternary(docker_log_driver, lookup('vars', role_name + '_docker_log_driver', default=omit)) }}"         log_options: "{{ (docker_log_options != 'default') | ternary(docker_log_options, lookup('vars', role_name + '_docker_log_options', default=omit)) }}"         name: "mariadb"@@ -37,7 +37,7 @@         restart_policy: "{{ lookup('vars', role_name + '_docker_restart_policy', default='unless-stopped') }}"         state: started         stop_timeout: "{{ lookup('vars', role_name + '_docker_stop_timeout', default='10') }}"-        volumes: "{{ mariadb_docker_volumes_migration }}"+        volumes: "{{ lookup('role_var', '_docker_volumes_migration', role='mariadb') }}"      - name: Wait for 30 seconds       ansible.builtin.wait_for:@@ -45,7 +45,7 @@      - name: Creating database dump       ansible.builtin.shell: |-        docker exec mariadb sh -c 'exec mariadb-dump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /opt/mariadb/dump.sql+        docker exec mariadb sh -c 'exec mariadb-dump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > {{ server_appdata_path }}/mariadb/dump.sql      - name: Wait for 5 seconds       ansible.builtin.wait_for:@@ -54,18 +54,18 @@     - name: Remove existing Docker container       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"       vars:-        var_prefix: "mariadb"+        container_name: "mariadb" -    - name: Relocate '/opt/mariadb' to '/opt/mariadb_legacy'-      ansible.builtin.shell: "mv /opt/mariadb /opt/mariadb_legacy"+    - name: Relocate '{{ server_appdata_path }}/mariadb' to '{{ server_appdata_path }}/mariadb_legacy'+      ansible.builtin.shell: "mv {{ server_appdata_path }}/mariadb {{ server_appdata_path }}/mariadb_legacy"       register: relocate      - name: Wait for 5 seconds       ansible.builtin.wait_for:         timeout: 5 -    - name: Remove '/opt/mariadb/'+    - name: Remove '{{ server_appdata_path }}/mariadb/'       ansible.builtin.file:-        path: /opt/mariadb/+        path: "{{ server_appdata_path }}/mariadb/"         state: absent       when: relocate.rc == 0

modified

roles/mongodb/defaults/main.yml

@@ -17,109 +17,58 @@ # Paths ################################ -mongodb_paths_folder: "{{ mongodb_name }}"-mongodb_paths_location: "{{ server_appdata_path }}/{{ mongodb_paths_folder }}"-mongodb_paths_folders_list:-  - "{{ mongodb_paths_location }}"-  - "{{ mongodb_paths_location }}/config"+mongodb_role_paths_folder: "{{ mongodb_name }}"+mongodb_role_paths_location: "{{ server_appdata_path }}/{{ mongodb_role_paths_folder }}"+mongodb_role_paths_folders_list:+  - "{{ mongodb_role_paths_location }}"+  - "{{ mongodb_role_paths_location }}/config"  ################################ # Docker ################################  # Container-mongodb_docker_container: "{{ mongodb_name }}"+mongodb_role_docker_container: "{{ mongodb_name }}"  # Image-mongodb_docker_image_pull: true-mongodb_docker_image_tag: "6"-mongodb_docker_image_repo: "mongo"-mongodb_docker_image: "{{ lookup('vars', mongodb_name + '_docker_image_repo', default=mongodb_docker_image_repo)-                          + ':' + lookup('vars', mongodb_name + '_docker_image_tag', default=mongodb_docker_image_tag) }}"--# Ports-mongodb_docker_ports_defaults: []-mongodb_docker_ports_custom: []-mongodb_docker_ports: "{{ lookup('vars', mongodb_name + '_docker_ports_default', default=mongodb_docker_ports_defaults)-                          + lookup('vars', mongodb_name + '_docker_ports_custom', default=mongodb_docker_ports_custom) }}"+mongodb_role_docker_image_pull: true+mongodb_role_docker_image_repo: "mongo"+mongodb_role_docker_image_tag: "6"+mongodb_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='mongodb') }}:{{ lookup('role_var', '_docker_image_tag', role='mongodb') }}"  # Envs-mongodb_docker_envs_default:+mongodb_role_docker_envs_default:   MONGO_DATA_DIR: "/data/db"   MONGO_LOG_DIR: "/dev/null"   MONGO_URL: "mongodb://{{ mongodb_name }}:27017/"-mongodb_docker_envs_custom: {}-mongodb_docker_envs: "{{ lookup('vars', mongodb_name + '_docker_envs_default', default=mongodb_docker_envs_default)-                         | combine(lookup('vars', mongodb_name + '_docker_envs_custom', default=mongodb_docker_envs_custom)) }}"--# Commands-mongodb_docker_commands_default: []-mongodb_docker_commands_custom: []-mongodb_docker_commands: "{{ lookup('vars', mongodb_name + '_docker_commands_default', default=mongodb_docker_commands_default)-                             + lookup('vars', mongodb_name + '_docker_commands_custom', default=mongodb_docker_commands_custom) }}"+mongodb_role_docker_envs_custom: {}+mongodb_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='mongodb')+                              | combine(lookup('role_var', '_docker_envs_custom', role='mongodb')) }}"  # Volumes-mongodb_docker_volumes_default:-  - "{{ mongodb_paths_location }}:/data/db:rw"-  - "{{ mongodb_paths_location }}/config:/data/configdb"-mongodb_docker_volumes_custom: []-mongodb_docker_volumes: "{{ lookup('vars', mongodb_name + '_docker_volumes_default', default=mongodb_docker_volumes_default)-                            + lookup('vars', mongodb_name + '_docker_volumes_custom', default=mongodb_docker_volumes_custom) }}"---# Devices-mongodb_docker_devices_default: []-mongodb_docker_devices_custom: []-mongodb_docker_devices: "{{ lookup('vars', mongodb_name + '_docker_devices_default', default=mongodb_docker_devices_default)-                            + lookup('vars', mongodb_name + '_docker_devices_custom', default=mongodb_docker_devices_custom) }}"--# Hosts-mongodb_docker_hosts_default: {}-mongodb_docker_hosts_custom: {}-mongodb_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', mongodb_name + '_docker_hosts_default', default=mongodb_docker_hosts_default))-                           | combine(lookup('vars', mongodb_name + '_docker_hosts_custom', default=mongodb_docker_hosts_custom)) }}"--# Labels-mongodb_docker_labels_default: {}-mongodb_docker_labels_custom: {}-mongodb_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', mongodb_name + '_docker_labels_default', default=mongodb_docker_labels_default))-                            | combine(lookup('vars', mongodb_name + '_docker_labels_custom', default=mongodb_docker_labels_custom)) }}"+mongodb_role_docker_volumes_default:+  - "{{ mongodb_role_paths_location }}:/data/db:rw"+  - "{{ mongodb_role_paths_location }}/config:/data/configdb"+mongodb_role_docker_volumes_custom: []+mongodb_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='mongodb')+                                 + lookup('role_var', '_docker_volumes_custom', role='mongodb') }}"  # Hostname-mongodb_docker_hostname: "{{ mongodb_name }}"--# Network Mode-mongodb_docker_network_mode_default: "{{ docker_networks_name_common }}"-mongodb_docker_network_mode: "{{ lookup('vars', mongodb_name + '_docker_network_mode_default', default=mongodb_docker_network_mode_default) }}"+mongodb_role_docker_hostname: "{{ mongodb_name }}"  # Networks-mongodb_docker_networks_alias: "{{ mongodb_name }}"-mongodb_docker_networks_default: []-mongodb_docker_networks_custom: []-mongodb_docker_networks: "{{ docker_networks_common-                              + lookup('vars', mongodb_name + '_docker_networks_default', default=mongodb_docker_networks_default)-                              + lookup('vars', mongodb_name + '_docker_networks_dcustom', default=mongodb_docker_networks_custom) }}"--# Capabilities-mongodb_docker_capabilities_default: []-mongodb_docker_capabilities_custom: []-mongodb_docker_capabilities: "{{ lookup('vars', mongodb_name + '_docker_capabilities_default', default=mongodb_docker_capabilities_default)-                                  + lookup('vars', mongodb_name + '_docker_capabilities_custom', default=mongodb_docker_capabilities_custom) }}"--# Security Opts-mongodb_docker_security_opts_default: []-mongodb_docker_security_opts_custom: []-mongodb_docker_security_opts: "{{ lookup('vars', mongodb_name + '_docker_security_opts_default', default=mongodb_docker_security_opts_default)-                                   + lookup('vars', mongodb_name + '_docker_security_opts_custom', default=mongodb_docker_security_opts_custom) }}"-+mongodb_role_docker_networks_alias: "{{ mongodb_name }}"+mongodb_role_docker_networks_default: []+mongodb_role_docker_networks_custom: []+mongodb_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='mongodb')+                                  + lookup('role_var', '_docker_networks_custom', role='mongodb') }}"  # Restart Policy-mongodb_docker_restart_policy: unless-stopped+mongodb_role_docker_restart_policy: unless-stopped  # State-mongodb_docker_state: started+mongodb_role_docker_state: started  # User-mongodb_docker_user: "{{ uid }}:{{ gid }}"+mongodb_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/motd/defaults/main.yml

@@ -7,6 +7,10 @@ #                   GNU General Public License v3.0                      # ########################################################################## ---+################################+# Basics+################################+ motd_install: true  # Requires the new golang CLI to be installed and in the location set below@@ -14,3 +18,74 @@ motd_use_python: true motd_cli_path: "/usr/local/bin/sb" motd_cli_flags: "--all --title 'Saltbox' --font ivrit --type parchment"++################################+# Service Definitions+################################++# Service types:+#   - multi_instance_apikey: Multiple instances with API key (sonarr, radarr, lidarr, readarr, overseerr)+#   - multi_instance_token: Multiple instances with token (plex)+#   - single_instance_apikey: Single instance with API key (sabnzbd)+#   - single_instance_userpass: Single instance with username/password (nzbget)+#   - multi_instance_userpass: Multiple instances with username/password (qbittorrent)+#   - disabled: Statically disabled services (jellyfin, emby, rtorrent)++motd_services:+  - name: colors+    type: colors+  - name: emby+    type: multi_instance_token+    check_field: token+    output_field: token+  - name: jellyfin+    type: multi_instance_token+    check_field: token+    output_field: token+  - name: lidarr+    type: multi_instance_apikey+    check_field: api_key+    output_field: apikey+  - name: nzbget+    type: single_instance_userpass+    check_field: username+  - name: plex+    type: multi_instance_token+    check_field: token+    output_field: token+  - name: qbittorrent+    type: multi_instance_userpass_info+    check_field: username+  - name: radarr+    type: multi_instance_apikey+    check_field: api_key+    output_field: apikey+  - name: sabnzbd+    type: single_instance_apikey+    check_field: api_key+    output_field: apikey+  - name: sonarr+    type: multi_instance_apikey+    check_field: api_key+    output_field: apikey+  - name: systemd+    type: systemd++motd_colors:+  text:+    label: "#FF79D0"+    value: "#12C78F"+    app_name: "#BF976F"+  status:+    warning: "#F5EF34"+    success: "#12C78F"+    error: "#EB4268"+  progress_bar:+    low: "#A8CC8C"+    high: "#DBAB79"+    critical: "#E88388"++motd_systemd:+  enabled: true+  additional_services: []+  display_names: {}

modified

roles/motd/tasks/cli_motd.yml

@@ -18,6 +18,26 @@           - sonarr           - radarr           - lidarr+          - nzbget+          - sabnzbd++    - name: Build emby_info dict+      ansible.builtin.include_tasks: subtasks/emby_info.yml+      vars:+        emby_name: "{{ item }}"+      loop: "{{ emby_instances | default(['emby']) }}"++    - name: Build jellyfin_info dict+      ansible.builtin.include_tasks: subtasks/jellyfin_info.yml+      vars:+        jellyfin_name: "{{ item }}"+      loop: "{{ jellyfin_instances | default(['jellyfin']) }}"++    - name: Build qbittorrent_info dict+      ansible.builtin.include_tasks: subtasks/qbittorrent_info.yml+      vars:+        qbittorrent_name: "{{ item }}"+      loop: "{{ qbittorrent_instances | default(['qbittorrent']) }}"      - name: Import 'motd.yml' template       ansible.builtin.template:

modified

roles/motd/tasks/main.yml

@@ -9,7 +9,7 @@ --- - name: Install required packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - lsb-release       - figlet@@ -19,11 +19,11 @@  - name: Install required packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - update-motd       - update-notifier-common-  when: (ansible_distribution | lower == 'ubuntu')+  when: (ansible_facts['distribution'] | lower == 'ubuntu')  - name: Remove existing motd   ansible.builtin.file:@@ -44,7 +44,7 @@     mode: "0775"     recurse: true   with_items:-    - /opt/motd+    - "{{ server_appdata_path }}/motd"  - name: Check if MOTD news service   ansible.builtin.stat:@@ -66,14 +66,14 @@   ansible.builtin.systemd_service:     name: motd-news.service     state: stopped-    enabled: no+    enabled: false     masked: true  - name: Disable MOTD news timer   ansible.builtin.systemd_service:     name: motd-news.timer     state: stopped-    enabled: no+    enabled: false     masked: true  - name: Create dynamic motd directory@@ -98,7 +98,7 @@ - name: Install 'openssh-server'   ansible.builtin.apt:     name: openssh-server-    state: present+    state: latest   when: (not sshd_config.stat.exists)  - name: Wait for '/etc/ssh/sshd_config' to be created

modified

roles/motd/tasks/python_motd.yml

@@ -10,7 +10,7 @@ - name: Clone Saltbox MOTD   ansible.builtin.git:     repo: https://github.com/saltyorg/motd.git-    dest: /opt/motd+    dest: "{{ server_appdata_path }}/motd"     clone: true     version: HEAD     force: true@@ -19,13 +19,13 @@  - name: Check if 'config.json' exists   ansible.builtin.stat:-    path: "/opt/motd/config.json"+    path: "{{ server_appdata_path }}/motd/config.json"   register: motd_config  - name: Import default 'config.json'   ansible.builtin.template:     src: config.json.j2-    dest: /opt/motd/config.json+    dest: "{{ server_appdata_path }}/motd/config.json"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"@@ -36,29 +36,29 @@   when: motd_config.stat.exists   block:     - name: Check value of motd banner-      ansible.builtin.shell: "jq '.motd.banner_title' /opt/motd/config.json"+      ansible.builtin.shell: "jq '.motd.banner_title' {{ server_appdata_path }}/motd/config.json"       register: motd_banner      - name: Migrate value of motd banner       ansible.builtin.shell: |-        jq '.motd.banner_title = "Saltbox"' /opt/motd/config.json | sponge /opt/motd/config.json+        jq '.motd.banner_title = "Saltbox"' {{ server_appdata_path }}/motd/config.json | sponge {{ server_appdata_path }}/motd/config.json       when: ('Cloudbox' in motd_banner.stdout)  - name: Config path migration   when: motd_config.stat.exists   block:     - name: Check value of disk path-      ansible.builtin.shell: "jq '.disk.path' /opt/motd/config.json"+      ansible.builtin.shell: "jq '.disk.path' {{ server_appdata_path }}/motd/config.json"       register: disk_path      - name: Migrate value of disk path  # noqa jinja[spacing]       ansible.builtin.shell: |-        jq --arg disk / '. + {disk: {path: $disk}}' /opt/motd/config.json | sponge /opt/motd/config.json+        jq --arg disk / '. + {disk: {path: $disk}}' {{ server_appdata_path }}/motd/config.json | sponge {{ server_appdata_path }}/motd/config.json       when: (disk_path.stdout == 'null') -- name: Touch '/opt/motd/activity.log' file+- name: Touch '{{ server_appdata_path }}/motd/activity.log' file   ansible.builtin.file:-    path: /opt/motd/activity.log+    path: "{{ server_appdata_path }}/motd/activity.log"     state: touch     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -66,14 +66,14 @@  - name: Set 'saltbox-motd.py' as executable   ansible.builtin.file:-    path: /opt/motd/saltbox-motd.py+    path: "{{ server_appdata_path }}/motd/saltbox-motd.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: a+x  - name: Import dynamic motd files   ansible.builtin.copy:-    src: /opt/motd/motd/+    src: "{{ server_appdata_path }}/motd/motd/"     dest: /etc/update-motd.d/     force: true     mode: "0775"

modified

roles/motd/templates/motd.yml.j2

@@ -1,33 +1,151 @@ ----{% set services = ['lidarr', 'plex', 'radarr', 'sonarr'] %}-{% for service in services %}-{% set service_info_var = service + '_info' %}+{% for service in motd_services %}+{% set service_name = service.name %}+{% set service_info_var = service_name + '_info' %} {% set installed_instances = [] %}-{% if vars[service_info_var] is defined %}-{% for instance_name, instance_data in vars[service_info_var].items() %}-{% if service == 'plex' %}-{% if instance_data.token != 'not installed' %}-{% set _ = installed_instances.append({'name': instance_data.name, 'url': instance_data.url, 'token': instance_data.token}) %}-{% endif %}-{% else %}-{% if instance_data.api_key != 'not installed' %}-{% set _ = installed_instances.append({'name': instance_data.name, 'url': instance_data.url, 'apikey': instance_data.api_key}) %}-{% endif %}+{# Multi-instance services with API key or token #}+{% if service.type in ['multi_instance_apikey', 'multi_instance_token'] %}+{% set has_installed = [] %}+{% if lookup('vars', service_info_var, default=None) is not none %}+{% for instance_name, instance_data in lookup('vars', service_info_var).items() %}+{% set instance_entry = {'name': instance_data.name, 'url': instance_data.url} %}+{% set _ = instance_entry.update({service.output_field: instance_data[service.check_field]}) %}+{% set _ = installed_instances.append(instance_entry) %}+{% if instance_data[service.check_field] != 'not installed' %}+{% set _ = has_installed.append(true) %} {% endif %} {% endfor %} {% endif %} {% if installed_instances %}-{{ service }}:+{{ service_name }}:+  enabled: {{ (has_installed | length > 0) | lower }}+  instances: {% for instance in installed_instances %}-  - name: {{ instance.name }}-    url: {{ instance.url }}-{% if service == 'plex' %}-    token: {{ instance.token }}+    - name: {{ instance.name }}+      url: {{ instance.url }}+      {{ service.output_field }}: {{ instance[service.output_field] if instance[service.output_field] != 'not installed' else 'your-' + service.output_field + '-here' }}+      enabled: true+{% endfor %} {% else %}-    apikey: {{ instance.apikey }}+{{ service_name }}:+  enabled: false+  instances:+    - name: {{ service_name | capitalize }}+      url: http://localhost:8080+      {{ service.output_field }}: your-{{ service.output_field }}-here+      enabled: true+{% endif %}+{# Single-instance services with API key #}+{% elif service.type == 'single_instance_apikey' %}+{% set service_info = lookup('vars', service_info_var, default=None) %}+{% if service_info is not none and service_info[service.check_field] != 'not installed' %}+{{ service_name }}:+  enabled: true+  instances:+    - name: {{ service_info.name }}+      url: {{ service_info.url }}+      {{ service.output_field }}: {{ service_info[service.check_field] }}+      enabled: true+{% else %}+{{ service_name }}:+  enabled: false+  instances:+    - name: {{ service_name | capitalize }}+      url: http://localhost:8080+      {{ service.output_field }}: your-{{ service.output_field }}-here+      enabled: true+{% endif %}+{# Single-instance services with username/password #}+{% elif service.type == 'single_instance_userpass' %}+{% set service_info = lookup('vars', service_info_var, default=None) %}+{% if service_info is not none and service_info[service.check_field] != 'not installed' %}+{{ service_name }}:+  enabled: true+  instances:+    - name: {{ service_info.name }}+      url: {{ service_info.url }}+      user: {{ service_info.username }}+      password: {{ service_info.password }}+      enabled: true+{% else %}+{{ service_name }}:+  enabled: false+  instances:+    - name: {{ service_name | capitalize }}+      url: http://localhost:6789+      user: {{ service_name }}+      password: your-password-here+      enabled: true+{% endif %}+{# Multi-instance services with username/password using info dict (e.g., qbittorrent) #}+{% elif service.type == 'multi_instance_userpass_info' %}+{% if lookup('vars', service_info_var, default=None) is not none %}+{% for instance_name, instance_data in lookup('vars', service_info_var).items() %}+{% if instance_data[service.check_field] != 'not installed' %}+{% set instance_entry = {'name': instance_data.name, 'url': instance_data.url, 'username': instance_data.username, 'password': instance_data.password} %}+{% set _ = installed_instances.append(instance_entry) %} {% endif %} {% endfor %}+{% endif %}+{% if installed_instances %}+{{ service_name }}:+  enabled: true+  instances:+{% for instance in installed_instances %}+    - name: {{ instance.name }}+      url: {{ instance.url }}+      user: {{ instance.username }}+      password: {{ instance.password }}+      enabled: true+{% endfor %} {% else %}-{{ service }}: []+{{ service_name }}:+  enabled: false+  instances:+    - name: {{ service_name | capitalize }}+      url: http://localhost:8080+      user: your-username-here+      password: your-password-here+      enabled: true+{% endif %}+{# Multi-instance services with username/password using direct lookup (e.g., qbittorrent) #}+{% elif service.type == 'multi_instance_userpass' %}+{% set config_key = motd_config_mapping[service_name] | default(service_name) %}+{% set instances_list = lookup('vars', service.instances_var, default=[service_name]) %}+{% set url_suffix = service.url_suffix | default('') %}+{{ config_key }}:+  enabled: true+  instances:+{% for instance in instances_list %}+    - name: {{ instance }}+      url: {{ lookup('role_var', '_web_url', role=instance) + url_suffix }}+      user: {{ user.name }}+      password: {{ user.pass }}+      enabled: true+{% endfor %}+{# Systemd service #}+{% elif service.type == 'systemd' %}+{{ service_name }}:+  enabled: {{ motd_systemd.enabled | lower }}+  additional_services: {{ motd_systemd.additional_services | to_json }}+  display_names: {{ motd_systemd.display_names | to_json }}+{# Colors #}+{% elif service.type == 'colors' %}+{{ service_name }}:+  text:+    label: "{{ motd_colors.text.label }}"+    value: "{{ motd_colors.text.value }}"+    app_name: "{{ motd_colors.text.app_name }}"+  status:+    warning: "{{ motd_colors.status.warning }}"+    success: "{{ motd_colors.status.success }}"+    error: "{{ motd_colors.status.error }}"+  progress_bar:+    low: "{{ motd_colors.progress_bar.low }}"+    high: "{{ motd_colors.progress_bar.high }}"+    critical: "{{ motd_colors.progress_bar.critical }}"+{% endif %}+{% if not loop.last %}+ {% endif %} {% endfor %}

modified

roles/mount_templates/tasks/main.yml

@@ -16,12 +16,12 @@     mode: "0775"     recurse: true   with_items:-    - /opt/mount-templates+    - "{{ server_appdata_path }}/mount-templates"  - name: Clone mount-templates repo 'HEAD'   ansible.builtin.git:     repo: https://github.com/saltyorg/mount-templates.git-    dest: /opt/mount-templates+    dest: "{{ server_appdata_path }}/mount-templates"     clone: true     version: HEAD     force: true@@ -33,7 +33,7 @@ - name: Clone mount-templates repo 'main'   ansible.builtin.git:     repo: https://github.com/saltyorg/mount-templates.git-    dest: /opt/mount-templates+    dest: "{{ server_appdata_path }}/mount-templates"     clone: true     version: main     force: true

modified

roles/netdata/defaults/main.yml

@@ -17,100 +17,88 @@ # Settings ################################ -netdata_claim_token: ""-netdata_claim_url: ""-netdata_claim_room: ""+netdata_role_claim_token: ""+netdata_role_claim_url: ""+netdata_role_claim_room: ""  ################################ # Docker Socket Proxy ################################ -netdata_docker_socket_proxy_envs:+netdata_role_docker_socket_proxy_envs:   CONTAINERS: "1"  ################################ # Paths ################################ -netdata_paths_folder: "{{ netdata_name }}"-netdata_paths_location: "{{ server_appdata_path }}/{{ netdata_paths_folder }}"-netdata_paths_config_location: "{{ netdata_paths_location }}/config"-netdata_paths_config_file_location: "{{ netdata_paths_location }}/config/netdata.conf"-netdata_paths_folders_list:-  - "{{ netdata_paths_location }}"-  - "{{ netdata_paths_location }}/config"+netdata_role_paths_folder: "{{ netdata_name }}"+netdata_role_paths_location: "{{ server_appdata_path }}/{{ netdata_role_paths_folder }}"+netdata_role_paths_config_location: "{{ netdata_role_paths_location }}/config"+netdata_role_paths_config_file_location: "{{ netdata_role_paths_location }}/config/netdata.conf"+netdata_role_paths_folders_list:+  - "{{ netdata_role_paths_location }}"+  - "{{ netdata_role_paths_location }}/config"  ################################ # Web ################################ -netdata_web_subdomain: "{{ netdata_name }}"-netdata_web_domain: "{{ user.domain }}"-netdata_web_port: "19999"-netdata_web_url: "{{ 'https://' + (netdata_web_subdomain + '.' + netdata_web_domain-                  if (netdata_web_subdomain | length > 0)-                  else netdata_web_domain) }}"+netdata_role_web_subdomain: "{{ netdata_name }}"+netdata_role_web_domain: "{{ user.domain }}"+netdata_role_web_port: "19999"+netdata_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='netdata') + '.' + lookup('role_var', '_web_domain', role='netdata')+                       if (lookup('role_var', '_web_subdomain', role='netdata') | length > 0)+                       else lookup('role_var', '_web_domain', role='netdata')) }}"  ################################ # DNS ################################ -netdata_dns_record: "{{ netdata_web_subdomain }}"-netdata_dns_zone: "{{ netdata_web_domain }}"-netdata_dns_proxy: "{{ dns.proxied }}"+netdata_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='netdata') }}"+netdata_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='netdata') }}"+netdata_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -netdata_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-netdata_traefik_middleware_default: "{{ traefik_default_middleware }}"-netdata_traefik_middleware_custom: ""-netdata_traefik_certresolver: "{{ traefik_default_certresolver }}"-netdata_traefik_enabled: true-netdata_traefik_api_enabled: false-netdata_traefik_api_endpoint: ""+netdata_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+netdata_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+netdata_role_traefik_middleware_custom: ""+netdata_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+netdata_role_traefik_enabled: true+netdata_role_traefik_api_enabled: false+netdata_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-netdata_docker_container: "{{ netdata_name }}"+netdata_role_docker_container: "{{ netdata_name }}"  # Image-netdata_docker_image_pull: true-netdata_docker_image_tag: "latest"-netdata_docker_image: "netdata/netdata:{{ netdata_docker_image_tag }}"--# Ports-netdata_docker_ports_defaults: []-netdata_docker_ports_custom: []-netdata_docker_ports: "{{ netdata_docker_ports_defaults-                          + netdata_docker_ports_custom }}"+netdata_role_docker_image_pull: true+netdata_role_docker_image_repo: "netdata/netdata"+netdata_role_docker_image_tag: "latest"+netdata_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='netdata') }}:{{ lookup('role_var', '_docker_image_tag', role='netdata') }}"  # Envs-netdata_docker_envs_default:+netdata_role_docker_envs_default:   PGID: "{{ gid }}"   TZ: "{{ tz }}"   DOCKER_HOST: "{{ netdata_name }}-docker-socket-proxy:2375"-  NETDATA_CLAIM_TOKEN: "{{ netdata_claim_token }}"-  NETDATA_CLAIM_URL: "{{ netdata_claim_url }}"-  NETDATA_CLAIM_ROOMS: "{{ netdata_claim_room }}"-netdata_docker_envs_custom: {}-netdata_docker_envs: "{{ netdata_docker_envs_default-                         | combine(netdata_docker_envs_custom) }}"--# Commands-netdata_docker_commands_default: []-netdata_docker_commands_custom: []-netdata_docker_commands: "{{ netdata_docker_commands_default-                             + netdata_docker_commands_custom }}"+  NETDATA_CLAIM_TOKEN: "{{ lookup('role_var', '_claim_token', role='netdata') }}"+  NETDATA_CLAIM_URL: "{{ lookup('role_var', '_claim_url', role='netdata') }}"+  NETDATA_CLAIM_ROOMS: "{{ lookup('role_var', '_claim_room', role='netdata') }}"+netdata_role_docker_envs_custom: {}+netdata_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='netdata')+                              | combine(lookup('role_var', '_docker_envs_custom', role='netdata')) }}"  # Volumes-netdata_docker_volumes_global: false-netdata_docker_volumes_default:-  - "{{ netdata_paths_location }}/config:/etc/netdata"+netdata_role_docker_volumes_default:+  - "{{ netdata_role_paths_location }}/config:/etc/netdata"   - "netdatalib:/var/lib/netdata"   - "netdatacache:/var/cache/netdata"   - "/etc/passwd:/host/etc/passwd:ro"@@ -120,66 +108,52 @@   - "/etc/os-release:/host/etc/os-release:ro"   - "/var/log:/host/var/log:ro"   - "/run/dbus:/run/dbus:ro"-netdata_docker_volumes_custom: []-netdata_docker_volumes: "{{ netdata_docker_volumes_default-                            + netdata_docker_volumes_custom }}"--# Devices-netdata_docker_devices_default: []-netdata_docker_devices_custom: []-netdata_docker_devices: "{{ netdata_docker_devices_default-                            + netdata_docker_devices_custom }}"--# Hosts-netdata_docker_hosts_default: {}-netdata_docker_hosts_custom: {}-netdata_docker_hosts: "{{ docker_hosts_common-                          | combine(netdata_docker_hosts_default)-                          | combine(netdata_docker_hosts_custom) }}"+netdata_role_docker_volumes_custom: []+netdata_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='netdata')+                                 + lookup('role_var', '_docker_volumes_custom', role='netdata') }}"  # Labels-netdata_docker_labels_default: {}-netdata_docker_labels_custom: {}-netdata_docker_labels: "{{ docker_labels_common-                           | combine(netdata_docker_labels_default)-                           | combine(netdata_docker_labels_custom) }}"+netdata_role_docker_labels_default: {}+netdata_role_docker_labels_custom: {}+netdata_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='netdata')+                                | combine(lookup('role_var', '_docker_labels_custom', role='netdata')) }}"  # Hostname-netdata_docker_hostname: "{{ netdata_name }}"+netdata_role_docker_hostname: "{{ netdata_name }}"  # Networks-netdata_docker_networks_alias: "{{ netdata_name }}"-netdata_docker_networks_default: []-netdata_docker_networks_custom: []-netdata_docker_networks: "{{ docker_networks_common-                             + netdata_docker_networks_default-                             + netdata_docker_networks_custom }}"+netdata_role_docker_networks_alias: "{{ netdata_name }}"+netdata_role_docker_networks_default: []+netdata_role_docker_networks_custom: []+netdata_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='netdata')+                                  + lookup('role_var', '_docker_networks_custom', role='netdata') }}"  # Capabilities-netdata_docker_capabilities_default:+netdata_role_docker_capabilities_default:   - SYS_PTRACE   - SYS_ADMIN-netdata_docker_capabilities_custom: []-netdata_docker_capabilities: "{{ netdata_docker_capabilities_default-                                 + netdata_docker_capabilities_custom }}"+netdata_role_docker_capabilities_custom: []+netdata_role_docker_capabilities: "{{ lookup('role_var', '_docker_capabilities_default', role='netdata')+                                      + lookup('role_var', '_docker_capabilities_custom', role='netdata') }}"  # Security Opts-netdata_docker_security_opts_default:+netdata_role_docker_security_opts_default:   - apparmor=unconfined-netdata_docker_security_opts_custom: []-netdata_docker_security_opts: "{{ netdata_docker_security_opts_default-                                  + netdata_docker_security_opts_custom }}"+netdata_role_docker_security_opts_custom: []+netdata_role_docker_security_opts: "{{ lookup('role_var', '_docker_security_opts_default', role='netdata')+                                       + lookup('role_var', '_docker_security_opts_custom', role='netdata') }}"  # Restart Policy-netdata_docker_restart_policy: unless-stopped+netdata_role_docker_restart_policy: unless-stopped  # State-netdata_docker_state: started+netdata_role_docker_state: started  # PID Mode-netdata_docker_pid_mode: "host"+netdata_role_docker_pid_mode: "host"  # Dependencies-netdata_depends_on: "{{ netdata_name }}-docker-socket-proxy"-netdata_depends_on_delay: "0"-netdata_depends_on_healthchecks: "false"+netdata_role_depends_on: "{{ netdata_name }}-docker-socket-proxy"+netdata_role_depends_on_delay: "0"+netdata_role_depends_on_healthchecks: "false"

modified

roles/netdata/tasks/main.yml

@@ -12,28 +12,28 @@     name: docker_socket_proxy   vars:     docker_socket_proxy_name: "{{ netdata_name }}-docker-socket-proxy"-    docker_socket_proxy_docker_envs_custom: "{{ netdata_docker_socket_proxy_envs }}"+    docker_socket_proxy_role_docker_envs_custom: "{{ lookup('role_var', '_docker_socket_proxy_envs', role='netdata') }}"  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml" -- name: Check if '{{ netdata_paths_config_file_location }}' exists+- name: Check if '{{ netdata_role_paths_config_file_location }}' exists   ansible.builtin.stat:-    path: "{{ netdata_paths_config_file_location }}"+    path: "{{ netdata_role_paths_config_file_location }}"   register: netdata_config  - name: Create directories   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Settings Task-  ansible.builtin.import_tasks: "subtasks/settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"   when: (not netdata_config.stat.exists)  - name: Create a volume

modified

roles/netdata/tasks/subtasks/settings.yml

@@ -9,13 +9,13 @@ --- - name: Settings | Copy Default Config if it doesn't exist   ansible.builtin.shell: |-    docker run -d --name netdata_tmp "{{ netdata_docker_image }}"-    docker cp netdata_tmp:/etc/netdata/. "{{ netdata_paths_config_location }}"+    docker run -d --name netdata_tmp "{{ lookup('role_var', '_docker_image', role='netdata') }}"+    docker cp netdata_tmp:/etc/netdata/. "{{ netdata_role_paths_location }}"     docker rm -f netdata_tmp  - name: Chown directories   ansible.builtin.file:-    path: "{{ netdata_paths_location }}"+    path: "{{ netdata_role_paths_location }}"     state: directory     owner: "{{ user.name }}"     group: "{{ user.name }}"

modified

roles/nginx/defaults/main.yml

@@ -17,133 +17,84 @@ # Paths ################################ -nginx_paths_folder: "{{ nginx_name }}"-nginx_paths_location: "{{ server_appdata_path }}/{{ nginx_paths_folder }}"-nginx_paths_folders_list:-  - "{{ nginx_paths_location }}"+nginx_role_paths_folder: "{{ nginx_name }}"+nginx_role_paths_location: "{{ server_appdata_path }}/{{ nginx_role_paths_folder }}"+nginx_role_paths_folders_list:+  - "{{ nginx_role_paths_location }}"  ################################ # Web ################################ -nginx_web_subdomain: "{{ nginx_name }}"-nginx_web_domain: "{{ user.domain }}"-nginx_web_port: "80"-nginx_web_url: "{{ 'https://' + (lookup('vars', nginx_name + '_web_subdomain', default=nginx_web_subdomain) + '.' + lookup('vars', nginx_name + '_web_domain', default=nginx_web_domain)-                if (lookup('vars', nginx_name + '_web_subdomain', default=nginx_web_subdomain) | length > 0)-                else lookup('vars', nginx_name + '_web_domain', default=nginx_web_domain)) }}"+nginx_role_web_subdomain: "{{ nginx_name }}"+nginx_role_web_domain: "{{ user.domain }}"+nginx_role_web_port: "80"+nginx_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='nginx') + '.' + lookup('role_var', '_web_domain', role='nginx')+                     if (lookup('role_var', '_web_subdomain', role='nginx') | length > 0)+                     else lookup('role_var', '_web_domain', role='nginx')) }}"  ################################ # DNS ################################ -nginx_dns_record: "{{ lookup('vars', nginx_name + '_web_subdomain', default=nginx_web_subdomain) }}"-nginx_dns_zone: "{{ lookup('vars', nginx_name + '_web_domain', default=nginx_web_domain) }}"-nginx_dns_proxy: "{{ dns.proxied }}"+nginx_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='nginx') }}"+nginx_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='nginx') }}"+nginx_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -nginx_traefik_sso_middleware: ""-nginx_traefik_middleware_default: "{{ traefik_default_middleware }}"-nginx_traefik_middleware_custom: ""-nginx_traefik_certresolver: "{{ traefik_default_certresolver }}"-nginx_traefik_enabled: true-nginx_traefik_api_enabled: false-nginx_traefik_api_endpoint: ""+nginx_role_traefik_sso_middleware: ""+nginx_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+nginx_role_traefik_middleware_custom: ""+nginx_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+nginx_role_traefik_enabled: true+nginx_role_traefik_api_enabled: false+nginx_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-nginx_docker_container: "{{ nginx_name }}"+nginx_role_docker_container: "{{ nginx_name }}"  # Image-nginx_docker_image_pull: true-nginx_docker_image_repo: "lscr.io/linuxserver/nginx"-nginx_docker_image_tag: "latest"-nginx_docker_image: "{{ lookup('vars', nginx_name + '_docker_image_repo', default=nginx_docker_image_repo)-                        + ':' + lookup('vars', nginx_name + '_docker_image_tag', default=nginx_docker_image_tag) }}"--# Ports-nginx_docker_ports_defaults: []-nginx_docker_ports_custom: []-nginx_docker_ports: "{{ lookup('vars', nginx_name + '_docker_ports_defaults', default=nginx_docker_ports_defaults)-                        + lookup('vars', nginx_name + '_docker_ports_custom', default=nginx_docker_ports_custom) }}"+nginx_role_docker_image_pull: true+nginx_role_docker_image_repo: "lscr.io/linuxserver/nginx"+nginx_role_docker_image_tag: "latest"+nginx_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='nginx') }}:{{ lookup('role_var', '_docker_image_tag', role='nginx') }}"  # Envs-nginx_docker_envs_default:+nginx_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"-nginx_docker_envs_custom: {}-nginx_docker_envs: "{{ lookup('vars', nginx_name + '_docker_envs_default', default=nginx_docker_envs_default)-                       | combine(lookup('vars', nginx_name + '_docker_envs_custom', default=nginx_docker_envs_custom)) }}"--# Commands-nginx_docker_commands_default: []-nginx_docker_commands_custom: []-nginx_docker_commands: "{{ lookup('vars', nginx_name + '_docker_commands_default', default=nginx_docker_commands_default)-                           + lookup('vars', nginx_name + '_docker_commands_custom', default=nginx_docker_commands_custom) }}"+nginx_role_docker_envs_custom: {}+nginx_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='nginx')+                            | combine(lookup('role_var', '_docker_envs_custom', role='nginx')) }}"  # Volumes-nginx_docker_volumes_default:-  - "{{ nginx_paths_location }}:/config"-nginx_docker_volumes_custom: []-nginx_docker_volumes: "{{ lookup('vars', nginx_name + '_docker_volumes_default', default=nginx_docker_volumes_default)-                          + lookup('vars', nginx_name + '_docker_volumes_custom', default=nginx_docker_volumes_custom) }}"--# Devices-nginx_docker_devices_default: []-nginx_docker_devices_custom: []-nginx_docker_devices: "{{ lookup('vars', nginx_name + '_docker_devices_default', default=nginx_docker_devices_default)-                          + lookup('vars', nginx_name + '_docker_devices_custom', default=nginx_docker_devices_custom) }}"--# Hosts-nginx_docker_hosts_default: {}-nginx_docker_hosts_custom: {}-nginx_docker_hosts: "{{ docker_hosts_common-                        | combine(lookup('vars', nginx_name + '_docker_hosts_default', default=nginx_docker_hosts_default))-                        | combine(lookup('vars', nginx_name + '_docker_hosts_custom', default=nginx_docker_hosts_custom)) }}"--# Labels-nginx_docker_labels_default: {}-nginx_docker_labels_custom: {}-nginx_docker_labels: "{{ docker_labels_common-                         | combine(lookup('vars', nginx_name + '_docker_labels_default', default=nginx_docker_labels_default))-                         | combine(lookup('vars', nginx_name + '_docker_labels_custom', default=nginx_docker_labels_custom)) }}"+nginx_role_docker_volumes_default:+  - "{{ nginx_role_paths_location }}:/config"+nginx_role_docker_volumes_custom: []+nginx_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='nginx')+                               + lookup('role_var', '_docker_volumes_custom', role='nginx') }}"  # Hostname-nginx_docker_hostname: "{{ nginx_name }}"--# Network Mode-nginx_docker_network_mode_default: "{{ docker_networks_name_common }}"-nginx_docker_network_mode: "{{ lookup('vars', nginx_name + '_docker_network_mode_default', default=nginx_docker_network_mode_default) }}"+nginx_role_docker_hostname: "{{ nginx_name }}"  # Networks-nginx_docker_networks_alias: "{{ nginx_name }}"-nginx_docker_networks_default: []-nginx_docker_networks_custom: []-nginx_docker_networks: "{{ docker_networks_common-                           + lookup('vars', nginx_name + '_docker_networks_default', default=nginx_docker_networks_default)-                           + lookup('vars', nginx_name + '_docker_networks_custom', default=nginx_docker_networks_custom) }}"--# Capabilities-nginx_docker_capabilities_default: []-nginx_docker_capabilities_custom: []-nginx_docker_capabilities: "{{ lookup('vars', nginx_name + '_docker_capabilities_default', default=nginx_docker_capabilities_default)-                               + lookup('vars', nginx_name + '_docker_capabilities_custom', default=nginx_docker_capabilities_custom) }}"--# Security Opts-nginx_docker_security_opts_default: []-nginx_docker_security_opts_custom: []-nginx_docker_security_opts: "{{ lookup('vars', nginx_name + '_docker_security_opts_default', default=nginx_docker_security_opts_default)-                                + lookup('vars', nginx_name + '_docker_security_opts_custom', default=nginx_docker_security_opts_custom) }}"+nginx_role_docker_networks_alias: "{{ nginx_name }}"+nginx_role_docker_networks_default: []+nginx_role_docker_networks_custom: []+nginx_role_docker_networks: "{{ docker_networks_common+                                + lookup('role_var', '_docker_networks_default', role='nginx')+                                + lookup('role_var', '_docker_networks_custom', role='nginx') }}"  # Restart Policy-nginx_docker_restart_policy: unless-stopped+nginx_role_docker_restart_policy: unless-stopped  # State-nginx_docker_state: started+nginx_role_docker_state: started

modified

roles/nginx/tasks/main2.yml

@@ -11,9 +11,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/node_exporter/defaults/main.yml

@@ -7,7 +7,7 @@ #                   GNU General Public License v3.0                      # ########################################################################## ----node_exporter_path: "/opt/node_exporter"+node_exporter_path: "{{ server_appdata_path }}/node_exporter"  node_exporter_latest_releases_url: "{{ svm }}https://api.github.com/repos/prometheus/node_exporter/releases/latest"

modified

roles/notify/tasks/main.yml

@@ -8,7 +8,7 @@ ######################################################################### --- - name: Import Variables Task-  ansible.builtin.import_tasks: "subtasks/variables.yml"+  ansible.builtin.include_tasks: "subtasks/variables.yml"  - name: Sent Notification   ansible.builtin.include_tasks: "subtasks/{{ item }}.yml"

modified

roles/nvidia/defaults/main.yml

@@ -15,7 +15,7 @@ nvidia_enabled: false  # Fetches the latest supported driver version supported by the keylase patch when set to "latest"-# If set to "ignore" then driver installation will be ignored and only patching will run.+# If set to "ignore" then driver installation and patching will be skipped. # Otherwise specify a valid driver like this (it being a quoted string is important): # nvidia_driver_version: "555.58.02" nvidia_driver_version: "latest"@@ -41,7 +41,7 @@ nvidia_patch_download_dest: "/tmp/NVIDIA-patch.sh"  # Harcoded in the patch script file-nvidia_patch_backup_file_location: "/opt/nvidia/libnvidia-encode-backup"+nvidia_patch_backup_file_location: "{{ server_appdata_path }}/nvidia/libnvidia-encode-backup"  ################################ # Docker@@ -90,10 +90,14 @@   NVIDIA_DRIVER_CAPABILITIES: "compute,video,utility"   NVIDIA_VISIBLE_DEVICES: "all" -nvidia_docker_config:+nvidia_docker_config_default:   default-runtime: "nvidia"   exec-opts: ["native.cgroupdriver=cgroupfs"]   runtimes:     nvidia:       path: "/usr/bin/nvidia-container-runtime"       runtimeArgs: []++nvidia_docker_config: "{{ {}+                       if ('nvidia-purge' in ansible_run_tags)+                       else nvidia_docker_config_default }}"

modified

roles/nvidia/tasks/main.yml

@@ -7,175 +7,182 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Install mokutil-  ansible.builtin.apt:-    name: mokutil-    state: latest+- name: Nvidia Tasks+  when: (nvidia_driver_version | lower != 'ignore')+  block:+    - name: Install mokutil+      ansible.builtin.apt:+        name: mokutil+        state: latest -- name: Check if Secure Boot is enabled-  ansible.builtin.shell: "mokutil --sb-state | grep -q 'SecureBoot enabled'"-  register: secure_boot_enabled-  changed_when: false-  failed_when: false+    - name: Check if Secure Boot is enabled+      ansible.builtin.shell: "mokutil --sb-state | grep -q 'SecureBoot enabled'"+      register: secure_boot_enabled+      changed_when: false+      failed_when: false -- name: Fail if Secure Boot is enabled-  ansible.builtin.fail:-    msg: "This role does not support SecureBoot enabled systems."-  when: secure_boot_enabled.rc == 0+    - name: Fail if Secure Boot is enabled+      ansible.builtin.fail:+        msg: "This role does not support SecureBoot enabled systems."+      when: secure_boot_enabled.rc == 0 -- name: Install pkg-config-  ansible.builtin.apt:-    name: pkg-config-    state: latest+    - name: Install pkg-config+      ansible.builtin.apt:+        name: pkg-config+        state: latest -- name: Fetch all Nvidia GPU IDs-  ansible.builtin.shell: lspci | grep -E '.*VGA.*NVIDIA|.*3D controller.*NVIDIA' | cut -d' ' -f 1-  register: nvidia_gpu_ids-  changed_when: false+    - name: Fetch all Nvidia GPU IDs+      ansible.builtin.shell: lspci | grep -E '.*VGA.*NVIDIA|.*3D controller.*NVIDIA' | cut -d' ' -f 1+      register: nvidia_gpu_ids+      changed_when: false -- name: Check if any NVIDIA GPUs were found-  ansible.builtin.set_fact:-    nvidia_gpus_found: "{{ nvidia_gpu_ids.stdout_lines | length > 0 }}"+    - name: Check if any NVIDIA GPUs were found+      ansible.builtin.set_fact:+        nvidia_gpus_found: "{{ nvidia_gpu_ids.stdout_lines | length > 0 }}" -- name: Fail if no NVIDIA GPU was detected-  ansible.builtin.fail:-    msg: "No Nvidia GPUs could be detected."-  when: not nvidia_gpus_found+    - name: Fail if no NVIDIA GPU was detected+      ansible.builtin.fail:+        msg: "No Nvidia GPUs could be detected."+      when: not nvidia_gpus_found -- name: Nvidia Setup block-  when: nvidia_gpus_found-  block:-    - name: Fetch detailed info for all Nvidia GPUs-      ansible.builtin.shell: lspci -s {{ item }}-      register: nvidia_gpu_info-      changed_when: false-      with_items: "{{ nvidia_gpu_ids.stdout_lines }}"+    - name: Nvidia Setup block+      when: nvidia_gpus_found+      block:+        - name: Fetch detailed info for all Nvidia GPUs+          ansible.builtin.shell: lspci -s {{ item }}+          register: nvidia_gpu_info+          changed_when: false+          with_items: "{{ nvidia_gpu_ids.stdout_lines }}" -    - name: Create a list of all GPU details-      ansible.builtin.set_fact:-        all_nvidia_gpus: "{{ nvidia_gpu_info.results | map(attribute='stdout') | list }}"+        - name: Create a list of all GPU details+          ansible.builtin.set_fact:+            all_nvidia_gpus: "{{ nvidia_gpu_info.results | map(attribute='stdout') | list }}" -    - name: Check if any GeForce GPUs are present-      ansible.builtin.set_fact:-        geforce_gpu_present: "{{ all_nvidia_gpus | select('search', 'GeForce') | list | length > 0 }}"+        - name: Check if any GeForce GPUs are present+          ansible.builtin.set_fact:+            geforce_gpu_present: "{{ all_nvidia_gpus | select('search', 'GeForce') | list | length > 0 }}" -    - name: Display detected NVIDIA GPUs-      ansible.builtin.debug:-        msg:-          - "Detected {{ all_nvidia_gpus | length }} NVIDIA GPU(s):"-          - "{{ all_nvidia_gpus }}"-          - "GeForce GPU present: {{ geforce_gpu_present | default(false) }}"--    - name: Fetch NVIDIA driver patch script-      ansible.builtin.uri:-        url: "{{ nvidia_patch_download_url }}"-        return_content: yes-      register: patch_script--    - name: Extract supported driver versions-      ansible.builtin.set_fact:-        supported_versions: >--          {{ patch_script.content | regex_findall('\[\"([0-9.]+)\"\]') | map('regex_replace', '\"', '') | unique | sort }}--    - name: Latest supported version-      ansible.builtin.debug:-        msg: "Latest supported version is {{ supported_versions[-1] }}"--    - name: Define latest version-      ansible.builtin.set_fact:-        nvidia_driver_version: "{{ supported_versions[-1] }}"-      when: nvidia_driver_version == "latest"--    - name: Check for incompatible version (GeForce patching)-      ansible.builtin.fail:-        msg: "Driver version: {{ nvidia_driver_version }} is not supported by the keylase patch."-      when: geforce_gpu_present and (nvidia_driver_version != "latest") and nvidia_driver_version not in supported_versions--    - name: Get nvidia-smi driver version-      ansible.builtin.shell: "nvidia-smi --query-gpu=driver_version --format=csv,noheader"-      register: nvidia_smi_output-      ignore_errors: yes--    - name: Set 'nvidia_installed_driver_version' variable-      ansible.builtin.set_fact:-        nvidia_installed_driver_version: "{{ nvidia_smi_output.stdout_lines[0] | default('')-                                          if nvidia_smi_output.rc == 0-                                          else '' }}"--    - name: Print driver state-      ansible.builtin.debug:-        msg:-          - "Desired driver version: {{ nvidia_driver_version }}"-          - "Current driver version: {{ nvidia_installed_driver_version-                                     if (nvidia_installed_driver_version | length > 0)-                                     else 'not installed' }}"--    - name: Nvidia Purge Drivers Tasks-      when: ('nvidia-purge' in ansible_run_tags) or ((nvidia_installed_driver_version != nvidia_driver_version) and (nvidia_installed_driver_version | length > 0) and ('nvidia' in ansible_run_tags) and (nvidia_driver_version | lower != 'ignore'))-      block:-        - name: Purge Nvidia APT packages-          ansible.builtin.shell: "dpkg --force-depends -P $(dpkg -l | grep nvidia | awk '{print $2}')"-          register: dpkg_purge_output-          ignore_errors: yes--        - name: Remove dependencies that are no longer required-          ansible.builtin.apt:-            autoremove: yes--        - name: Success message+        - name: Display detected NVIDIA GPUs           ansible.builtin.debug:             msg:-              - "Purged Nvidia drivers. System will now reboot."-              - "You will need to re-run your previous tag after the system has rebooted."-          when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)+              - "Detected {{ all_nvidia_gpus | length }} NVIDIA GPU(s):"+              - "{{ all_nvidia_gpus }}"+              - "GeForce GPU present: {{ geforce_gpu_present | default(false) }}" -        - name: Prompt user before continuing-          ansible.builtin.pause:-            prompt: "Read the instructions above and press enter when you have done so"-          when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)+        - name: Fetch NVIDIA driver patch script+          ansible.builtin.uri:+            url: "{{ nvidia_patch_download_url }}"+            return_content: true+          register: patch_script -        - name: Reboot-          ansible.builtin.shell: reboot-          when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)+        - name: Extract supported driver versions+          ansible.builtin.set_fact:+            supported_versions: >-+              {{ patch_script.content | regex_findall('\[\"([0-9.]+)\"\]') | map('regex_replace', '\"', '') | unique | sort }} -    - name: Check if 'blacklist-nouveau.conf' exists-      ansible.builtin.stat:-        path: "{{ nvidia_kernel_blacklist_nouveau_conf_location }}"-      register: blacklist_nouveau_conf+        - name: Latest supported version+          ansible.builtin.debug:+            msg: "Latest supported version is {{ supported_versions[-1] }}" -    - name: "Nvidia Kernel Task"-      ansible.builtin.include_tasks: "subtasks/kernel.yml"-      when:-        - (not blacklist_nouveau_conf.stat.exists)-        - nvidia_kernel_blacklist_nouveau+        - name: Define latest version+          ansible.builtin.set_fact:+            nvidia_driver_version: "{{ supported_versions[-1] }}"+          when: nvidia_driver_version == "latest" -    - name: Nvidia Driver Tasks-      when: ((nvidia_installed_driver_version != nvidia_driver_version) and (nvidia_driver_version | lower != 'ignore') and ('nvidia' in ansible_run_tags)) or (nvidia_installed_driver_version | length == 0)-      block:-        - name: "Nvidia Driver Task"-          ansible.builtin.include_tasks: "subtasks/driver.yml"+        - name: Check for incompatible version (GeForce patching)+          ansible.builtin.fail:+            msg: "Driver version: {{ nvidia_driver_version }} is not supported by the keylase patch."+          when: geforce_gpu_present and (nvidia_driver_version != "latest") and nvidia_driver_version not in supported_versions -        - name: "Cleanup Patch backup"-          ansible.builtin.file:-            path: "{{ nvidia_patch_backup_file_location }}"-            state: absent+        - name: Get nvidia-smi driver version+          ansible.builtin.shell: "nvidia-smi --query-gpu=driver_version --format=csv,noheader"+          register: nvidia_smi_output+          ignore_errors: true -    - name: Nvidia Driver Patch Tasks-      when: geforce_gpu_present-      block:-        - name: Check to see if patch backup files exist+        - name: Set 'nvidia_installed_driver_version' variable+          ansible.builtin.set_fact:+            nvidia_installed_driver_version: "{{ nvidia_smi_output.stdout_lines[0] | default('')+                                              if nvidia_smi_output.rc == 0+                                              else '' }}"++        - name: Print driver state+          ansible.builtin.debug:+            msg:+              - "Desired driver version: {{ nvidia_driver_version }}"+              - "Current driver version: {{ nvidia_installed_driver_version+                                        if (nvidia_installed_driver_version | length > 0)+                                        else 'not installed' }}"++        - name: Nvidia Purge Drivers Tasks+          when: ('nvidia-purge' in ansible_run_tags) or ((nvidia_installed_driver_version != nvidia_driver_version) and (nvidia_installed_driver_version | length > 0) and ('nvidia' in ansible_run_tags))+          block:+            - name: Purge Nvidia APT packages+              ansible.builtin.shell: "dpkg --force-depends -P $(dpkg -l | grep nvidia | awk '{print $2}')"+              register: dpkg_purge_output+              ignore_errors: true++            - name: Remove dependencies that are no longer required+              ansible.builtin.apt:+                autoremove: true++            - name: "Install Docker"+              ansible.builtin.include_role:+                name: "docker"++            - name: Success message+              ansible.builtin.debug:+                msg:+                  - "Purged Nvidia drivers. System will now reboot."+                  - "You will need to re-run your previous tag after the system has rebooted."+              when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)++            - name: Prompt user before continuing+              ansible.builtin.pause:+                prompt: "Read the instructions above and press enter when you have done so"+              when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)++            - name: Reboot+              ansible.builtin.shell: reboot+              when: (dpkg_purge_output.stdout | length > 0) and (dpkg_purge_output.rc == 0)++        - name: Check if 'blacklist-nouveau.conf' exists           ansible.builtin.stat:-            path: "{{ nvidia_patch_backup_file_location }}"-          register: nvidia_patch_backup_folder+            path: "{{ nvidia_kernel_blacklist_nouveau_conf_location }}"+          register: blacklist_nouveau_conf -        - name: "Nvidia Driver Patch Task"-          ansible.builtin.include_tasks: "subtasks/patch.yml"-          when: (not nvidia_patch_backup_folder.stat.exists)+        - name: "Nvidia Kernel Task"+          ansible.builtin.include_tasks: "subtasks/kernel.yml"+          when:+            - (not blacklist_nouveau_conf.stat.exists)+            - nvidia_kernel_blacklist_nouveau -    - name: "Nvidia Nvtop Task"-      ansible.builtin.include_tasks: "subtasks/nvtop.yml"+        - name: Nvidia Driver Tasks+          when: ((nvidia_installed_driver_version != nvidia_driver_version) and ('nvidia' in ansible_run_tags)) or (nvidia_installed_driver_version | length == 0)+          block:+            - name: "Nvidia Driver Task"+              ansible.builtin.include_tasks: "subtasks/driver.yml" -    - name: "Install Docker"-      ansible.builtin.include_role:-        name: "docker"-      when: ('nvidia' in ansible_run_tags)+            - name: "Cleanup Patch backup"+              ansible.builtin.file:+                path: "{{ nvidia_patch_backup_file_location }}"+                state: absent++        - name: Nvidia Driver Patch Tasks+          when: geforce_gpu_present+          block:+            - name: Check to see if patch backup files exist+              ansible.builtin.stat:+                path: "{{ nvidia_patch_backup_file_location }}"+              register: nvidia_patch_backup_folder++            - name: "Nvidia Driver Patch Task"+              ansible.builtin.include_tasks: "subtasks/patch.yml"+              when: (not nvidia_patch_backup_folder.stat.exists)++        - name: "Nvidia Nvtop Task"+          ansible.builtin.include_tasks: "subtasks/nvtop.yml"++        - name: "Install Docker"+          ansible.builtin.include_role:+            name: "docker"+          when: ('nvidia' in ansible_run_tags)

modified

roles/nvidia/tasks/subtasks/driver.yml

@@ -18,7 +18,7 @@     state: latest  - name: Driver | Install gcc12 if kernel is 6.5>= on Jammy-  when: (ansible_kernel is version('6.5', '>=')) and (ansible_distribution_version is version('22.04', '=='))+  when: (ansible_facts['kernel'] is version('6.5', '>=')) and (ansible_facts['distribution_version'] is version('22.04', '=='))   block:     - name: Driver | Install GCC and G++       ansible.builtin.apt:

modified

roles/nvidia/tasks/subtasks/nvtop.yml

@@ -21,7 +21,7 @@   retries: "{{ ansible_retry_count if (not continuous_integration) else ansible_retry_count_ci }}"   delay: 10   until: result is succeeded-  when: ansible_distribution_release in ['jammy', 'focal']+  when: ansible_facts['distribution_release'] in ['jammy', 'focal']  - name: Nvidia | Remove old repository list   ansible.builtin.file:@@ -30,11 +30,11 @@  - name: nvtop | Add flexiondotorg/nvtop repository   ansible.builtin.apt_repository:-    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/flexiondotorg.asc] https://ppa.launchpadcontent.net/flexiondotorg/nvtop/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/flexiondotorg.asc] https://ppa.launchpadcontent.net/flexiondotorg/nvtop/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} main"     filename: "flexiondotorg"     state: present     update_cache: true-  when: ansible_distribution_release in ['jammy', 'focal']+  when: ansible_facts['distribution_release'] in ['jammy', 'focal']  - name: nvtop | Install nvtop   ansible.builtin.apt:

modified

roles/nzbget/defaults/main.yml

@@ -17,51 +17,55 @@ # Paths ################################ -nzbget_paths_folder: "{{ nzbget_name }}"-nzbget_paths_location: "{{ server_appdata_path }}/{{ nzbget_paths_folder }}"-nzbget_paths_downloads_location: "{{ downloads_usenet_path }}/{{ nzbget_paths_folder }}"-nzbget_paths_folders_list:-  - "{{ nzbget_paths_location }}"-  - "{{ nzbget_paths_downloads_location }}"-  - "{{ nzbget_paths_downloads_location }}/completed"-  - "{{ nzbget_paths_downloads_location }}/completed/radarr"-  - "{{ nzbget_paths_downloads_location }}/completed/sonarr"-  - "{{ nzbget_paths_downloads_location }}/completed/lidarr"-nzbget_paths_config_location: "{{ nzbget_paths_location }}/nzbget.conf"+nzbget_role_paths_folder: "{{ nzbget_name }}"+nzbget_role_paths_location: "{{ server_appdata_path }}/{{ nzbget_role_paths_folder }}"+nzbget_role_paths_downloads_location: "{{ downloads_usenet_path }}/{{ nzbget_role_paths_folder }}"+nzbget_role_paths_folders_list:+  - "{{ nzbget_role_paths_location }}"+  - "{{ nzbget_role_paths_downloads_location }}"+  - "{{ nzbget_role_paths_downloads_location }}/completed"+  - "{{ nzbget_role_paths_downloads_location }}/completed/radarr"+  - "{{ nzbget_role_paths_downloads_location }}/completed/sonarr"+  - "{{ nzbget_role_paths_downloads_location }}/completed/lidarr"+nzbget_role_paths_config_location: "{{ nzbget_role_paths_location }}/nzbget.conf"  ################################ # Web ################################ -nzbget_web_subdomain: "{{ nzbget_name }}"-nzbget_web_domain: "{{ user.domain }}"-nzbget_web_port: "6789"-nzbget_web_login: "{{ user.name }}:{{ user.pass }}"-nzbget_web_url_with_login: "{{ 'https://' + nzbget_web_login + '@' + nzbget_web_subdomain + '.' + nzbget_web_domain }}"-nzbget_web_local_url_web_login: "{{ 'http://' + nzbget_web_login + '@' + nzbget_name + ':' + nzbget_web_port }}"+nzbget_role_web_subdomain: "{{ nzbget_name }}"+nzbget_role_web_domain: "{{ user.domain }}"+nzbget_role_web_port: "6789"+nzbget_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='nzbget') + '.' + lookup('role_var', '_web_domain', role='nzbget')+                      if (lookup('role_var', '_web_subdomain', role='nzbget') | length > 0)+                      else lookup('role_var', '_web_domain', role='nzbget')) }}"+nzbget_role_web_login: "{{ user.name }}:{{ user.pass }}"+nzbget_role_web_url_with_login: "{{ 'https://' + lookup('role_var', '_web_login', role='nzbget') + '@' + lookup('role_var', '_web_subdomain', role='nzbget') + '.' + lookup('role_var', '_web_domain', role='nzbget') }}"+nzbget_role_web_local_url: "{{ 'http://' + nzbget_name + ':' + lookup('role_var', '_web_port', role='nzbget') }}"+nzbget_role_web_local_url_web_login: "{{ 'http://' + lookup('role_var', '_web_login', role='nzbget') + '@' + nzbget_name + ':' + lookup('role_var', '_web_port', role='nzbget') }}"  ################################ # DNS ################################ -nzbget_dns_record: "{{ nzbget_web_subdomain }}"-nzbget_dns_zone: "{{ nzbget_web_domain }}"-nzbget_dns_proxy: "{{ dns.proxied }}"+nzbget_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='nzbget') }}"+nzbget_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='nzbget') }}"+nzbget_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -nzbget_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-nzbget_traefik_middleware_default: "{{ traefik_default_middleware-                                        + (',themepark-' + lookup('vars', nzbget_name + '_name', default=nzbget_name)-                                          if (nzbget_themepark_enabled and global_themepark_plugin_enabled)-                                          else '') }}"-nzbget_traefik_middleware_custom: ""-nzbget_traefik_certresolver: "{{ traefik_default_certresolver }}"-nzbget_traefik_enabled: true-nzbget_traefik_api_enabled: true-nzbget_traefik_api_endpoint: "PathRegexp(`^/[A-Za-z0-9]+:[A-Za-z0-9]+/(xml|json|jsonp)rpc`) || PathRegexp(`^/(xml|json|jsonp)rpc`)"+nzbget_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+nzbget_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + nzbget_name+                                              if (lookup('role_var', '_themepark_enabled', role='nzbget') and global_themepark_plugin_enabled)+                                              else '') }}"+nzbget_role_traefik_middleware_custom: ""+nzbget_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+nzbget_role_traefik_enabled: true+nzbget_role_traefik_api_enabled: true+nzbget_role_traefik_api_endpoint: "PathRegexp(`^/[A-Za-z0-9]+:[A-Za-z0-9]+/(xml|json|jsonp)rpc`) || PathRegexp(`^/(xml|json|jsonp)rpc`)"  ################################ # Config@@ -69,7 +73,7 @@  # New Installs -nzbget_config_new_installs_settings_default:+nzbget_role_config_new_installs_settings_default:   # Authentication   - { regexp: '^ControlUsername\s?=.*', line: "ControlUsername={{ user.name }}" }   - { regexp: '^ControlPassword\s?=.*', line: "ControlPassword={{ user.pass }}" }@@ -119,13 +123,13 @@                                                               .duplicate1.rar, .srs, .info, .txt,                                                               .com, .md5, .png, .1, .url, .jpg,                                                               .xxx, .rev, .iso, .img, .ifo, .vob' }-nzbget_config_new_installs_settings_custom: []-nzbget_config_new_installs_settings_list: "{{ nzbget_config_new_installs_settings_default-                                              + nzbget_config_new_installs_settings_custom }}"+nzbget_role_config_new_installs_settings_custom: []+nzbget_role_config_new_installs_settings_list: "{{ lookup('role_var', '_config_new_installs_settings_default', role='nzbget')+                                                   + lookup('role_var', '_config_new_installs_settings_custom', role='nzbget') }}"  # Existing Installs -nzbget_config_existing_installs_settings_default:+nzbget_role_config_existing_installs_settings_default:   # Logging   - { regexp: '^WriteLog\s?=.*', line: 'WriteLog=rotate' }   - { regexp: '^RotateLog\s?=.*', line: 'RotateLog=3' }@@ -134,9 +138,9 @@   # Unpacking   - { regexp: '^UnrarCmd\s?=.*', line: 'UnrarCmd=ionice -c3 /usr/bin/unrar' }   - { regexp: '^SevenZipCmd\s?=.*', line: 'SevenZipCmd=ionice -c3 /usr/bin/7z' }-nzbget_config_existing_installs_settings_custom: []-nzbget_config_existing_installs_settings_list: "{{ nzbget_config_existing_installs_settings_default-                                                   + nzbget_config_existing_installs_settings_custom }}"+nzbget_role_config_existing_installs_settings_custom: []+nzbget_role_config_existing_installs_settings_list: "{{ lookup('role_var', '_config_existing_installs_settings_default', role='nzbget')+                                                        + lookup('role_var', '_config_existing_installs_settings_custom', role='nzbget') }}"  ################################ # Scripts@@ -144,136 +148,99 @@  # Paths # Default nzbget_scripts_paths_location = /opt/scripts/nzbget-nzbget_scripts_paths_location: "{{ server_appdata_path }}/scripts/{{ nzbget_paths_folder }}"-nzbget_scripts_paths_folders_list:-  - "{{ nzbget_scripts_paths_location }}"-  - "{{ nzbget_scripts_paths_location }}/nzbgetpp"-nzbget_scripts_paths_rarfile_py_location: "{{ nzbget_scripts_paths_location }}/nzbgetpp/rarfile/rarfile.py"+nzbget_role_scripts_paths_location: "{{ server_appdata_path }}/scripts/{{ nzbget_role_paths_folder }}"+nzbget_role_scripts_paths_folders_list:+  - "{{ nzbget_role_scripts_paths_location }}"+  - "{{ nzbget_role_scripts_paths_location }}/nzbgetpp"+nzbget_role_scripts_paths_rarfile_py_location: "{{ nzbget_role_scripts_paths_location }}/nzbgetpp/rarfile/rarfile.py"  # Repos Downloaded-nzbget_scripts_repos_default:+nzbget_role_scripts_repos_default:   - 'https://github.com/Prinz23/nzbgetpp.git'-nzbget_scripts_repos_custom: []-nzbget_scripts_repos_list: "{{ nzbget_scripts_repos_default + nzbget_scripts_repos_custom }}"+nzbget_role_scripts_repos_custom: []+nzbget_role_scripts_repos_list: "{{ lookup('role_var', '_scripts_repos_default', role='nzbget') + lookup('role_var', '_scripts_repos_custom', role='nzbget') }}"  # URLs Downloaded-nzbget_scripts_direct_downloads_default:+nzbget_role_scripts_direct_downloads_default:   - "https://raw.githubusercontent.com/clinton-hall/GetScripts/master/flatten.py"   - "https://raw.githubusercontent.com/clinton-hall/GetScripts/master/DeleteSamples.py"   - "https://raw.githubusercontent.com/Prinz23/nzbget-pp-reverse/master/reverse_name.py"   - "https://raw.githubusercontent.com/l3uddz/nzbgetScripts/master/HashRenamer.py"-nzbget_scripts_direct_downloads_custom: []-nzbget_scripts_direct_downloads_list: "{{ nzbget_scripts_direct_downloads_default-                                          + nzbget_scripts_direct_downloads_custom }}"+nzbget_role_scripts_direct_downloads_custom: []+nzbget_role_scripts_direct_downloads_list: "{{ lookup('role_var', '_scripts_direct_downloads_default', role='nzbget')+                                               + lookup('role_var', '_scripts_direct_downloads_custom', role='nzbget') }}"  # Locally Copied-nzbget_scripts_local_copy_default: []-nzbget_scripts_local_copy_custom: []-nzbget_scripts_local_copy_list: "{{ nzbget_scripts_local_copy_default-                                    + nzbget_scripts_local_copy_custom }}"--################################-# THEME+nzbget_role_scripts_local_copy_default: []+nzbget_role_scripts_local_copy_custom: []+nzbget_role_scripts_local_copy_list: "{{ lookup('role_var', '_scripts_local_copy_default', role='nzbget')+                                         + lookup('role_var', '_scripts_local_copy_custom', role='nzbget') }}"++################################+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-nzbget_themepark_enabled: false-nzbget_themepark_app: "nzbget"-nzbget_themepark_theme: "{{ global_themepark_theme }}"-nzbget_themepark_domain: "{{ global_themepark_domain }}"-nzbget_themepark_addons: []+nzbget_role_themepark_enabled: false+nzbget_role_themepark_app: "nzbget"+nzbget_role_themepark_theme: "{{ global_themepark_theme }}"+nzbget_role_themepark_domain: "{{ global_themepark_domain }}"+nzbget_role_themepark_addons: []  ################################ # Docker ################################  # Container-nzbget_docker_container: "{{ nzbget_name }}"+nzbget_role_docker_container: "{{ nzbget_name }}"  # Image-nzbget_docker_image_pull: true-nzbget_docker_image_tag: "release"-nzbget_docker_image: "ghcr.io/hotio/nzbget:{{ nzbget_docker_image_tag }}"--# Ports-nzbget_docker_ports_defaults: []-nzbget_docker_ports_custom: []-nzbget_docker_ports: "{{ nzbget_docker_ports_defaults-                         + nzbget_docker_ports_custom }}"+nzbget_role_docker_image_pull: true+nzbget_role_docker_image_repo: "ghcr.io/hotio/nzbget"+nzbget_role_docker_image_tag: "release"+nzbget_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='nzbget') }}:{{ lookup('role_var', '_docker_image_tag', role='nzbget') }}"  # Envs-nzbget_docker_envs_default:+nzbget_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"   LC_ALL: "C"-nzbget_docker_envs_custom: {}-nzbget_docker_envs: "{{ nzbget_docker_envs_default-                        | combine(nzbget_docker_envs_custom) }}"--# Commands-nzbget_docker_commands_default: []-nzbget_docker_commands_custom: []-nzbget_docker_commands: "{{ nzbget_docker_commands_default-                            + nzbget_docker_commands_custom }}"+nzbget_role_docker_envs_custom: {}+nzbget_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='nzbget')+                             | combine(lookup('role_var', '_docker_envs_custom', role='nzbget')) }}"  # Volumes-nzbget_docker_volumes_default:-  - "{{ nzbget_paths_location }}:/config"+nzbget_role_docker_volumes_default:+  - "{{ nzbget_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-nzbget_docker_volumes_custom: []-nzbget_docker_volumes: "{{ nzbget_docker_volumes_default-                           + nzbget_docker_volumes_custom }}"--# Devices-nzbget_docker_devices_default: []-nzbget_docker_devices_custom: []-nzbget_docker_devices: "{{ nzbget_docker_devices_default-                           + nzbget_docker_devices_custom }}"--# Hosts-nzbget_docker_hosts_default: {}-nzbget_docker_hosts_custom: {}-nzbget_docker_hosts: "{{ docker_hosts_common-                         | combine(nzbget_docker_hosts_default)-                         | combine(nzbget_docker_hosts_custom) }}"+nzbget_role_docker_volumes_custom: []+nzbget_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='nzbget')+                                + lookup('role_var', '_docker_volumes_custom', role='nzbget') }}"  # Labels-nzbget_docker_labels_default: {}-nzbget_docker_labels_custom: {}-nzbget_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', nzbget_name + '_docker_labels_default', default=nzbget_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (nzbget_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', nzbget_name + '_docker_labels_custom', default=nzbget_docker_labels_custom)) }}"+nzbget_role_docker_labels_default: {}+nzbget_role_docker_labels_custom: {}+nzbget_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='nzbget')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='nzbget') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='nzbget')) }}"  # Hostname-nzbget_docker_hostname: "{{ nzbget_name }}"+nzbget_role_docker_hostname: "{{ nzbget_name }}"  # Networks-nzbget_docker_networks_alias: "{{ nzbget_name }}"-nzbget_docker_networks_default: []-nzbget_docker_networks_custom: []-nzbget_docker_networks: "{{ docker_networks_common-                            + nzbget_docker_networks_default-                            + nzbget_docker_networks_custom }}"--# Capabilities-nzbget_docker_capabilities_default: []-nzbget_docker_capabilities_custom: []-nzbget_docker_capabilities: "{{ nzbget_docker_capabilities_default-                                + nzbget_docker_capabilities_custom }}"--# Security Opts-nzbget_docker_security_opts_default: []-nzbget_docker_security_opts_custom: []-nzbget_docker_security_opts: "{{ nzbget_docker_security_opts_default-                                 + nzbget_docker_security_opts_custom }}"+nzbget_role_docker_networks_alias: "{{ nzbget_name }}"+nzbget_role_docker_networks_default: []+nzbget_role_docker_networks_custom: []+nzbget_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='nzbget')+                                 + lookup('role_var', '_docker_networks_custom', role='nzbget') }}"  # Restart Policy-nzbget_docker_restart_policy: unless-stopped+nzbget_role_docker_restart_policy: unless-stopped  # State-nzbget_docker_state: started+nzbget_role_docker_state: started

modified

roles/nzbget/tasks/main.yml

@@ -11,9 +11,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -23,12 +23,12 @@  - name: Check if existing config exists   ansible.builtin.stat:-    path: "{{ nzbget_paths_config_location }}"+    path: "{{ nzbget_role_paths_config_location }}"   register: nzbget_paths_config_location_stat  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/post-install/main.yml"   when: (not continuous_integration)

modified

roles/nzbget/tasks/subtasks/post-install/main.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Wait for config file to be created   ansible.builtin.wait_for:-    path: "{{ nzbget_paths_config_location }}"+    path: "{{ nzbget_role_paths_config_location }}"     state: present  - name: Post-Install | Wait for 10 seconds@@ -19,15 +19,15 @@ - name: Post-Install | Stop container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"   vars:-    var_prefix: "{{ nzbget_docker_container }}"+    var_prefix: "{{ nzbget_role_docker_container }}"  - name: Post-Install | Scripts Task-  ansible.builtin.import_tasks: "scripts/main.yml"+  ansible.builtin.include_tasks: "scripts/main.yml"  - name: Post-Install | Settings Task-  ansible.builtin.import_tasks: "settings/main.yml"+  ansible.builtin.include_tasks: "settings/main.yml"  - name: Post-Install | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"   vars:-    var_prefix: "{{ nzbget_docker_container }}"+    var_prefix: "{{ nzbget_role_docker_container }}"

modified

roles/nzbget/tasks/subtasks/post-install/scripts/main.yml

@@ -14,54 +14,48 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"-  with_items: "{{ nzbget_scripts_paths_folders_list }}"--# Add Scripts+  with_items: "{{ lookup('role_var', '_scripts_paths_folders_list', role='nzbget') }}"  - name: Post-Install | Scripts | Download scripts repos   ansible.builtin.git:     repo: "{{ item }}"-    dest: "{{ nzbget_scripts_paths_location }}/{{ (item | basename | splitext)[0] }}"+    dest: "{{ lookup('role_var', '_scripts_paths_location', role='nzbget') }}/{{ (item | basename | splitext)[0] }}"     clone: true     version: HEAD     force: true   become: true   become_user: "{{ user.name }}"-  loop: "{{ nzbget_scripts_repos_list }}"-  ignore_errors: true+  loop: "{{ lookup('role_var', '_scripts_repos_list', role='nzbget') }}"  - name: Post-Install | Scripts | Download script URLs   ansible.builtin.get_url:     url: "{{ item }}"-    dest: "{{ nzbget_scripts_paths_location }}"+    dest: "{{ lookup('role_var', '_scripts_paths_location', role='nzbget') }}"     validate_certs: false     force: true     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"-  loop: "{{ nzbget_scripts_direct_downloads_list }}"-  ignore_errors: true+  loop: "{{ lookup('role_var', '_scripts_direct_downloads_list', role='nzbget') }}"  - name: Post-Install | Scripts | Import local scripts   ansible.builtin.copy:     src: "{{ item }}"-    dest: "{{ nzbget_scripts_paths_location }}/{{ item }}"+    dest: "{{ lookup('role_var', '_scripts_paths_location', role='nzbget') }}/{{ item }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"     force: true-  loop: "{{ nzbget_scripts_local_copy_list }}"--# Customize Scripts+  loop: "{{ lookup('role_var', '_scripts_local_copy_list', role='nzbget') }}"  - name: Post-Install | Scripts | Check if 'nzbgetpp/rarfile/rarfile.py' exists   ansible.builtin.stat:-    path: "{{ nzbget_scripts_paths_rarfile_py_location }}"+    path: "{{ lookup('role_var', '_scripts_paths_rarfile_py_location', role='nzbget') }}"   register: nzbget_scripts_rarfile_py_stat  - name: Post-Install | Scripts | Add unrar path to 'nzbgetpp/rarfile/rarfile.py'   ansible.builtin.lineinfile:-    path: "{{ nzbget_scripts_paths_rarfile_py_location }}"+    path: "{{ lookup('role_var', '_scripts_paths_rarfile_py_location', role='nzbget') }}"     regexp: '^UNRAR_TOOL\s?=.*'     line: 'UNRAR_TOOL = "/usr/bin/unrar"'     state: present

modified

roles/nzbget/tasks/subtasks/post-install/settings/main.yml

@@ -9,23 +9,23 @@ --- - name: Post-Install | Settings | Update settings For New Installs   ansible.builtin.lineinfile:-    path: "{{ nzbget_paths_config_location }}"+    path: "{{ nzbget_role_paths_config_location }}"     regexp: '{{ item.regexp }}'     line: "{{ item.line }}"     state: present     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"-  loop: "{{ nzbget_config_new_installs_settings_list }}"+  loop: "{{ lookup('role_var', '_config_new_installs_settings_list', role='nzbget') }}"   when: (not nzbget_paths_config_location_stat.stat.exists)  - name: Post-Install | Settings | Set settings For Existing Installs   ansible.builtin.lineinfile:-    path: "{{ nzbget_paths_config_location }}"+    path: "{{ nzbget_role_paths_config_location }}"     regexp: '{{ item.regexp }}'     line: "{{ item.line }}"     state: present     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"-  loop: "{{ nzbget_config_existing_installs_settings_list }}"+  loop: "{{ lookup('role_var', '_config_existing_installs_settings_list', role='nzbget') }}"

modified

roles/nzbhydra2/defaults/main.yml

@@ -17,67 +17,67 @@ # Paths ################################ -nzbhydra2_paths_folder: "{{ nzbhydra2_name }}"-nzbhydra2_paths_location: "{{ server_appdata_path }}/{{ nzbhydra2_paths_folder }}"-nzbhydra2_paths_downloads_location: "{{ downloads_usenet_path }}/{{ nzbhydra2_paths_folder }}"-nzbhydra2_paths_folders_list:-  - "{{ nzbhydra2_paths_location }}"-nzbhydra2_paths_config_location: "{{ nzbhydra2_paths_location }}/nzbhydra.yml"+nzbhydra2_role_paths_folder: "{{ nzbhydra2_name }}"+nzbhydra2_role_paths_location: "{{ server_appdata_path }}/{{ nzbhydra2_role_paths_folder }}"+nzbhydra2_role_paths_downloads_location: "{{ downloads_usenet_path }}/{{ nzbhydra2_role_paths_folder }}"+nzbhydra2_role_paths_folders_list:+  - "{{ nzbhydra2_role_paths_location }}"+nzbhydra2_role_paths_config_location: "{{ nzbhydra2_role_paths_location }}/nzbhydra.yml"  ################################ # Web ################################ -nzbhydra2_web_subdomain: "{{ nzbhydra2_name }}"-nzbhydra2_web_domain: "{{ user.domain }}"-nzbhydra2_web_port: "5076"-nzbhydra2_web_url: "{{ 'https://' + (nzbhydra2_web_subdomain + '.' + nzbhydra2_web_domain-                    if (nzbhydra2_web_subdomain | length > 0)-                    else nzbhydra2_web_domain) }}"+nzbhydra2_role_web_subdomain: "{{ nzbhydra2_name }}"+nzbhydra2_role_web_domain: "{{ user.domain }}"+nzbhydra2_role_web_port: "5076"+nzbhydra2_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='nzbhydra2') + '.' + lookup('role_var', '_web_domain', role='nzbhydra2')+                         if (lookup('role_var', '_web_subdomain', role='nzbhydra2') | length > 0)+                         else lookup('role_var', '_web_domain', role='nzbhydra2')) }}"  ################################ # DNS ################################ -nzbhydra2_dns_record: "{{ nzbhydra2_web_subdomain }}"-nzbhydra2_dns_zone: "{{ nzbhydra2_web_domain }}"-nzbhydra2_dns_proxy: "{{ dns.proxied }}"+nzbhydra2_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='nzbhydra2') }}"+nzbhydra2_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='nzbhydra2') }}"+nzbhydra2_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -nzbhydra2_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-nzbhydra2_traefik_middleware_default: "{{ traefik_default_middleware-                                        + (',themepark-' + lookup('vars', nzbhydra2_name + '_name', default=nzbhydra2_name)-                                          if (nzbhydra2_themepark_enabled and global_themepark_plugin_enabled)-                                          else '') }}"-nzbhydra2_traefik_middleware_custom: ""-nzbhydra2_traefik_certresolver: "{{ traefik_default_certresolver }}"-nzbhydra2_traefik_enabled: true-nzbhydra2_traefik_api_enabled: true-nzbhydra2_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/getnzb`) || PathPrefix(`/gettorrent`) || PathPrefix(`/rss`) || PathPrefix(`/torznab/api`)"+nzbhydra2_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+nzbhydra2_role_traefik_middleware_default: "{{ traefik_default_middleware+                                               + (',themepark-' + nzbhydra2_name+                                                 if (lookup('role_var', '_themepark_enabled', role='nzbhydra2') and global_themepark_plugin_enabled)+                                                 else '') }}"+nzbhydra2_role_traefik_middleware_custom: ""+nzbhydra2_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+nzbhydra2_role_traefik_enabled: true+nzbhydra2_role_traefik_api_enabled: true+nzbhydra2_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/getnzb`) || PathPrefix(`/gettorrent`) || PathPrefix(`/rss`) || PathPrefix(`/torznab/api`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-nzbhydra2_themepark_enabled: false-nzbhydra2_themepark_app: "nzbhydra2"-nzbhydra2_themepark_theme: "{{ global_themepark_theme }}"-nzbhydra2_themepark_domain: "{{ global_themepark_domain }}"-nzbhydra2_themepark_addons: []+nzbhydra2_role_themepark_enabled: false+nzbhydra2_role_themepark_app: "nzbhydra2"+nzbhydra2_role_themepark_theme: "{{ global_themepark_theme }}"+nzbhydra2_role_themepark_domain: "{{ global_themepark_domain }}"+nzbhydra2_role_themepark_addons: []  ################################ # Config ################################ -nzbhydra2_config_settings_jvm_memory: "{{ ((ansible_memory_mb.real.total / 1024)-                                           | round(0, 'ceil') | int >= 8)-                                           | ternary('512', '256') }}"+nzbhydra2_role_config_settings_jvm_memory: "{{ ((ansible_facts['memory_mb']['real']['total'] / 1024)+                                               | round(0, 'ceil') | int >= 8)+                                               | ternary('512', '256') }}" -nzbhydra2_config_settings_default:+nzbhydra2_role_config_settings_default:   # NZBGet   - del(.downloading.downloaders)   - .downloading.downloaders[0].apiKey = "{{ nzbhydra2_sabnzbd_api_lookup | default('not-found') }}"@@ -88,107 +88,70 @@   - .downloading.downloaders[0].name = "SABnzbd" | .downloading.downloaders[0].name style="double"   - .downloading.downloaders[0].nzbAddingType = "UPLOAD" | .downloading.downloaders[0].nzbAddingType style="double"   - .downloading.downloaders[0].downloaderType = "SABNZBD" | .downloading.downloaders[0].downloaderType style="double"-  - .downloading.downloaders[0].url = "http://{{ sabnzbd_docker_networks_alias }}:{{ sabnzbd_web_port }}" | .downloading.downloaders[0].url style="double"+  - .downloading.downloaders[0].url = "http://{{ lookup('role_var', '_docker_networks_alias', role='sabnzbd') }}:{{ lookup('role_var', '_web_port', role='sabnzbd') }}" | .downloading.downloaders[0].url style="double"   - .downloading.downloaders[0].username = null   - .downloading.downloaders[0].password = null   - .downloading.downloaders[0].addPaused = false   # JVM Memory. If RAM >= 8GB, set XMX to 512, else 256.-  - .main.xmx = {{ nzbhydra2_config_settings_jvm_memory }}+  - .main.xmx = {{ lookup('role_var', '_config_settings_jvm_memory', role='nzbhydra2') }} -nzbhydra2_config_settings_custom: []+nzbhydra2_role_config_settings_custom: [] -nzbhydra2_config_settings_list: "{{ nzbhydra2_config_settings_default-                                    + nzbhydra2_config_settings_custom }}"+nzbhydra2_role_config_settings_list: "{{ lookup('role_var', '_config_settings_default', role='nzbhydra2')+                                         + lookup('role_var', '_config_settings_custom', role='nzbhydra2') }}"  ################################ # Docker ################################  # Container-nzbhydra2_docker_container: "{{ nzbhydra2_name }}"+nzbhydra2_role_docker_container: "{{ nzbhydra2_name }}"  # Image-nzbhydra2_docker_image_pull: true-nzbhydra2_docker_image_tag: "latest"-nzbhydra2_docker_image: "lscr.io/linuxserver/nzbhydra2:{{ nzbhydra2_docker_image_tag }}"--# Ports-nzbhydra2_docker_ports_defaults: []-nzbhydra2_docker_ports_custom: []-nzbhydra2_docker_ports: "{{ nzbhydra2_docker_ports_defaults-                            + nzbhydra2_docker_ports_custom }}"+nzbhydra2_role_docker_image_pull: true+nzbhydra2_role_docker_image_repo: "lscr.io/linuxserver/nzbhydra2"+nzbhydra2_role_docker_image_tag: "latest"+nzbhydra2_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='nzbhydra2') }}:{{ lookup('role_var', '_docker_image_tag', role='nzbhydra2') }}"  # Envs-nzbhydra2_docker_envs_default:+nzbhydra2_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-nzbhydra2_docker_envs_custom: {}-nzbhydra2_docker_envs: "{{ nzbhydra2_docker_envs_default-                           | combine(nzbhydra2_docker_envs_custom) }}"--# Commands-nzbhydra2_docker_commands_default: []-nzbhydra2_docker_commands_custom: []-nzbhydra2_docker_commands: "{{ nzbhydra2_docker_commands_default-                               + nzbhydra2_docker_commands_custom }}"+nzbhydra2_role_docker_envs_custom: {}+nzbhydra2_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='nzbhydra2')+                                | combine(lookup('role_var', '_docker_envs_custom', role='nzbhydra2')) }}"  # Volumes-nzbhydra2_docker_volumes_default:-  - "{{ nzbhydra2_paths_location }}:/config"-nzbhydra2_docker_volumes_custom: []-nzbhydra2_docker_volumes: "{{ nzbhydra2_docker_volumes_default-                              + nzbhydra2_docker_volumes_custom }}"--# Devices-nzbhydra2_docker_devices_default: []-nzbhydra2_docker_devices_custom: []-nzbhydra2_docker_devices: "{{ nzbhydra2_docker_devices_default-                              + nzbhydra2_docker_devices_custom }}"--# Hosts-nzbhydra2_docker_hosts_default: {}-nzbhydra2_docker_hosts_custom: {}-nzbhydra2_docker_hosts: "{{ docker_hosts_common-                            | combine(nzbhydra2_docker_hosts_default)-                            | combine(nzbhydra2_docker_hosts_custom) }}"+nzbhydra2_role_docker_volumes_default:+  - "{{ nzbhydra2_role_paths_location }}:/config"+nzbhydra2_role_docker_volumes_custom: []+nzbhydra2_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='nzbhydra2')+                                   + lookup('role_var', '_docker_volumes_custom', role='nzbhydra2') }}"  # Labels-nzbhydra2_docker_labels_default: {}-nzbhydra2_docker_labels_custom: {}-nzbhydra2_docker_labels: "{{ docker_labels_common-                             | combine(lookup('vars', nzbhydra2_name + '_docker_labels_default', default=nzbhydra2_docker_labels_default))-                             | combine((traefik_themepark_labels-                                       if (nzbhydra2_themepark_enabled and global_themepark_plugin_enabled)-                                       else {}),-                                       lookup('vars', nzbhydra2_name + '_docker_labels_custom', default=nzbhydra2_docker_labels_custom)) }}"+nzbhydra2_role_docker_labels_default: {}+nzbhydra2_role_docker_labels_custom: {}+nzbhydra2_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='nzbhydra2')+                                  | combine((traefik_themepark_labels+                                            if (lookup('role_var', '_themepark_enabled', role='nzbhydra2') and global_themepark_plugin_enabled)+                                            else {}),+                                            lookup('role_var', '_docker_labels_custom', role='nzbhydra2')) }}"  # Hostname-nzbhydra2_docker_hostname: "{{ nzbhydra2_name }}"+nzbhydra2_role_docker_hostname: "{{ nzbhydra2_name }}"  # Networks-nzbhydra2_docker_networks_alias: "{{ nzbhydra2_name }}"-nzbhydra2_docker_networks_default: []-nzbhydra2_docker_networks_custom: []-nzbhydra2_docker_networks: "{{ docker_networks_common-                               + nzbhydra2_docker_networks_default-                               + nzbhydra2_docker_networks_custom }}"--# Capabilities-nzbhydra2_docker_capabilities_default: []-nzbhydra2_docker_capabilities_custom: []-nzbhydra2_docker_capabilities: "{{ nzbhydra2_docker_capabilities_default-                                   + nzbhydra2_docker_capabilities_custom }}"--# Security Opts-nzbhydra2_docker_security_opts_default: []-nzbhydra2_docker_security_opts_custom: []-nzbhydra2_docker_security_opts: "{{ nzbhydra2_docker_security_opts_default-                                    + nzbhydra2_docker_security_opts_custom }}"+nzbhydra2_role_docker_networks_alias: "{{ nzbhydra2_name }}"+nzbhydra2_role_docker_networks_default: []+nzbhydra2_role_docker_networks_custom: []+nzbhydra2_role_docker_networks: "{{ docker_networks_common+                                    + lookup('role_var', '_docker_networks_default', role='nzbhydra2')+                                    + lookup('role_var', '_docker_networks_custom', role='nzbhydra2') }}"  # Restart Policy-nzbhydra2_docker_restart_policy: unless-stopped+nzbhydra2_role_docker_restart_policy: unless-stopped  # State-nzbhydra2_docker_state: started+nzbhydra2_role_docker_state: started

modified

roles/nzbhydra2/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -22,12 +22,12 @@  - name: Check if existing config exists   ansible.builtin.stat:-    path: "{{ nzbhydra2_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='nzbhydra2') }}"   register: nzbhydra2_yml_stat  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/post-install/main.yml"   when: (not continuous_integration)

modified

roles/nzbhydra2/tasks/subtasks/post-install/main.yml

@@ -9,13 +9,13 @@ --- - name: Post-Install | Check if SABnzbd config exists   ansible.builtin.stat:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='sabnzbd') }}"   register: nzbhydra2_sabnzbd_yml_stat  - name: Post-Install | SABnzbd tasks-  ansible.builtin.import_tasks: "sabnzbd.yml"+  ansible.builtin.include_tasks: "sabnzbd.yml"   when: (not nzbhydra2_yml_stat.stat.exists) and nzbhydra2_sabnzbd_yml_stat.stat.exists  - name: Post-Install | Settings Tweaks-  ansible.builtin.import_tasks: "settings.yml"+  ansible.builtin.include_tasks: "settings.yml"   when: (not nzbhydra2_yml_stat.stat.exists)

modified

roles/nzbhydra2/tasks/subtasks/post-install/sabnzbd.yml

@@ -9,4 +9,4 @@ --- - name: Find api_key value   ansible.builtin.set_fact:-    nzbhydra2_sabnzbd_api_lookup: "{{ lookup('file', sabnzbd_paths_config_location) | regex_search('^api_key *= *.*', multiline=True) | regex_replace('.*= *(.*)$', '\\1') }}"+    nzbhydra2_sabnzbd_api_lookup: "{{ lookup('file', lookup('role_var', '_paths_config_location', role='sabnzbd')) | regex_search('^api_key *= *.*', multiline=True) | regex_replace('.*= *(.*)$', '\\1') }}"

modified

roles/nzbhydra2/tasks/subtasks/post-install/settings.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Settings | Wait for config file to be created   ansible.builtin.wait_for:-    path: "{{ nzbhydra2_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='nzbhydra2') }}"     state: present  - name: Wait 30 seconds@@ -21,10 +21,10 @@  - name: Post-Install | Settings | Update settings   ansible.builtin.shell: |-    yyq -i '{{ item }}' {{ nzbhydra2_paths_config_location }}+    yyq -i '{{ item }}' {{ lookup('role_var', '_paths_config_location', role='nzbhydra2') }}   become: true   become_user: "{{ user.name }}"-  loop: "{{ nzbhydra2_config_settings_list }}"+  loop: "{{ lookup('role_var', '_config_settings_list', role='nzbhydra2') }}"  - name: Post-Install | Settings | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/nzbthrottle/defaults/main.yml

@@ -17,95 +17,52 @@ # Paths ################################ -nzbthrottle_paths_folder: "{{ nzbthrottle_name }}"-nzbthrottle_paths_location: "{{ server_appdata_path }}/{{ nzbthrottle_paths_folder }}"-nzbthrottle_paths_folders_list:-  - "{{ nzbthrottle_paths_location }}"-nzbthrottle_paths_config_location: "{{ nzbthrottle_paths_location }}/config.json"+nzbthrottle_role_paths_folder: "{{ nzbthrottle_name }}"+nzbthrottle_role_paths_location: "{{ server_appdata_path }}/{{ nzbthrottle_role_paths_folder }}"+nzbthrottle_role_paths_folders_list:+  - "{{ nzbthrottle_role_paths_location }}"+nzbthrottle_role_paths_config_location: "{{ nzbthrottle_role_paths_location }}/config.json"  ################################ # Docker ################################  # Container-nzbthrottle_docker_container: "{{ nzbthrottle_name }}"+nzbthrottle_role_docker_container: "{{ nzbthrottle_name }}"  # Image-nzbthrottle_docker_image_pull: true-nzbthrottle_docker_image_tag: "latest"-nzbthrottle_docker_image: "daghaian/nzbthrottle:{{ nzbthrottle_docker_image_tag }}"--# Ports-nzbthrottle_docker_ports_defaults: []-nzbthrottle_docker_ports_custom: []-nzbthrottle_docker_ports: "{{ nzbthrottle_docker_ports_defaults-                              + nzbthrottle_docker_ports_custom }}"+nzbthrottle_role_docker_image_pull: true+nzbthrottle_role_docker_image_repo: "daghaian/nzbthrottle"+nzbthrottle_role_docker_image_tag: "latest"+nzbthrottle_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='nzbthrottle') }}:{{ lookup('role_var', '_docker_image_tag', role='nzbthrottle') }}"  # Envs-nzbthrottle_docker_envs_default:+nzbthrottle_role_docker_envs_default:   TZ: "{{ tz }}"-nzbthrottle_docker_envs_custom: {}-nzbthrottle_docker_envs: "{{ nzbthrottle_docker_envs_default-                              | combine(nzbthrottle_docker_envs_custom) }}"--# Commands-nzbthrottle_docker_commands_default: []-nzbthrottle_docker_commands_custom: []-nzbthrottle_docker_commands: "{{ nzbthrottle_docker_commands_default-                                  + nzbthrottle_docker_commands_custom }}"+nzbthrottle_role_docker_envs_custom: {}+nzbthrottle_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='nzbthrottle')+                                  | combine(lookup('role_var', '_docker_envs_custom', role='nzbthrottle')) }}"  # Volumes-nzbthrottle_docker_volumes_default:-  - "{{ nzbthrottle_paths_config_location }}:/nzbthrottle/config.json:ro"-nzbthrottle_docker_volumes_custom: []-nzbthrottle_docker_volumes: "{{ nzbthrottle_docker_volumes_default-                                + nzbthrottle_docker_volumes_custom }}"--# Devices-nzbthrottle_docker_devices_default: []-nzbthrottle_docker_devices_custom: []-nzbthrottle_docker_devices: "{{ nzbthrottle_docker_devices_default-                                + nzbthrottle_docker_devices_custom }}"--# Hosts-nzbthrottle_docker_hosts_default: {}-nzbthrottle_docker_hosts_custom: {}-nzbthrottle_docker_hosts: "{{ docker_hosts_common-                              | combine(nzbthrottle_docker_hosts_default)-                              | combine(nzbthrottle_docker_hosts_custom) }}"--# Labels-nzbthrottle_docker_labels_default: {}-nzbthrottle_docker_labels_custom: {}-nzbthrottle_docker_labels: "{{ docker_labels_common-                                | combine(nzbthrottle_docker_labels_default)-                                | combine(nzbthrottle_docker_labels_custom) }}"+nzbthrottle_role_docker_volumes_default:+  - "{{ nzbthrottle_role_paths_config_location }}:/nzbthrottle/config.json:ro"+nzbthrottle_role_docker_volumes_custom: []+nzbthrottle_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='nzbthrottle')+                                     + lookup('role_var', '_docker_volumes_custom', role='nzbthrottle') }}"  # Hostname-nzbthrottle_docker_hostname: "{{ nzbthrottle_name }}"+nzbthrottle_role_docker_hostname: "{{ nzbthrottle_name }}"  # Networks-nzbthrottle_docker_networks_alias: "{{ nzbthrottle_name }}"-nzbthrottle_docker_networks_default: []-nzbthrottle_docker_networks_custom: []-nzbthrottle_docker_networks: "{{ docker_networks_common-                                  + nzbthrottle_docker_networks_default-                                  + nzbthrottle_docker_networks_custom }}"--# Capabilities-nzbthrottle_docker_capabilities_default: []-nzbthrottle_docker_capabilities_custom: []-nzbthrottle_docker_capabilities: "{{ nzbthrottle_docker_capabilities_default-                                      + nzbthrottle_docker_capabilities_custom }}"--# Security Opts-nzbthrottle_docker_security_opts_default: []-nzbthrottle_docker_security_opts_custom: []-nzbthrottle_docker_security_opts: "{{ nzbthrottle_docker_security_opts_default-                                      + nzbthrottle_docker_security_opts_custom }}"+nzbthrottle_role_docker_networks_alias: "{{ nzbthrottle_name }}"+nzbthrottle_role_docker_networks_default: []+nzbthrottle_role_docker_networks_custom: []+nzbthrottle_role_docker_networks: "{{ docker_networks_common+                                      + lookup('role_var', '_docker_networks_default', role='nzbthrottle')+                                      + lookup('role_var', '_docker_networks_custom', role='nzbthrottle') }}"  # Restart Policy-nzbthrottle_docker_restart_policy: unless-stopped+nzbthrottle_role_docker_restart_policy: unless-stopped  # State-nzbthrottle_docker_state: started+nzbthrottle_role_docker_state: started

modified

roles/nzbthrottle/tasks/subtasks/pre-install.yml

@@ -13,11 +13,11 @@  - name: Pre-Install | Check if config exists   ansible.builtin.stat:-    path: "{{ nzbthrottle_paths_config_location }}"-  register: nzbthrottle_paths_config_location_stat+    path: "{{ lookup('role_var', '_paths_config_location', role='nzbthrottle') }}"+  register: nzbthrottle_role_paths_config_location_stat  - name: Pre-Install | New config tasks-  when: (not nzbthrottle_paths_config_location_stat.stat.exists)+  when: (not nzbthrottle_role_paths_config_location_stat.stat.exists)   block:     - name: Pre-Install | Import Plex Auth Token role       ansible.builtin.include_role:@@ -27,7 +27,7 @@     - name: Pre-Install | Import default config       ansible.builtin.template:         src: 'config.json.j2'-        dest: "{{ nzbthrottle_paths_config_location }}"+        dest: "{{ lookup('role_var', '_paths_config_location', role='nzbthrottle') }}"         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0664"

modified

roles/nzbthrottle/templates/config.json.j2

@@ -1,13 +1,13 @@ {   "plex": {-    "url": "{{ plex_web_url }}",+    "url": "{{ lookup('role_var', '_web_url', role='plex') }}",     "interval": 60,     "token": "{{ plex_auth_token | default('') }}"   },   "nzbget": {     "username": "{{ user.name }}",     "password": "{{ user.pass }}",-    "url": "http://nzbget:6789",+    "url": "http://{{ nzbget_name }}:6789",     "speeds": {       "1": 50000,       "2": 40000,

modified

roles/organizr/defaults/main.yml

@@ -18,135 +18,90 @@ ################################  organizr_branch: "v2-master"-organizr_fpm: "yes"  ################################ # Paths ################################ -organizr_paths_folder: "{{ organizr_name }}"-organizr_paths_location: "{{ server_appdata_path }}/{{ organizr_paths_folder }}"-organizr_paths_folders_list:-  - "{{ organizr_paths_location }}"+organizr_role_paths_folder: "{{ organizr_name }}"+organizr_role_paths_location: "{{ server_appdata_path }}/{{ organizr_role_paths_folder }}"+organizr_role_paths_folders_list:+  - "{{ organizr_role_paths_location }}"  ################################ # Web ################################ -organizr_web_subdomain: "{{ organizr_name }}"-organizr_web_domain: "{{ user.domain }}"-organizr_web_port: "80"-organizr_web_url: "{{ 'https://' + (organizr_web_subdomain + '.' + organizr_web_domain-                   if (organizr_web_subdomain | length > 0)-                   else organizr_web_domain) }}"+organizr_role_web_subdomain: "{{ organizr_name }}"+organizr_role_web_domain: "{{ user.domain }}"+organizr_role_web_port: "80"+organizr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='organizr') + '.' + lookup('role_var', '_web_domain', role='organizr')+                        if (lookup('role_var', '_web_subdomain', role='organizr') | length > 0)+                        else lookup('role_var', '_web_domain', role='organizr')) }}"  ################################ # DNS ################################ -organizr_dns_record: "{{ organizr_web_subdomain }}"-organizr_dns_zone: "{{ organizr_web_domain }}"-organizr_dns_proxy: "{{ dns.proxied }}"+organizr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='organizr') }}"+organizr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='organizr') }}"+organizr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -organizr_traefik_sso_middleware: ""-organizr_traefik_middleware_default: "{{ traefik_default_middleware }}"-organizr_traefik_middleware_custom: ""-organizr_traefik_certresolver: "{{ traefik_default_certresolver }}"-organizr_traefik_enabled: true-organizr_traefik_api_enabled: false-organizr_traefik_api_endpoint: ""+organizr_role_traefik_sso_middleware: ""+organizr_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+organizr_role_traefik_middleware_custom: ""+organizr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+organizr_role_traefik_enabled: true+organizr_role_traefik_api_enabled: false+organizr_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-organizr_docker_container: "{{ organizr_name }}"+organizr_role_docker_container: "{{ organizr_name }}"  # Image-organizr_docker_image_pull: true-organizr_docker_image_tag: "latest"-organizr_docker_image: "organizr/organizr:{{ organizr_docker_image_tag }}"--# Ports-organizr_docker_ports_defaults: []-organizr_docker_ports_custom: []-organizr_docker_ports: "{{ organizr_docker_ports_defaults-                           + organizr_docker_ports_custom }}"+organizr_role_docker_image_pull: true+organizr_role_docker_image_repo: "organizr/organizr"+organizr_role_docker_image_tag: "latest"+organizr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='organizr') }}:{{ lookup('role_var', '_docker_image_tag', role='organizr') }}"  # Envs-organizr_docker_envs_default:+organizr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"-  fpm: "{{ organizr_fpm }}"   branch: "{{ organizr_branch }}"-organizr_docker_envs_custom: {}-organizr_docker_envs: "{{ organizr_docker_envs_default-                          | combine(organizr_docker_envs_custom) }}"--# Commands-organizr_docker_commands_default: []-organizr_docker_commands_custom: []-organizr_docker_commands: "{{ organizr_docker_commands_default-                              + organizr_docker_commands_custom }}"+organizr_role_docker_envs_custom: {}+organizr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='organizr')+                               | combine(lookup('role_var', '_docker_envs_custom', role='organizr')) }}"  # Volumes-organizr_docker_volumes_default:-  - "{{ organizr_paths_location }}:/config"-organizr_docker_volumes_custom: []-organizr_docker_volumes: "{{ organizr_docker_volumes_default-                             + organizr_docker_volumes_custom }}"--# Devices-organizr_docker_devices_default: []-organizr_docker_devices_custom: []-organizr_docker_devices: "{{ organizr_docker_devices_default-                             + organizr_docker_devices_custom }}"--# Hosts-organizr_docker_hosts_default: {}-organizr_docker_hosts_custom: {}-organizr_docker_hosts: "{{ docker_hosts_common-                           | combine(organizr_docker_hosts_default)-                           | combine(organizr_docker_hosts_custom) }}"--# Labels-organizr_docker_labels_default: {}-organizr_docker_labels_custom: {}-organizr_docker_labels: "{{ docker_labels_common-                            | combine(organizr_docker_labels_default)-                            | combine(organizr_docker_labels_custom) }}"+organizr_role_docker_volumes_default:+  - "{{ organizr_role_paths_location }}:/config"+organizr_role_docker_volumes_custom: []+organizr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='organizr')+                                  + lookup('role_var', '_docker_volumes_custom', role='organizr') }}"  # Hostname-organizr_docker_hostname: "{{ organizr_name }}"+organizr_role_docker_hostname: "{{ organizr_name }}"  # Networks-organizr_docker_networks_alias: "{{ organizr_name }}"-organizr_docker_networks_default: []-organizr_docker_networks_custom: []-organizr_docker_networks: "{{ docker_networks_common-                              + organizr_docker_networks_default-                              + organizr_docker_networks_custom }}"--# Capabilities-organizr_docker_capabilities_default: []-organizr_docker_capabilities_custom: []-organizr_docker_capabilities: "{{ organizr_docker_capabilities_default-                                  + organizr_docker_capabilities_custom }}"--# Security Opts-organizr_docker_security_opts_default: []-organizr_docker_security_opts_custom: []-organizr_docker_security_opts: "{{ organizr_docker_security_opts_default-                                   + organizr_docker_security_opts_custom }}"+organizr_role_docker_networks_alias: "{{ organizr_name }}"+organizr_role_docker_networks_default: []+organizr_role_docker_networks_custom: []+organizr_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='organizr')+                                   + lookup('role_var', '_docker_networks_custom', role='organizr') }}"  # Restart Policy-organizr_docker_restart_policy: unless-stopped+organizr_role_docker_restart_policy: unless-stopped  # State-organizr_docker_state: started+organizr_role_docker_state: started

modified

roles/organizr/tasks/main.yml

@@ -11,9 +11,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/overseerr/defaults/main.yml

@@ -17,162 +17,119 @@ # Settings ################################ -overseerr_log_level: "info"+overseerr_role_log_level: "info"  ################################ # Paths ################################ -overseerr_paths_folder: "{{ overseerr_name }}"-overseerr_paths_location: "{{ server_appdata_path }}/{{ overseerr_paths_folder }}"-overseerr_paths_cache: "{{ overseerr_paths_location }}/cache"-overseerr_paths_folders_list:-  - "{{ overseerr_paths_location }}"-  - "{{ overseerr_paths_cache }}"-overseerr_paths_config_location: "{{ overseerr_paths_location }}/settings.json"+overseerr_role_paths_folder: "{{ overseerr_name }}"+overseerr_role_paths_location: "{{ server_appdata_path }}/{{ overseerr_role_paths_folder }}"+overseerr_role_paths_cache: "{{ overseerr_role_paths_location }}/cache"+overseerr_role_paths_folders_list:+  - "{{ overseerr_role_paths_location }}"+  - "{{ overseerr_role_paths_cache }}"+overseerr_role_paths_config_location: "{{ overseerr_role_paths_location }}/settings.json"  ################################ # Web ################################ -overseerr_web_subdomain: "{{ overseerr_name }}"-overseerr_web_domain: "{{ user.domain }}"-overseerr_web_port: "5055"-overseerr_web_url: "{{ 'https://' + (lookup('vars', overseerr_name + '_web_subdomain', default=overseerr_web_subdomain) + '.' + lookup('vars', overseerr_name + '_web_domain', default=overseerr_web_domain)-                    if (lookup('vars', overseerr_name + '_web_subdomain', default=overseerr_web_subdomain) | length > 0)-                    else lookup('vars', overseerr_name + '_web_domain', default=overseerr_web_domain)) }}"+overseerr_role_web_subdomain: "{{ overseerr_name }}"+overseerr_role_web_domain: "{{ user.domain }}"+overseerr_role_web_port: "5055"+overseerr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='overseerr') + '.' + lookup('role_var', '_web_domain', role='overseerr')+                         if (lookup('role_var', '_web_subdomain', role='overseerr') | length > 0)+                         else lookup('role_var', '_web_domain', role='overseerr')) }}"  ################################ # DNS ################################ -overseerr_dns_record: "{{ lookup('vars', overseerr_name + '_web_subdomain', default=overseerr_web_subdomain) }}"-overseerr_dns_zone: "{{ lookup('vars', overseerr_name + '_web_domain', default=overseerr_web_domain) }}"-overseerr_dns_proxy: "{{ dns.proxied }}"+overseerr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='overseerr') }}"+overseerr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='overseerr') }}"+overseerr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -overseerr_traefik_sso_middleware: ""-overseerr_traefik_middleware_default: "{{ traefik_default_middleware-                                          + (',themepark-' + lookup('vars', overseerr_name + '_name', default=overseerr_name)-                                            if (overseerr_themepark_enabled and global_themepark_plugin_enabled)-                                            else '') }}"-overseerr_traefik_middleware_custom: ""-overseerr_traefik_certresolver: "{{ traefik_default_certresolver }}"-overseerr_traefik_enabled: true-overseerr_traefik_api_enabled: false-overseerr_traefik_api_endpoint: ""+overseerr_role_traefik_sso_middleware: ""+overseerr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                               + (',themepark-' + overseerr_name+                                                 if (lookup('role_var', '_themepark_enabled', role='overseerr') and global_themepark_plugin_enabled)+                                                 else '') }}"+overseerr_role_traefik_middleware_custom: ""+overseerr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+overseerr_role_traefik_enabled: true+overseerr_role_traefik_api_enabled: false+overseerr_role_traefik_api_endpoint: ""  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-overseerr_themepark_enabled: false-overseerr_themepark_app: "overseerr"-overseerr_themepark_theme: "{{ global_themepark_theme }}"-overseerr_themepark_domain: "{{ global_themepark_domain }}"-overseerr_themepark_addons: []+overseerr_role_themepark_enabled: false+overseerr_role_themepark_app: "overseerr"+overseerr_role_themepark_theme: "{{ global_themepark_theme }}"+overseerr_role_themepark_domain: "{{ global_themepark_domain }}"+overseerr_role_themepark_addons: []  ################################ # Docker ################################  # Container-overseerr_docker_container: "{{ overseerr_name }}"+overseerr_role_docker_container: "{{ overseerr_name }}"  # Image-overseerr_docker_image_pull: true-overseerr_docker_image_repo: "sctx/overseerr"-overseerr_docker_image_tag: "latest"-overseerr_docker_image: "{{ lookup('vars', overseerr_name + '_docker_image_repo', default=overseerr_docker_image_repo)-                            + ':' + lookup('vars', overseerr_name + '_docker_image_tag', default=overseerr_docker_image_tag) }}"--# Ports-overseerr_docker_ports_defaults: []-overseerr_docker_ports_custom: []-overseerr_docker_ports: "{{ lookup('vars', overseerr_name + '_docker_ports_defaults', default=overseerr_docker_ports_defaults)-                            + lookup('vars', overseerr_name + '_docker_ports_custom', default=overseerr_docker_ports_custom) }}"+overseerr_role_docker_image_pull: true+overseerr_role_docker_image_repo: "sctx/overseerr"+overseerr_role_docker_image_tag: "latest"+overseerr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='overseerr') }}:{{ lookup('role_var', '_docker_image_tag', role='overseerr') }}"  # Envs-overseerr_docker_envs_default:+overseerr_role_docker_envs_default:   UMASK: "002"   TZ: "{{ tz }}"-  LOG_LEVEL: "{{ overseerr_log_level }}"-overseerr_docker_envs_custom: {}-overseerr_docker_envs: "{{ lookup('vars', overseerr_name + '_docker_envs_default', default=overseerr_docker_envs_default)-                           | combine(lookup('vars', overseerr_name + '_docker_envs_custom', default=overseerr_docker_envs_custom)) }}"--# Commands-overseerr_docker_commands_default: []-overseerr_docker_commands_custom: []-overseerr_docker_commands: "{{ lookup('vars', overseerr_name + '_docker_commands_default', default=overseerr_docker_commands_default)-                               + lookup('vars', overseerr_name + '_docker_commands_custom', default=overseerr_docker_commands_custom) }}"+  LOG_LEVEL: "{{ lookup('role_var', '_log_level', role='overseerr') }}"+overseerr_role_docker_envs_custom: {}+overseerr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='overseerr')+                                | combine(lookup('role_var', '_docker_envs_custom', role='overseerr')) }}"  # Volumes-overseerr_docker_volumes_default:-  - "{{ overseerr_paths_location }}:/app/config"-overseerr_docker_volumes_custom: []-overseerr_docker_volumes: "{{ lookup('vars', overseerr_name + '_docker_volumes_default', default=overseerr_docker_volumes_default)-                              + lookup('vars', overseerr_name + '_docker_volumes_custom', default=overseerr_docker_volumes_custom) }}"--# Devices-overseerr_docker_devices_default: []-overseerr_docker_devices_custom: []-overseerr_docker_devices: "{{ lookup('vars', overseerr_name + '_docker_devices_default', default=overseerr_docker_devices_default)-                              + lookup('vars', overseerr_name + '_docker_devices_custom', default=overseerr_docker_devices_custom) }}"--# Hosts-overseerr_docker_hosts_default: {}-overseerr_docker_hosts_custom: {}-overseerr_docker_hosts: "{{ docker_hosts_common-                            | combine(lookup('vars', overseerr_name + '_docker_hosts_default', default=overseerr_docker_hosts_default))-                            | combine(lookup('vars', overseerr_name + '_docker_hosts_custom', default=overseerr_docker_hosts_custom)) }}"+overseerr_role_docker_volumes_default:+  - "{{ overseerr_role_paths_location }}:/app/config"+overseerr_role_docker_volumes_custom: []+overseerr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='overseerr')+                                   + lookup('role_var', '_docker_volumes_custom', role='overseerr') }}"  # Labels-overseerr_docker_labels_default: {}-overseerr_docker_labels_custom: {}-overseerr_docker_labels: "{{ docker_labels_common-                             | combine(lookup('vars', overseerr_name + '_docker_labels_default', default=overseerr_docker_labels_default))-                             | combine((traefik_themepark_labels-                                       if (overseerr_themepark_enabled and global_themepark_plugin_enabled)-                                       else {}),-                                       lookup('vars', overseerr_name + '_docker_labels_custom', default=overseerr_docker_labels_custom)) }}"+overseerr_role_docker_labels_default: {}+overseerr_role_docker_labels_custom: {}+overseerr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='overseerr')+                                  | combine((traefik_themepark_labels+                                            if (lookup('role_var', '_themepark_enabled', role='overseerr') and global_themepark_plugin_enabled)+                                            else {}),+                                            lookup('role_var', '_docker_labels_custom', role='overseerr')) }}"  # Hostname-overseerr_docker_hostname: "{{ overseerr_name }}"--# Network Mode-overseerr_docker_network_mode_default: "{{ docker_networks_name_common }}"-overseerr_docker_network_mode: "{{ lookup('vars', overseerr_name + '_docker_network_mode_default', default=overseerr_docker_network_mode_default) }}"+overseerr_role_docker_hostname: "{{ overseerr_name }}"  # Networks-overseerr_docker_networks_alias: "{{ overseerr_name }}"-overseerr_docker_networks_default: []-overseerr_docker_networks_custom: []-overseerr_docker_networks: "{{ docker_networks_common-                               + lookup('vars', overseerr_name + '_docker_networks_default', default=overseerr_docker_networks_default)-                               + lookup('vars', overseerr_name + '_docker_networks_custom', default=overseerr_docker_networks_custom) }}"--# Capabilities-overseerr_docker_capabilities_default: []-overseerr_docker_capabilities_custom: []-overseerr_docker_capabilities: "{{ lookup('vars', overseerr_name + '_docker_capabilities_default', default=overseerr_docker_capabilities_default)-                                   + lookup('vars', overseerr_name + '_docker_capabilities_custom', default=overseerr_docker_capabilities_custom) }}"--# Security Opts-overseerr_docker_security_opts_default: []-overseerr_docker_security_opts_custom: []-overseerr_docker_security_opts: "{{ lookup('vars', overseerr_name + '_docker_security_opts_default', default=overseerr_docker_security_opts_default)-                                    + lookup('vars', overseerr_name + '_docker_security_opts_custom', default=overseerr_docker_security_opts_custom) }}"+overseerr_role_docker_networks_alias: "{{ overseerr_name }}"+overseerr_role_docker_networks_default: []+overseerr_role_docker_networks_custom: []+overseerr_role_docker_networks: "{{ docker_networks_common+                                    + lookup('role_var', '_docker_networks_default', role='overseerr')+                                    + lookup('role_var', '_docker_networks_custom', role='overseerr') }}"  # Restart Policy-overseerr_docker_restart_policy: unless-stopped+overseerr_role_docker_restart_policy: unless-stopped  # State-overseerr_docker_state: started+overseerr_role_docker_state: started  # User-overseerr_docker_user: "{{ uid }}:{{ gid }}"+overseerr_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/overseerr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/permissions/tasks/main.yml

@@ -7,11 +7,11 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Permissions | Recursively set permissions for '/mnt/local'-  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} /mnt/local"+- name: Permissions | Recursively set permissions for '{{ server_local_folder_path }}'+  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} {{ server_local_folder_path }}" -- name: Permissions | Recursively set permissions for '/opt'-  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} /opt"+- name: Permissions | Recursively set permissions for '{{ server_appdata_path }}'+  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} {{ server_appdata_path }}"  - name: Permissions | Recursively set permissions for '/home/{{ user.name }}'   ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} /home/{{ user.name }}"

modified

roles/petio/defaults/main.yml

@@ -17,139 +17,96 @@ # Settings ################################ -petio_mongodb_version: "4.4"+petio_role_mongodb_version: "4.4"  ################################ # Paths ################################ -petio_paths_folder: "{{ petio_name }}"-petio_paths_location: "{{ server_appdata_path }}/{{ petio_paths_folder }}"-petio_paths_folders_list:-  - "{{ petio_paths_location }}"+petio_role_paths_folder: "{{ petio_name }}"+petio_role_paths_location: "{{ server_appdata_path }}/{{ petio_role_paths_folder }}"+petio_role_paths_folders_list:+  - "{{ petio_role_paths_location }}"  ################################ # Web ################################ -petio_web_subdomain: "{{ petio_name }}"-petio_web_domain: "{{ user.domain }}"-petio_web_port: "7777"-petio_web_url: "{{ 'https://' + (petio_web_subdomain + '.' + petio_web_domain-                if (petio_web_subdomain | length > 0)-                else petio_web_domain) }}"+petio_role_web_subdomain: "{{ petio_name }}"+petio_role_web_domain: "{{ user.domain }}"+petio_role_web_port: "7777"+petio_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='petio') + '.' + lookup('role_var', '_web_domain', role='petio')+                     if (lookup('role_var', '_web_subdomain', role='petio') | length > 0)+                     else lookup('role_var', '_web_domain', role='petio')) }}"  ################################ # DNS ################################ -petio_dns_record: "{{ petio_web_subdomain }}"-petio_dns_zone: "{{ petio_web_domain }}"-petio_dns_proxy: "{{ dns.proxied }}"+petio_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='petio') }}"+petio_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='petio') }}"+petio_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -petio_traefik_sso_middleware: ""-petio_traefik_middleware_default: "{{ traefik_default_middleware }}"-petio_traefik_middleware_custom: ""-petio_traefik_certresolver: "{{ traefik_default_certresolver }}"-petio_traefik_enabled: true-petio_traefik_api_enabled: false-petio_traefik_api_endpoint: ""+petio_role_traefik_sso_middleware: ""+petio_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+petio_role_traefik_middleware_custom: ""+petio_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+petio_role_traefik_enabled: true+petio_role_traefik_api_enabled: false+petio_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-petio_docker_container: "{{ petio_name }}"+petio_role_docker_container: "{{ petio_name }}"  # Image-petio_docker_image_pull: true-petio_docker_image_tag: "latest"-petio_docker_image: "ghcr.io/petio-team/petio:{{ petio_docker_image_tag }}"--# Ports-petio_docker_ports_defaults: []-petio_docker_ports_custom: []-petio_docker_ports: "{{ petio_docker_ports_defaults-                        + petio_docker_ports_custom }}"+petio_role_docker_image_pull: true+petio_role_docker_image_repo: "ghcr.io/petio-team/petio"+petio_role_docker_image_tag: "latest"+petio_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='petio') }}:{{ lookup('role_var', '_docker_image_tag', role='petio') }}"  # Envs-petio_docker_envs_default:+petio_role_docker_envs_default:   TZ: "{{ tz }}"-petio_docker_envs_custom: {}-petio_docker_envs: "{{ petio_docker_envs_default-                       | combine(petio_docker_envs_custom) }}"--# Commands-petio_docker_commands_default: []-petio_docker_commands_custom: []-petio_docker_commands: "{{ petio_docker_commands_default-                           + petio_docker_commands_custom }}"+petio_role_docker_envs_custom: {}+petio_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='petio')+                            | combine(lookup('role_var', '_docker_envs_custom', role='petio')) }}"  # Volumes-petio_docker_volumes_default:-  - "{{ petio_paths_location }}:/app/api/config"-petio_docker_volumes_custom: []-petio_docker_volumes: "{{ petio_docker_volumes_default-                          + petio_docker_volumes_custom }}"--# Devices-petio_docker_devices_default: []-petio_docker_devices_custom: []-petio_docker_devices: "{{ petio_docker_devices_default-                          + petio_docker_devices_custom }}"--# Hosts-petio_docker_hosts_default: {}-petio_docker_hosts_custom: {}-petio_docker_hosts: "{{ docker_hosts_common-                        | combine(petio_docker_hosts_default)-                        | combine(petio_docker_hosts_custom) }}"--# Labels-petio_docker_labels_default: {}-petio_docker_labels_custom: {}-petio_docker_labels: "{{ docker_labels_common-                         | combine(petio_docker_labels_default)-                         | combine(petio_docker_labels_custom) }}"+petio_role_docker_volumes_default:+  - "{{ petio_role_paths_location }}:/app/api/config"+petio_role_docker_volumes_custom: []+petio_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='petio')+                               + lookup('role_var', '_docker_volumes_custom', role='petio') }}"  # Hostname-petio_docker_hostname: "{{ petio_name }}"+petio_role_docker_hostname: "{{ petio_name }}"  # Networks-petio_docker_networks_alias: "{{ petio_name }}"-petio_docker_networks_default: []-petio_docker_networks_custom: []-petio_docker_networks: "{{ docker_networks_common-                           + petio_docker_networks_default-                           + petio_docker_networks_custom }}"--# Capabilities-petio_docker_capabilities_default: []-petio_docker_capabilities_custom: []-petio_docker_capabilities: "{{ petio_docker_capabilities_default-                               + petio_docker_capabilities_custom }}"--# Security Opts-petio_docker_security_opts_default: []-petio_docker_security_opts_custom: []-petio_docker_security_opts: "{{ petio_docker_security_opts_default-                                + petio_docker_security_opts_custom }}"+petio_role_docker_networks_alias: "{{ petio_name }}"+petio_role_docker_networks_default: []+petio_role_docker_networks_custom: []+petio_role_docker_networks: "{{ docker_networks_common+                                + lookup('role_var', '_docker_networks_default', role='petio')+                                + lookup('role_var', '_docker_networks_custom', role='petio') }}"  # Restart Policy-petio_docker_restart_policy: unless-stopped+petio_role_docker_restart_policy: unless-stopped  # State-petio_docker_state: started+petio_role_docker_state: started  # User-petio_docker_user: "{{ uid }}:{{ gid }}"+petio_role_docker_user: "{{ uid }}:{{ gid }}"  # Dependencies-petio_depends_on: "{{ petio_name }}-mongo"-petio_depends_on_delay: "0"-petio_depends_on_healthchecks: "false"+petio_role_depends_on: "{{ petio_name }}-mongo"+petio_role_depends_on_delay: "0"+petio_role_depends_on_healthchecks: "false"

modified

roles/petio/tasks/main.yml

@@ -13,16 +13,16 @@   vars:     mongodb_instances: ["{{ petio_name }}-mongo"]     mongodb_docker_env_db: "{{ petio_name }}"-    mongodb_docker_image_tag: "{{ petio_mongodb_version }}"+    mongodb_docker_image_tag: "{{ lookup('role_var', '_mongodb_version', role='petio') }}"     mongodb_paths_folder: "{{ petio_name }}"-    mongodb_paths_location: "{{ server_appdata_path }}/{{ mongodb_paths_folder }}/mongodb"+    mongodb_paths_location: "{{ server_appdata_path }}/{{ mongodb_role_paths_folder }}/mongodb"  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/plex/defaults/main.yml

@@ -17,152 +17,138 @@ # Settings ################################ -plex_open_main_ports: false-plex_open_local_ports: false-plex_plugin_webtools: false-plex_plugin_sub_zero: false-plex_insecure: false-plex_lan_ip: ""+# Do not enable globally if deploying multiple instances+plex_role_open_main_ports: false+# Do not enable globally if deploying multiple instances+plex_role_open_local_ports: false+# Disables Traefik's HTTP to HTTPS redirect for Plex+# Allows older clients with certificate issues to connect insecurely+plex_role_insecure: false+# Adds the IP specified here to the advertised URLs Plex broadcasts to clients+# Useful to avoid traffic going through your WAN when hairpin NAT is not available+plex_role_lan_ip: ""+# Example value "http://gluetun:8888"+plex_role_auth_token_proxy: ""  ################################ # Proxy ################################ -# For instances this works the same as usual plex2_auth_token_proxy for an instance named plex2.-plex_auth_token_proxy: ""-+# Do not edit or override using the inventory plex_proxy_dict:-  http_proxy: "{{ plex_proxy_lookup if (plex_proxy_lookup | length > 0) else '' }}"-  https_proxy: "{{ plex_proxy_lookup if (plex_proxy_lookup | length > 0) else '' }}"--# Do not edit or override using the inventory-plex_proxy_lookup: "{{ lookup('vars', plex_name + '_auth_token_proxy', default=plex_auth_token_proxy) }}"-plex_network_modes: []+  http_proxy: "{{ plex_role_proxy_lookup if (plex_role_proxy_lookup | length > 0) else '' }}"+  https_proxy: "{{ plex_role_proxy_lookup if (plex_role_proxy_lookup | length > 0) else '' }}"++# Do not edit or override using the inventory+plex_role_proxy_lookup: "{{ lookup('role_var', '_auth_token_proxy', role='plex') }}"+# Do not edit or override using the inventory+plex_role_network_modes: []  ################################ # Paths ################################ -plex_paths_folder: "{{ plex_name }}"-plex_paths_location: "{{ server_appdata_path }}/{{ plex_paths_folder }}"-plex_paths_transcodes_location: "{{ transcodes_path }}/{{ plex_paths_folder }}"-plex_paths_folders_list:-  - "{{ plex_paths_location }}"-  - "{{ plex_paths_location }}/Library"-  - "{{ plex_paths_location }}/Library/Application Support"-  - "{{ plex_paths_location }}/Library/Application Support/Plex Media Server"-  - "{{ plex_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins"-  - "{{ plex_paths_location }}/Library/Logs"-  - "{{ plex_paths_location }}/Library/Logs/Plex Media Server"-  - "{{ plex_paths_transcodes_location }}"-plex_paths_application_support_location: "{{ plex_paths_location }}/Library/Application Support/Plex Media Server"-plex_paths_config_location: "{{ plex_paths_application_support_location }}/Preferences.xml"-plex_paths_log_location: "{{ plex_paths_application_support_location }}/Logs"-plex_paths_plugins_location: "{{ plex_paths_application_support_location }}/Plug-ins"-plex_paths_plugin_support_location: "{{ plex_paths_application_support_location }}/Plug-in Support"-plex_paths_db_location: "{{ plex_paths_plugin_support_location }}/Databases/com.plexapp.plugins.library.db"-plex_paths_db_blobs_location: "{{ plex_paths_plugin_support_location }}/Databases/com.plexapp.plugins.library.blobs.db"+plex_role_paths_folder: "{{ plex_name }}"+plex_role_paths_location: "{{ server_appdata_path }}/{{ plex_role_paths_folder }}"+plex_role_paths_transcodes_location: "{{ transcodes_path }}/{{ plex_role_paths_folder }}"+plex_role_paths_folders_list:+  - "{{ plex_role_paths_location }}"+  - "{{ plex_role_paths_location }}/Library"+  - "{{ plex_role_paths_location }}/Library/Application Support"+  - "{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server"+  - "{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server/Plug-ins"+  - "{{ plex_role_paths_location }}/Library/Logs"+  - "{{ plex_role_paths_location }}/Library/Logs/Plex Media Server"+  - "{{ plex_role_paths_transcodes_location }}"+plex_role_paths_application_support_location: "{{ plex_role_paths_location }}/Library/Application Support/Plex Media Server"+plex_role_paths_config_location: "{{ plex_role_paths_application_support_location }}/Preferences.xml"+plex_role_paths_log_location: "{{ plex_role_paths_application_support_location }}/Logs"+plex_role_paths_plugins_location: "{{ plex_role_paths_application_support_location }}/Plug-ins"+plex_role_paths_plugin_support_location: "{{ plex_role_paths_application_support_location }}/Plug-in Support"+plex_role_paths_db_location: "{{ plex_role_paths_plugin_support_location }}/Databases/com.plexapp.plugins.library.db"+plex_role_paths_db_blobs_location: "{{ plex_role_paths_plugin_support_location }}/Databases/com.plexapp.plugins.library.blobs.db"  ################################ # Web ################################ -plex_web_subdomain: "{{ plex_name }}"-plex_web_domain: "{{ user.domain }}"-plex_web_port: "32400"-plex_web_scheme: "https"-plex_web_http_port: "32400"-plex_web_http_scheme: "http"-plex_web_url: "{{ 'https://' + (lookup('vars', plex_name + '_web_subdomain', default=plex_web_subdomain) + '.' + lookup('vars', plex_name + '_web_domain', default=plex_web_domain)-               if (lookup('vars', plex_name + '_web_subdomain', default=plex_web_subdomain) | length > 0)-               else lookup('vars', plex_name + '_web_domain', default=plex_web_domain)) }}"-plex_webtools_web_subdomain: "{{ plex_name }}-webtools"-plex_webtools_web_domain: "{{ plex_web_domain }}"-plex_webtools_web_port: "33400"-plex_webtools_host: "{{ lookup('vars', plex_name + '_webtools_web_subdomain', default=plex_webtools_web_subdomain)-                        + '.' + lookup('vars', plex_name + '_webtools_web_domain', default=plex_webtools_web_domain) }}"-plex_web_insecure_url: "{{ 'http://' + (lookup('vars', plex_name + '_web_subdomain', default=plex_web_subdomain) + '.' + lookup('vars', plex_name + '_web_domain', default=plex_web_domain)-                        if (lookup('vars', plex_name + '_web_subdomain', default=plex_web_subdomain) | length > 0)-                        else lookup('vars', plex_name + '_web_domain', default=plex_web_domain)) }}"+plex_role_web_subdomain: "{{ plex_name }}"+plex_role_web_domain: "{{ user.domain }}"+plex_role_web_port: "32400"+# Do not edit or override using the inventory+plex_role_web_scheme: "https"+plex_role_web_http_port: "32400"+# Do not edit or override using the inventory+plex_role_web_http_scheme: "http"+plex_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='plex') + '.' + lookup('role_var', '_web_domain', role='plex')+                    if (lookup('role_var', '_web_subdomain', role='plex') | length > 0)+                    else lookup('role_var', '_web_domain', role='plex')) }}"+plex_role_web_insecure_url: "{{ 'http://' + (lookup('role_var', '_web_subdomain', role='plex') + '.' + lookup('role_var', '_web_domain', role='plex')+                             if (lookup('role_var', '_web_subdomain', role='plex') | length > 0)+                             else lookup('role_var', '_web_domain', role='plex')) }}"  ################################ # DNS ################################ -plex_dns_record: "{{ lookup('vars', plex_name + '_web_subdomain', default=plex_web_subdomain) }}"-plex_dns_zone: "{{ lookup('vars', plex_name + '_web_domain', default=plex_web_domain) }}"-plex_dns_proxy: "{{ dns.proxied }}"-plex_webtools_dns_record: "{{ lookup('vars', plex_name + '_webtools_web_subdomain', default=plex_webtools_web_subdomain) }}"-plex_webtools_dns_zone: "{{ lookup('vars', plex_name + '_webtools_web_domain', default=plex_webtools_web_domain) }}"-plex_webtools_dns_proxy: "{{ dns.proxied }}"+plex_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='plex') }}"+plex_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='plex') }}"+plex_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -plex_traefik_sso_middleware: ""-plex_traefik_middleware_default: "{{ traefik_default_middleware-                                     + (',themepark-' + lookup('vars', plex_name + '_name', default=plex_name)-                                       if (plex_themepark_enabled and global_themepark_plugin_enabled)-                                       else '') }}"-plex_traefik_middleware_custom: ""-plex_traefik_certresolver: "{{ traefik_default_certresolver }}"-plex_traefik_enabled: true-plex_traefik_api_enabled: false-plex_traefik_api_endpoint: ""-plex_traefik_error_pages_enabled: false-plex_traefik_gzip_enabled: false--plex_traefik_middleware_http: "{{ 'globalHeaders@file'-                               if plex_insecure-                               else traefik_default_middleware_default_http }}"-plex_web_serverstransport: "skipverify@file"--plex_webtools_traefik_sso_middleware: ""-plex_webtools_traefik_middleware_default: "{{ traefik_default_middleware-                                              + (',' + lookup('vars', plex_name + '_webtools_traefik_sso_middleware', default=plex_webtools_traefik_sso_middleware)-                                                if (lookup('vars', plex_name + '_webtools_traefik_sso_middleware', default=plex_webtools_traefik_sso_middleware) | length > 0)-                                                else '') }}"-plex_webtools_traefik_middleware_custom: ""-plex_webtools_traefik_middleware: "{{ plex_webtools_traefik_middleware_default-                                      + (',' + plex_webtools_traefik_middleware_custom-                                        if (not plex_webtools_traefik_middleware_custom.startswith(',') and plex_webtools_traefik_middleware_custom | length > 0)-                                        else plex_webtools_traefik_middleware_custom) }}"-plex_webtools_traefik_certresolver: "{{ traefik_default_certresolver }}"-plex_webtools_traefik_router: "{{ lookup('vars', plex_name + '_webtools_web_subdomain', default=plex_webtools_web_subdomain) }}"--################################-# THEME-################################--# Options can be found at https://github.com/themepark-dev/theme.park-plex_themepark_enabled: false-plex_themepark_app: "plex"-plex_themepark_theme: "{{ global_themepark_theme }}"-plex_themepark_domain: "{{ global_themepark_domain }}"-plex_themepark_addons: []+plex_role_traefik_sso_middleware: ""+plex_role_traefik_middleware_default: "{{ traefik_default_middleware+                                          + (',themepark-' + plex_name+                                            if (lookup('role_var', '_themepark_enabled', role='plex') and global_themepark_plugin_enabled)+                                            else '') }}"+plex_role_traefik_middleware_custom: ""+plex_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+plex_role_traefik_enabled: true+plex_role_traefik_api_enabled: false+plex_role_traefik_api_endpoint: ""+plex_role_traefik_error_pages_enabled: false+plex_role_traefik_gzip_enabled: false+plex_role_traefik_middleware_http_insecure: "{{ lookup('role_var', '_insecure', role='plex') | bool }}"+plex_role_web_serverstransport: "skipverify@file"++################################+# Theme+################################++plex_role_themepark_enabled: false+# Do not edit or override using the inventory+plex_role_themepark_app: "plex"+# Options can be found at https://docs.theme-park.dev/themes/plex/+plex_role_themepark_theme: "{{ global_themepark_theme }}"+# Allows you to override the url where CSS files can be found+plex_role_themepark_domain: "{{ global_themepark_domain }}"+# Options can be found at https://docs.theme-park.dev/themes/addons/+plex_role_themepark_addons: []  ################################ # Docker ################################  # Container-plex_docker_container: "{{ plex_name }}"+plex_role_docker_container: "{{ plex_name }}"  # Image-plex_docker_image_pull: true-plex_docker_image_repo: "plexinc/pms-docker"-plex_docker_image_tag: "latest"-plex_docker_image: "{{ lookup('vars', plex_name + '_docker_image_repo', default=plex_docker_image_repo)-                       + ':' + lookup('vars', plex_name + '_docker_image_tag', default=plex_docker_image_tag) }}"+plex_role_docker_image_pull: true+plex_role_docker_image_repo: "plexinc/pms-docker"+plex_role_docker_image_tag: "latest"+plex_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='plex') }}:{{ lookup('role_var', '_docker_image_tag', role='plex') }}"  # Ports-plex_docker_ports_32400: "{{ port_lookup_32400.meta.port-                          if (port_lookup_32400.meta.port is defined) and (port_lookup_32400.meta.port | trim | length > 0)-                          else '32400' }}"--plex_docker_ports_defaults: []-plex_docker_ports_local:+plex_role_docker_ports_32400: "{{ port_lookup_32400.meta.port+                               if (port_lookup_32400.meta.port is defined) and (port_lookup_32400.meta.port | trim | length > 0)+                               else '32400' }}"++plex_role_docker_ports_default: []+# Skip docs+plex_role_docker_ports_local:   - "1900:1900/udp"   - "5353:5353/udp"   - "8324:8324"@@ -170,135 +156,89 @@   - "32412:32412/udp"   - "32414:32414/udp"   - "32469:32469"-plex_docker_ports_ui:-  - "{{ plex_docker_ports_32400 }}:{{ lookup('vars', plex_name + '_web_port', default=plex_web_port) }}"-plex_docker_ports_custom: []-plex_docker_ports: "{{ lookup('vars', plex_name + '_docker_ports_defaults', default=plex_docker_ports_defaults)-                       + lookup('vars', plex_name + '_docker_ports_custom', default=plex_docker_ports_custom)-                       + (plex_docker_ports_local-                         if (lookup('vars', plex_name + '_open_local_ports', default=false))-                         else [])-                       + (lookup('vars', plex_name + '_docker_ports_ui', default=plex_docker_ports_ui)-                         if plex_open_main_ports-                         else []) }}"+# Skip docs+plex_role_docker_ports_ui:+  - "{{ plex_role_docker_ports_32400 }}:{{ lookup('vars', plex_name + '_web_port', default=plex_role_web_port) }}"+plex_role_docker_ports_custom: []+plex_role_docker_ports: "{{ lookup('role_var', '_docker_ports_default', role='plex')+                            + lookup('role_var', '_docker_ports_custom', role='plex')+                            + (plex_role_docker_ports_local+                              if (lookup('role_var', '_open_local_ports', role='plex'))+                              else [])+                            + (plex_role_docker_ports_ui+                              if lookup('role_var', '_open_main_ports', role='plex')+                              else []) }}"  # Envs-plex_docker_envs_advertise_ip_url: "{{ lookup('vars', plex_name + '_web_url', default=plex_web_url) + ':443,' + lookup('vars', plex_name + '_web_insecure_url', default=plex_web_insecure_url) + ':80'-                                    if plex_insecure-                                    else lookup('vars', plex_name + '_web_url', default=plex_web_url) + ':443' }}"-plex_docker_envs_advertise_ip: "{{ 'http://' + plex_lan_ip + ':32400,' + lookup('vars', plex_name + '_docker_envs_advertise_ip_url', default=plex_docker_envs_advertise_ip_url)-                                if (plex_lan_ip | length > 0) and plex_open_main_ports-                                else lookup('vars', plex_name + '_docker_envs_advertise_ip_url', default=plex_docker_envs_advertise_ip_url) }}"-plex_docker_envs_default:+plex_role_docker_envs_advertise_ip_url: "{{ lookup('role_var', '_web_url', role='plex') + ':443,' + lookup('role_var', '_web_insecure_url', role='plex') + ':80'+                                         if lookup('role_var', '_insecure', role='plex')+                                         else lookup('role_var', '_web_url', role='plex') + ':443' }}"+plex_role_docker_envs_advertise_ip: "{{ 'http://' + lookup('role_var', '_lan_ip', role='plex') + ':32400,' + lookup('role_var', '_docker_envs_advertise_ip_url', role='plex')+                                     if (lookup('role_var', '_lan_ip', role='plex') | length > 0) and lookup('role_var', '_open_main_ports', role='plex')+                                     else lookup('role_var', '_docker_envs_advertise_ip_url', role='plex') }}"+plex_role_docker_envs_default:   PLEX_UID: "{{ uid }}"   PLEX_GID: "{{ gid }}"   PLEX_CLAIM: "{{ (plex_claim_code) | default(omit) }}"   CHANGE_CONFIG_DIR_OWNERSHIP: "false"   TZ: "{{ tz }}"-  ADVERTISE_IP: "{{ plex_docker_envs_advertise_ip }}"-plex_docker_envs_custom: {}-plex_docker_envs: "{{ lookup('vars', plex_name + '_docker_envs_default', default=plex_docker_envs_default)-                      | combine(lookup('vars', plex_name + '_docker_envs_custom', default=plex_docker_envs_custom)) }}"--# Commands-plex_docker_commands_default: []-plex_docker_commands_custom: []-plex_docker_commands: "{{ lookup('vars', plex_name + '_docker_commands_default', default=plex_docker_commands_default)-                          + lookup('vars', plex_name + '_docker_commands_custom', default=plex_docker_commands_custom) }}"+  ADVERTISE_IP: "{{ lookup('role_var', '_docker_envs_advertise_ip', role='plex') }}"+plex_role_docker_envs_custom: {}+plex_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='plex')+                           | combine(lookup('role_var', '_docker_envs_custom', role='plex')) }}"  # Volumes-plex_docker_volumes_default:-  - "{{ plex_paths_location }}:/config"+plex_role_docker_volumes_default:+  - "{{ plex_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"   - "/dev/shm:/dev/shm"-  - "{{ plex_paths_transcodes_location }}:/transcode"-plex_docker_volumes_legacy:+  - "{{ plex_role_paths_transcodes_location }}:/transcode"+plex_role_docker_volumes_legacy:   - "/mnt/unionfs/Media:/data"-plex_docker_volumes_custom: []-plex_docker_volumes: "{{ lookup('vars', plex_name + '_docker_volumes_default', default=plex_docker_volumes_default)-                         + lookup('vars', plex_name + '_docker_volumes_custom', default=plex_docker_volumes_custom)-                         + (lookup('vars', plex_name + '_docker_volumes_legacy', default=plex_docker_volumes_legacy)-                           if docker_legacy_volume-                           else []) }}"+plex_role_docker_volumes_custom: []+plex_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='plex')+                              + lookup('role_var', '_docker_volumes_custom', role='plex')+                              + (lookup('role_var', '_docker_volumes_legacy', role='plex')+                                if docker_legacy_volume+                                else []) }}"  # Mounts-plex_docker_mounts_default:+plex_role_docker_mounts_default:   - target: /tmp     type: tmpfs-plex_docker_mounts_custom: []-plex_docker_mounts: "{{ lookup('vars', plex_name + '_docker_mounts_default', default=plex_docker_mounts_default)-                        + lookup('vars', plex_name + '_docker_mounts_custom', default=plex_docker_mounts_custom) }}"--# Devices-plex_docker_devices_default: []-plex_docker_devices_custom: []-plex_docker_devices: "{{ lookup('vars', plex_name + '_docker_devices_default', default=plex_docker_devices_default)-                         + lookup('vars', plex_name + '_docker_devices_custom', default=plex_docker_devices_custom) }}"+plex_role_docker_mounts_custom: []+plex_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='plex')+                             + lookup('role_var', '_docker_mounts_custom', role='plex') }}"  # Hosts-plex_docker_hosts_default:+plex_role_docker_hosts_default:   metric.plex.tv: "{{ ip_address_localhost }}"   metrics.plex.tv: "{{ ip_address_localhost }}"   analytics.plex.tv: "{{ ip_address_localhost }}"-plex_docker_hosts_custom: {}-plex_docker_hosts: "{{ docker_hosts_common-                       | combine(lookup('vars', plex_name + '_docker_hosts_default', default=plex_docker_hosts_default))-                       | combine(lookup('vars', plex_name + '_docker_hosts_custom', default=plex_docker_hosts_custom)) }}"+plex_role_docker_hosts_custom: {}+plex_role_docker_hosts: "{{ lookup('role_var', '_docker_hosts_default', role='plex')+                            | combine(lookup('role_var', '_docker_hosts_custom', role='plex')) }}"  # Labels-plex_docker_labels_default:-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}-http.entrypoints": "web" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}-http.service": "{{ lookup("vars", plex_name + "_webtools_web_subdomain", default=plex_webtools_web_subdomain) }}" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}-http.rule": "Host(`{{ plex_webtools_host }}`)" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}-http.middlewares": "{{ traefik_default_middleware_http }}" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}-http.priority": "20" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.entrypoints": "websecure" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.service": "{{ lookup("vars", plex_name + "_webtools_web_subdomain", default=plex_webtools_web_subdomain) }}" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.rule": "Host(`{{ plex_webtools_host }}`)" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.tls.options": "securetls@file" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.tls.certresolver": "{{ plex_webtools_traefik_certresolver }}" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.middlewares": "{{ plex_webtools_traefik_middleware }}" }'-  - '{ "traefik.http.routers.{{ plex_webtools_traefik_router }}.priority": "20" }'-  - '{ "traefik.http.services.{{ plex_webtools_traefik_router }}.loadbalancer.server.port": "{{ plex_webtools_web_port }}" }'-plex_docker_labels_custom: {}-plex_docker_labels: "{{ docker_labels_common-                        | combine((lookup('vars', plex_name + '_docker_labels_default', default=plex_docker_labels_default)-                                  if plex_plugin_webtools-                                  else {}),-                                  (traefik_themepark_labels-                                  if (plex_themepark_enabled and global_themepark_plugin_enabled)-                                  else {}),-                                  lookup('vars', plex_name + '_docker_labels_custom', default=plex_docker_labels_custom)) }}"+plex_role_docker_labels_custom: {}+plex_role_docker_labels: "{{ lookup('role_var', '_docker_labels_custom', role='plex')+                             | combine((traefik_themepark_labels+                                       if (lookup('role_var', '_themepark_enabled', role='plex') and global_themepark_plugin_enabled)+                                       else {})) }}"  # Hostname-plex_docker_hostname: "{{ plex_name }}"--# Network Mode-plex_docker_network_mode_default: "{{ docker_networks_name_common }}"-plex_docker_network_mode: "{{ lookup('vars', plex_name + '_docker_network_mode_default', default=plex_docker_network_mode_default) }}"+plex_role_docker_hostname: "{{ plex_name }}"  # Networks-plex_docker_networks_alias: "{{ plex_name }}"-plex_docker_networks_default: []-plex_docker_networks_custom: []-plex_docker_networks: "{{ docker_networks_common-                          + lookup('vars', plex_name + '_docker_networks_default', default=plex_docker_networks_default)-                          + lookup('vars', plex_name + '_docker_networks_custom', default=plex_docker_networks_custom) }}"--# Capabilities-plex_docker_capabilities_default: []-plex_docker_capabilities_custom: []-plex_docker_capabilities: "{{ lookup('vars', plex_name + '_docker_capabilities_default', default=plex_docker_capabilities_default)-                              + lookup('vars', plex_name + '_docker_capabilities_custom', default=plex_docker_capabilities_custom) }}"--# Security Opts-plex_docker_security_opts_default: []-plex_docker_security_opts_custom: []-plex_docker_security_opts: "{{ lookup('vars', plex_name + '_docker_security_opts_default', default=plex_docker_security_opts_default)-                               + lookup('vars', plex_name + '_docker_security_opts_custom', default=plex_docker_security_opts_custom) }}"+plex_role_docker_networks_alias: "{{ plex_name }}"+plex_role_docker_networks_default: []+plex_role_docker_networks_custom: []+plex_role_docker_networks: "{{ docker_networks_common+                               + lookup('role_var', '_docker_networks_default', role='plex')+                               + lookup('role_var', '_docker_networks_custom', role='plex') }}"  # Restart Policy-plex_docker_restart_policy: unless-stopped+plex_role_docker_restart_policy: unless-stopped  # State-plex_docker_state: started+plex_role_docker_state: started

modified

roles/plex/tasks/main.yml

@@ -7,19 +7,19 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Filter Plex Network Modes+- name: Filter Plex Network Modes # noqa jinja[invalid]   ansible.builtin.set_fact:-    plex_network_modes: "{{ plex_network_modes + [plex_lookup] }}"+    plex_role_network_modes: "{{ plex_role_network_modes + [plex_lookup] }}"   vars:     plex_name: "{{ item }}"-    plex_lookup: "{{ lookup('vars', item + '_docker_network_mode_default', default=lookup('vars', item + '_docker_network_mode', default=plex_docker_network_mode)) }}"+    plex_lookup: "{{ lookup('role_var', '_docker_network_mode', role='plex') }}"   loop: "{{ plex_instances }}"   when: (plex_instances | length > 1) and ('container:' in plex_lookup)  - name: Fail if non-unique entries are present   ansible.builtin.fail:     msg: "At least two of your Plex instances are using the same 'container:' network_mode and this will not work due to port collision."-  when: (plex_instances | length > 1) and (plex_network_modes | length) != (plex_network_modes | unique | length)+  when: (plex_instances | length > 1) and (plex_role_network_modes | length) != (plex_role_network_modes | unique | length)  - name: "Execute Plex roles"   ansible.builtin.include_tasks: main2.yml

modified

roles/plex/tasks/main2.yml

@@ -7,20 +7,20 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Add DNS record-  ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"-  vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+- name: Ensure that ports aren't opened when using multiple instances+  ansible.builtin.assert:+    that:+      - not plex_role_open_main_ports+      - not plex_role_open_local_ports+    fail_msg: "Port opening must be disabled when using multiple Plex instances"+  when: (plex_instances | length > 1)  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_webtools_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_webtools_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_webtools_dns_proxy') }}"-  when: plex_plugin_webtools+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -33,8 +33,8 @@     path: "{{ item }}"     state: absent   with_items:-    - "{{ plex_paths_location }}/98-themepark"-    - "{{ plex_paths_location }}/99-modify-binary"+    - "{{ plex_role_paths_location }}/98-themepark"+    - "{{ plex_role_paths_location }}/99-modify-binary"     - "{{ server_appdata_path }}/scripts/bbe"  - name: Plex Reset Codecs tasks@@ -42,9 +42,9 @@   block:     - name: Get contents of Plex Codecs Folder       ansible.builtin.find:-        paths: "{{ plex_paths_application_support_location }}/Codecs"+        paths: "{{ plex_role_paths_application_support_location }}/Codecs"         file_type: directory-        recurse: no+        recurse: false       register: plex_codecs_removal      - name: Delete Plex Codecs Folder@@ -54,16 +54,16 @@       with_items: "{{ plex_codecs_removal.files }}"  - name: Pre-Install Tasks-  ansible.builtin.import_tasks: "subtasks/pre-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/pre-install/main.yml"   when: (not continuous_integration)  - name: Preferences Tasks-  ansible.builtin.import_tasks: "subtasks/preferences/preferences.yml"+  ansible.builtin.include_tasks: "subtasks/preferences/preferences.yml"   when: (not continuous_integration)  - name: Docker Devices Task   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/set_docker_devices_variable.yml"-  when: gpu.intel or use_nvidia+  when: use_intel or use_nvidia  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"@@ -71,4 +71,4 @@ - name: "Execute Plex Extra Tasks role"   ansible.builtin.include_role:     name: "plex_extra_tasks"-  when: (plex_plugin_sub_zero or plex_plugin_webtools) and (not continuous_integration)+  when: (not continuous_integration)

modified

roles/plex/tasks/subtasks/pre-install/main.yml

@@ -7,7 +7,7 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Pre-Install | Get next available port within the range of '32400-32410' # noqa fqcn[action]+- name: Pre-Install | Get next available port within the range of '32400-32410'   find_open_port:     low_bound: 32400     high_bound: 32410

modified

roles/plex/tasks/subtasks/preferences/claim_server.yml

@@ -15,7 +15,7 @@   ansible.builtin.uri:     url: https://plex.tv/api/claim/token.json     method: GET-    return_content: yes+    return_content: true     body:       X-Plex-Version: "{{ plex_auth_token_version }}"       X-Plex-Product: "{{ plex_auth_token_product }}"

modified

roles/plex/tasks/subtasks/preferences/preferences.yml

@@ -7,32 +7,32 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: "Preferences | Check if '{{ plex_paths_config_location | basename }}' exists"+- name: "Preferences | Check if '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}' exists"   ansible.builtin.stat:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"   register: preferences_xml -- name: "Preferences | '{{ plex_paths_config_location | basename }}' Tasks"+- name: "Preferences | '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}' Tasks"   when: preferences_xml.stat.exists   block:     - name: "Preferences | Remove existing PlexOnlineToken from Preferences.xml"       ansible.builtin.replace:-        path: "{{ plex_paths_config_location }}"+        path: "{{ plex_role_paths_config_location }}"         regexp: ' PlexOnlineToken="[^"]*"'         replace: ''       when: ('plex-reclaim' in ansible_run_tags) -    - name: Preferences | Get '{{ plex_paths_config_location | basename }}' XML data+    - name: Preferences | Get '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}' XML data       community.general.xml:-        path: "{{ plex_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"         xpath: /Preferences         content: attribute       register: preferences_xml_resp       ignore_errors: true -    - name: "Preferences | Remove '{{ plex_paths_config_location | basename }}' if malformed"+    - name: "Preferences | Remove '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}' if malformed"       ansible.builtin.file:-        path: "{{ plex_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"         state: absent       when: (preferences_xml_resp is failed) @@ -44,7 +44,7 @@      - name: "Preferences | Fix 'TranscoderTempDirectory'"       community.general.xml:-        path: "{{ plex_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"         xpath: /Preferences         attribute: TranscoderTempDirectory         value: "/transcode"@@ -55,7 +55,7 @@      - name: "Preferences | Set 'secureConnections' to preferred"       community.general.xml:-        path: "{{ plex_paths_config_location }}"+        path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"         xpath: /Preferences         attribute: secureConnections         value: "1"@@ -70,5 +70,5 @@           (preferences_xml_resp.matches[0].Preferences.PlexOnlineToken | trim | length > 0) }}"  - name: Preferences | Claim {{ plex_name | title }} Server-  ansible.builtin.import_tasks: "claim_server.yml"+  ansible.builtin.include_tasks: "claim_server.yml"   when: (not preferences_xml.stat.exists) or (preferences_xml.stat.exists and (not plex_server_claimed))

modified

roles/plex_auth_token/defaults/main.yml

@@ -15,5 +15,11 @@ plex_auth_token_product: "Saltbox" plex_auth_token_platform: "Linux" plex_auth_token_platform_version: "1.0.0"-plex_auth_token_device: "Ubuntu {{ ansible_distribution_version }} - {{ ansible_kernel }}"+plex_auth_token_device: "Ubuntu {{ ansible_facts['distribution_version'] }} - {{ ansible_facts['kernel'] }}" plex_auth_token_device_name: "Saltbox"++################################+# Lookups+################################++plex_auth_token_ini_file: "{{ server_appdata_path }}/saltbox/plex.ini"

modified

roles/plex_auth_token/tasks/main.yml

@@ -13,7 +13,7 @@  - name: "Auth Token | Create directories"   ansible.builtin.file:-    path: "/opt/saltbox"+    path: "{{ server_appdata_path }}/saltbox"     state: directory     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -21,7 +21,7 @@  - name: "Auth Token | Check if PIN exists"   ansible.builtin.stat:-    path: "/opt/saltbox/plex.ini"+    path: "{{ plex_auth_token_ini_file }}"   register: plex_ini  - name: "Auth Token | plex_auth_client_identifier"@@ -29,7 +29,7 @@   block:     - name: "Auth Token | Lookup plex_auth_client_identifier"       ansible.builtin.set_fact:-        plex_auth_client_identifier: "{{ lookup('ini', 'client_identifier section=' + plex_name + ' file=/opt/saltbox/plex.ini') }}"+        plex_auth_client_identifier: "{{ lookup('ini', 'client_identifier section=' + plex_name + ' file=' + plex_auth_token_ini_file) }}"         plex_auth_client_identifier_missing: false    rescue:@@ -45,7 +45,7 @@  - name: "Auth Token | Set plex_auth_token variable if previously saved"   ansible.builtin.set_fact:-    plex_auth_token: "{{ lookup('ini', 'token section=' + plex_name + ' file=/opt/saltbox/plex.ini') | regex_replace('\n', '') }}"+    plex_auth_token: "{{ lookup('ini', 'token section=' + plex_name + ' file=' + plex_auth_token_ini_file) | regex_replace('\n', '') }}"   when: plex_ini.stat.exists and (not plex_auth_client_identifier_missing)  - name: "Auth Token | Set plex_no_token status"@@ -56,15 +56,15 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/network_container_health_status.yml"   vars:     _var_prefix: "plex"-  when: (plex_proxy_lookup | length > 0)+  when: (plex_role_proxy_lookup | length > 0)  - name: "Auth Token | Check if Token is valid"   ansible.builtin.uri:     url: "https://plex.tv/api/v2/user"     method: GET-    return_content: yes+    return_content: true     body:-      X-Plex-Token: "{{ lookup('ini', 'token section=' + plex_name + ' file=/opt/saltbox/plex.ini') }}"+      X-Plex-Token: "{{ lookup('ini', 'token section=' + plex_name + ' file=' + plex_auth_token_ini_file) }}"       X-Plex-Version: "{{ plex_auth_token_version }}"       X-Plex-Product: "{{ plex_auth_token_product }}"       X-Plex-Client-Identifier: "{{ plex_auth_client_identifier }}"@@ -87,7 +87,7 @@       ansible.builtin.uri:         url: "https://plex.tv/api/v2/pins"         method: POST-        return_content: yes+        return_content: true         body:           strong: "true"           X-Plex-Version: "{{ plex_auth_token_version }}"@@ -112,7 +112,7 @@       ansible.builtin.uri:         url: "https://plex.tv/api/v2/pins/{{ plex_pin.json.id }}"         method: GET-        return_content: yes+        return_content: true         body:           X-Plex-Client-Identifier: "{{ plex_auth_client_identifier }}"         body_format: form-urlencoded@@ -130,7 +130,7 @@       ansible.builtin.uri:         url: "https://plex.tv/api/v2/user"         method: GET-        return_content: yes+        return_content: true         body:           X-Plex-Token: "{{ plex_auth_token }}"           X-Plex-Version: "{{ plex_auth_token_version }}"@@ -161,6 +161,7 @@           token: "{{ plex_auth_token }}"         owner: "{{ user.name }}"         group: "{{ user.name }}"+        base_path: "{{ server_appdata_path }}"         overwrite: true  - name: "Auth Token | Display Plex Auth Token"@@ -169,7 +170,7 @@  - name: Change permissions   ansible.builtin.file:-    path: /opt/saltbox+    path: "{{ server_appdata_path }}/saltbox"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0755"

modified

roles/plex_db/defaults/main.yml

@@ -7,10 +7,11 @@ #                   GNU General Public License v3.0                      # ########################################################################## ---+plex_db_integrity_check_only: false+plex_db_failed_integrity: false+plex_db_failed_optimization: false++# Do not edit or override using the inventory plex_db_files:   - "com.plexapp.plugins.library.db"   - "com.plexapp.plugins.library.blobs.db"--plex_db_integrity_check_only: false-plex_db_failed_integrity: false-plex_db_failed_optimization: false

modified

roles/plex_db/tasks/main.yml

@@ -7,19 +7,19 @@ #                   GNU General Public License v3.0                      # ########################################################################## ----- name: Delete old '/opt/plexsql'+- name: "Delete old '{{ server_appdata_path }}/plexsql'"   ansible.builtin.file:-    path: "/opt/plexsql"+    path: "{{ server_appdata_path }}/plexsql"     state: absent  - name: Copy Plex Binaries out-  ansible.builtin.shell: "docker cp {{ plex_instances[0] }}:/usr/lib/plexmediaserver/ /opt/plexsql"+  ansible.builtin.shell: "docker cp {{ plex_instances[0] }}:/usr/lib/plexmediaserver/ {{ server_appdata_path }}/plexsql" -- name: Set '/opt/plexsql' ownership recursively+- name: Set '{{ server_appdata_path }}/plexsql' ownership recursively   ansible.builtin.file:-    path: "/opt/plexsql"+    path: "{{ server_appdata_path }}/plexsql"     state: directory-    recurse: yes+    recurse: true     owner: "{{ user.name }}"     group: "{{ user.name }}"

modified

roles/plex_db/tasks/main2.yml

@@ -7,14 +7,14 @@ #                   GNU General Public License v3.0                      # ########################################################################## ----- name: "Check if '{{ plex_paths_db_location | basename }}' exists"+- name: "Check if '{{ lookup('role_var', '_paths_db_location', role='plex') | basename }}' exists"   ansible.builtin.stat:-    path: "{{ plex_paths_db_location }}"+    path: "{{ lookup('role_var', '_paths_db_location', role='plex') }}"   register: plex_db -- name: "Check if '{{ plex_paths_db_blobs_location | basename }}' exists"+- name: "Check if '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') | basename }}' exists"   ansible.builtin.stat:-    path: "{{ plex_paths_db_blobs_location }}"+    path: "{{ lookup('role_var', '_paths_db_blobs_location', role='plex') }}"   register: plex_db_blobs  - name: Fail if database does not exist@@ -30,12 +30,12 @@ - name: Integrity check   block:     - name: Check if main database passes integrity_check-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_location }}' 'PRAGMA integrity_check(1)'"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_location', role='plex') }}' 'PRAGMA integrity_check(1)'"       register: plex_db_integrity_check       failed_when: (plex_db_integrity_check.stdout != 'ok')      - name: Check if blobs database passes integrity_check-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_blobs_location }}' 'PRAGMA integrity_check(1)'"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') }}' 'PRAGMA integrity_check(1)'"       register: plex_db_blobs_integrity_check       failed_when: (plex_db_blobs_integrity_check.stdout != 'ok') @@ -44,7 +44,7 @@       ansible.builtin.set_fact:         plex_db_failed_integrity: true -    - name: "Notify | Plex instance '{{ plex_name }}' failed the integrity check."+    - name: "Plex instance '{{ plex_name }}' failed the integrity check."       ansible.builtin.include_role:         name: notify       vars:@@ -62,26 +62,26 @@         mode: "0775"      - name: Backup databases-      ansible.builtin.shell: "cp '{{ plex_paths_plugin_support_location }}/Databases/{{ item }}' /tmp/{{ plex_name }}_backup/"+      ansible.builtin.shell: "cp '{{ lookup('role_var', '_paths_plugin_support_location', role='plex') }}/Databases/{{ item }}' /tmp/{{ plex_name }}_backup/"       loop: "{{ plex_db_files }}" -    - name: "Vacuum '{{ plex_paths_db_location | basename }}' database"-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_location }}' 'VACUUM;'"+    - name: "Vacuum '{{ lookup('role_var', '_paths_db_location', role='plex') | basename }}' database"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_location', role='plex') }}' 'VACUUM;'"       register: plex_db_vacuum       failed_when: (plex_db_vacuum.rc != 0) -    - name: "Vacuum '{{ plex_paths_db_blobs_location | basename }}' database"-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_blobs_location }}' 'VACUUM;'"+    - name: "Vacuum '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') | basename }}' database"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') }}' 'VACUUM;'"       register: plex_db_blobs_vacuum       failed_when: (plex_db_blobs_vacuum.rc != 0) -    - name: "Reindex '{{ plex_paths_db_location | basename }}' database"-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_location }}' 'REINDEX;'"+    - name: "Reindex '{{ lookup('role_var', '_paths_db_location', role='plex') | basename }}' database"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_location', role='plex') }}' 'REINDEX;'"       register: plex_db_reindex       failed_when: (plex_db_reindex.rc != 0) -    - name: "Reindex '{{ plex_paths_db_blobs_location | basename }}' database"-      ansible.builtin.shell: "'/opt/plexsql/Plex SQLite' '{{ plex_paths_db_blobs_location }}' 'REINDEX;'"+    - name: "Reindex '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') | basename }}' database"+      ansible.builtin.shell: "'{{ server_appdata_path }}/plexsql/Plex SQLite' '{{ lookup('role_var', '_paths_db_blobs_location', role='plex') }}' 'REINDEX;'"       register: plex_db_blobs_reindex       failed_when: (plex_db_blobs_reindex.rc != 0) @@ -90,7 +90,7 @@       ansible.builtin.set_fact:         plex_db_failed_optimization: true -    - name: "Notify | Plex instance '{{ plex_name }}' failed the optimization tasks."+    - name: "Plex instance '{{ plex_name }}' failed the optimization tasks."       ansible.builtin.include_role:         name: notify       vars:@@ -98,7 +98,7 @@      - name: Delete wal and shm files       ansible.builtin.file:-        path: "{{ plex_paths_plugin_support_location }}/Databases/{{ item }}"+        path: "{{ lookup('role_var', '_paths_plugin_support_location', role='plex') }}/Databases/{{ item }}"         state: absent       loop:         - "com.plexapp.plugins.library.db-wal"@@ -107,7 +107,7 @@         - "com.plexapp.plugins.library.blobs.db-shm"      - name: Restore database backup-      ansible.builtin.shell: "cp -f '/tmp/{{ plex_name }}_backup/{{ item }}' '{{ plex_paths_plugin_support_location }}/Databases/{{ item }}'"+      ansible.builtin.shell: "cp -f '/tmp/{{ plex_name }}_backup/{{ item }}' '{{ lookup('role_var', '_paths_plugin_support_location', role='plex') }}/Databases/{{ item }}'"       loop: "{{ plex_db_files }}"  - name: Start Docker container

modified

roles/plex_extra_tasks/defaults/main.yml

@@ -8,5 +8,5 @@ ######################################################################### --- plex_extra_tasks_hostname: "{{ plex_name-                            if not ('container:' in lookup('vars', plex_name + '_docker_network_mode_default', default=docker_networks_name_common))-                            else (lookup('vars', plex_name + '_docker_network_mode_default', default=docker_networks_name_common).split(':')[1]) }}"+                            if not ('container:' in lookup('role_var', '_docker_network_mode', role='plex', default=docker_networks_name_common))+                            else (lookup('role_var', '_docker_network_mode', role='plex', default=docker_networks_name_common).split(':')[1]) }}"

modified

roles/plex_extra_tasks/tasks/main.yml

@@ -17,5 +17,5 @@     docker_installed_containers_list: "{{ (docker_installed_containers_list.stdout).split() }}"  - name: "Continue when Plex Docker container exists"-  ansible.builtin.import_tasks: "main2.yml"-  when: (plex_docker_container in docker_installed_containers_list)+  ansible.builtin.include_tasks: "main2.yml"+  when: (lookup('role_var', '_docker_container', role='plex') in docker_installed_containers_list)

modified

roles/plex_extra_tasks/tasks/main2.yml

@@ -7,18 +7,18 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Wait for '{{ plex_paths_config_location | basename }}' to be created+- name: Wait for '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}' to be created   ansible.builtin.wait_for:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"     state: present  - name: Wait for {{ plex_name | title }} DB to be created   ansible.builtin.wait_for:-    path: "{{ plex_paths_db_location }}"+    path: "{{ lookup('role_var', '_paths_db_location', role='plex') }}"     state: present  - name: Wait for {{ plex_name | title }} executable to be created-  ansible.builtin.shell: docker exec {{ plex_docker_container }} bash -c "ls '/usr/lib/plexmediaserver/Plex Media Server'"+  ansible.builtin.shell: docker exec {{ lookup('role_var', '_docker_container', role='plex') }} bash -c "ls '/usr/lib/plexmediaserver/Plex Media Server'"   register: pms_check   until: pms_check.stderr.find("No such file or directory") == -1   retries: 600@@ -42,17 +42,17 @@  - name: Ensure transcodes folder has the correct permissions   ansible.builtin.file:-    path: "{{ plex_paths_transcodes_location }}"+    path: "{{ lookup('role_var', '_paths_transcodes_location', role='plex') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"     recurse: true -- name: Find external port binding for '{{ plex_docker_container }}' docker port '{{ plex_web_port }}'-  when: plex_open_main_ports+- name: Find external port binding for '{{ lookup('role_var', '_docker_container', role='plex') }}' docker port '{{ lookup('role_var', '_web_port', role='plex') }}'+  when: lookup('role_var', '_open_main_ports', role='plex')   block:-    - name: Lookup host port mapped to '{{ plex_docker_container }}' docker port '{{ plex_web_port }}'-      ansible.builtin.shell: docker port {{ plex_docker_container }} {{ plex_web_port }} 2> /dev/null | sed 's/[0-9.]*://'+    - name: Lookup host port mapped to '{{ lookup('role_var', '_docker_container', role='plex') }}' docker port '{{ lookup('role_var', '_web_port', role='plex') }}'+      ansible.builtin.shell: docker port {{ lookup('role_var', '_docker_container', role='plex') }} {{ lookup('role_var', '_web_port', role='plex') }} 2> /dev/null | sed 's/[0-9.]*://'       register: plex_docker_port_lookup_cmd       changed_when: false @@ -60,21 +60,21 @@       ansible.builtin.set_fact:         plex_docker_port_lookup: "{{ (plex_docker_port_lookup_cmd.stdout | trim)                                   if (plex_docker_port_lookup_cmd.stdout | trim | length > 0)-                                  else plex_web_port }}"+                                  else lookup('role_var', '_web_port', role='plex') }}" -- name: Update port in '{{ plex_paths_config_location | basename }}'+- name: Update port in '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}'   community.general.xml:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"     xpath: /Preferences     attribute: ManualPortMappingPort-    value: "{{ plex_docker_port_lookup | default(plex_web_port) }}"+    value: "{{ plex_docker_port_lookup | default(lookup('role_var', '_web_port', role='plex')) }}"     state: present   become: true   become_user: "{{ user.name }}" -- name: Disable Remote Access in '{{ plex_paths_config_location | basename }}'+- name: Disable Remote Access in '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}'   community.general.xml:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"     xpath: /Preferences     attribute: PublishServerOnPlexOnlineKey     value: "0"@@ -82,9 +82,9 @@   become: true   become_user: "{{ user.name }}" -- name: Disable Relay in '{{ plex_paths_config_location | basename }}'+- name: Disable Relay in '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}'   community.general.xml:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"     xpath: /Preferences     attribute: RelayEnabled     value: "0"@@ -92,22 +92,12 @@   become: true   become_user: "{{ user.name }}" -- name: Reset permissions of '{{ plex_paths_config_location | basename }}'+- name: Reset permissions of '{{ lookup('role_var', '_paths_config_location', role='plex') | basename }}'   ansible.builtin.file:-    path: "{{ plex_paths_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='plex') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0644"--- name: "Install Sub-Zero Plugin"-  ansible.builtin.include_role:-    name: sub_zero-  when: plex_plugin_sub_zero--- name: "Install WebTools Plugin"-  ansible.builtin.include_role:-    name: webtools-  when: plex_plugin_webtools  - name: Start Docker Container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/plex_fix_futures/tasks/main2.yml

@@ -15,6 +15,7 @@       token: ""     owner: "{{ user.name }}"     group: "{{ user.name }}"+    base_path: "{{ server_appdata_path }}"   register: plex_instance_token  - name: Plex API Block@@ -22,7 +23,7 @@   block:     - name: Get items that have a date set in the future       ansible.builtin.shell: |-        curl -s '{{ plex_web_url }}/library/all?X-Plex-Token={{ plex_instance_token.facts.token }}' -H 'Accept: application/json' | jq -c --arg now '{{ ansible_date_time.epoch }}' '.MediaContainer.Metadata[] | select(.addedAt > ($now|tonumber)) | {id: .ratingKey, addedAt: .addedAt, updatedAt: .updatedAt, title: .title, librarySectionID: .librarySectionID, type: .type}'+        curl -s '{{ lookup('role_var', '_web_url', role='plex') }}/library/all?X-Plex-Token={{ plex_instance_token.facts.token }}' -H 'Accept: application/json' | jq -c --arg now '{{ ansible_facts['date_time']['epoch'] }}' '.MediaContainer.Metadata[] | select(.addedAt > ($now|tonumber)) | {id: .ratingKey, addedAt: .addedAt, updatedAt: .updatedAt, title: .title, librarySectionID: .librarySectionID, type: .type}'       register: plex_future_items_request      - name: Convert request output into a list of dictionaries@@ -36,7 +37,7 @@      - name: Fix future dates       ansible.builtin.shell: |-        curl -X PUT '{{ plex_web_url }}/library/sections/{{ item.librarySectionID }}/all?type={{ item.type_id }}&id={{ item.id }}&addedAt.value={{ item.updatedAt }}&X-Plex-Token={{ plex_instance_token.facts.token }}'+        curl -X PUT '{{ lookup('role_var', '_web_url', role='plex') }}/library/sections/{{ item.librarySectionID }}/all?type={{ item.type_id }}&id={{ item.id }}&addedAt.value={{ item.updatedAt }}&X-Plex-Token={{ plex_instance_token.facts.token }}'       loop: "{{ plex_future_items_typed }}"       register: plex_future_items_task       when: plex_future_items_typed is defined

modified

roles/portainer/defaults/main.yml

@@ -17,151 +17,109 @@ # Settings ################################ -portainer_business_edition: false+portainer_role_business_edition: false  ################################ # Paths ################################ -portainer_paths_folder: "{{ portainer_name }}"-portainer_paths_location: "{{ server_appdata_path }}/{{ portainer_paths_folder }}"-portainer_paths_folders_list:-  - "{{ portainer_paths_location }}"+portainer_role_paths_folder: "{{ portainer_name }}"+portainer_role_paths_location: "{{ server_appdata_path }}/{{ portainer_role_paths_folder }}"+portainer_role_paths_folders_list:+  - "{{ portainer_role_paths_location }}"  ################################ # Web ################################ -portainer_web_subdomain: "{{ portainer_name }}"-portainer_web_domain: "{{ user.domain }}"-portainer_web_port: "9000"-portainer_web_url: "{{ 'https://' + (portainer_web_subdomain + '.' + portainer_web_domain-                    if (portainer_web_subdomain | length > 0)-                    else portainer_web_domain) }}"+portainer_role_web_subdomain: "{{ portainer_name }}"+portainer_role_web_domain: "{{ user.domain }}"+portainer_role_web_port: "9000"+portainer_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='portainer') + '.' + lookup('role_var', '_web_domain', role='portainer')+                         if (lookup('role_var', '_web_subdomain', role='portainer') | length > 0)+                         else lookup('role_var', '_web_domain', role='portainer')) }}"  ################################ # DNS ################################ -portainer_dns_record: "{{ portainer_web_subdomain }}"-portainer_dns_zone: "{{ portainer_web_domain }}"-portainer_dns_proxy: "{{ dns.proxied }}"+portainer_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='portainer') }}"+portainer_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='portainer') }}"+portainer_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -portainer_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-portainer_traefik_middleware_default: "{{ traefik_default_middleware-                                          + (',themepark-' + lookup('vars', portainer_name + '_name', default=portainer_name)-                                            if (portainer_themepark_enabled and global_themepark_plugin_enabled)-                                            else '') }}"-portainer_traefik_middleware_custom: ""-portainer_traefik_certresolver: "{{ traefik_default_certresolver }}"-portainer_traefik_enabled: true-portainer_traefik_api_enabled: true-portainer_traefik_api_endpoint: "PathPrefix(`/api`)"+portainer_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+portainer_role_traefik_middleware_default: "{{ traefik_default_middleware+                                               + (',themepark-' + portainer_name+                                                 if (lookup('role_var', '_themepark_enabled', role='portainer') and global_themepark_plugin_enabled)+                                                 else '') }}"+portainer_role_traefik_middleware_custom: ""+portainer_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+portainer_role_traefik_enabled: true+portainer_role_traefik_api_enabled: true+portainer_role_traefik_api_endpoint: "PathPrefix(`/api`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-portainer_themepark_enabled: false-portainer_themepark_theme: "{{ global_themepark_theme }}"+portainer_role_themepark_enabled: false+portainer_role_themepark_theme: "{{ global_themepark_theme }}"  ################################ # Docker ################################  # Container-portainer_docker_container: "{{ portainer_name }}"+portainer_role_docker_container: "{{ portainer_name }}"  # Image-portainer_docker_image_pull: true-portainer_docker_image_tag: "latest"-portainer_docker_image: "{{ ('portainer/portainer-ee:'-                             if portainer_business_edition-                             else 'portainer/portainer-ce:') + portainer_docker_image_tag }}"--# Ports-portainer_docker_ports_defaults: []-portainer_docker_ports_custom: []-portainer_docker_ports: "{{ portainer_docker_ports_defaults-                            + portainer_docker_ports_custom }}"+portainer_role_docker_image_pull: true+portainer_role_docker_image_tag: "alpine"+portainer_role_docker_image_repo: "{{ 'portainer/portainer-ee'+                                   if lookup('role_var', '_business_edition', role='portainer')+                                   else 'portainer/portainer-ce' }}"+portainer_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='portainer') }}:{{ lookup('role_var', '_docker_image_tag', role='portainer') }}"  # Envs-portainer_docker_envs_default:+portainer_role_docker_envs_default:   TZ: "{{ tz }}"-portainer_docker_envs_custom: {}-portainer_docker_envs: "{{ portainer_docker_envs_default-                           | combine(portainer_docker_envs_custom) }}"--# Commands-portainer_docker_commands_default: []-portainer_docker_commands_custom: []-portainer_docker_commands: "{{ portainer_docker_commands_default-                               + portainer_docker_commands_custom }}"+portainer_role_docker_envs_custom: {}+portainer_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='portainer')+                                | combine(lookup('role_var', '_docker_envs_custom', role='portainer')) }}"  # Volumes-portainer_docker_volumes_default:-  - "{{ portainer_paths_location }}:/data"+portainer_role_docker_volumes_default:+  - "{{ portainer_role_paths_location }}:/data"   - "/var/run/docker.sock:/var/run/docker.sock"-portainer_docker_volumes_custom: []-portainer_docker_volumes: "{{ portainer_docker_volumes_default-                              + portainer_docker_volumes_custom }}"--# Devices-portainer_docker_devices_default: []-portainer_docker_devices_custom: []-portainer_docker_devices: "{{ portainer_docker_devices_default-                              + portainer_docker_devices_custom }}"--# Hosts-portainer_docker_hosts_default: {}-portainer_docker_hosts_custom: {}-portainer_docker_hosts: "{{ docker_hosts_common-                            | combine(portainer_docker_hosts_default)-                            | combine(portainer_docker_hosts_custom) }}"+portainer_role_docker_volumes_custom: []+portainer_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='portainer')+                                   + lookup('role_var', '_docker_volumes_custom', role='portainer') }}"  # Labels-portainer_docker_labels_default: {}-portainer_docker_labels_custom: {}-portainer_docker_labels_themepark:-  - '{ "traefik.http.middlewares.themepark-{{ lookup("vars", portainer_name + "_name", default=portainer_name) }}.plugin.themepark.app": "portainer" }'-  - '{ "traefik.http.middlewares.themepark-{{ lookup("vars", portainer_name + "_name", default=portainer_name) }}.plugin.themepark.theme": "{{ lookup("vars", portainer_name + "_themepark_theme", default=portainer_themepark_theme) }}" }'-portainer_docker_labels: "{{ docker_labels_common-                             | combine(portainer_docker_labels_default)-                             | combine((lookup('vars', portainer_name + '_docker_labels_themepark', default=portainer_docker_labels_themepark)-                                       if (portainer_themepark_enabled and global_themepark_plugin_enabled)-                                       else {}),-                                       lookup('vars', portainer_name + '_docker_labels_custom', default=portainer_docker_labels_custom)) }}"+portainer_role_docker_labels_custom: {}+portainer_role_docker_labels: "{{ lookup('role_var', '_docker_labels_custom', role='portainer')+                                  | combine((traefik_themepark_labels+                                            if (lookup('role_var', '_themepark_enabled', role='portainer') and global_themepark_plugin_enabled)+                                            else {})) }}"  # Hostname-portainer_docker_hostname: "{{ portainer_name }}"+portainer_role_docker_hostname: "{{ portainer_name }}"  # Networks-portainer_docker_networks_alias: "{{ portainer_name }}"-portainer_docker_networks_default: []-portainer_docker_networks_custom: []-portainer_docker_networks: "{{ docker_networks_common-                               + portainer_docker_networks_default-                               + portainer_docker_networks_custom }}"--# Capabilities-portainer_docker_capabilities_default: []-portainer_docker_capabilities_custom: []-portainer_docker_capabilities: "{{ portainer_docker_capabilities_default-                                   + portainer_docker_capabilities_custom }}"--# Security Opts-portainer_docker_security_opts_default: []-portainer_docker_security_opts_custom: []-portainer_docker_security_opts: "{{ portainer_docker_security_opts_default-                                    + portainer_docker_security_opts_custom }}"+portainer_role_docker_networks_alias: "{{ portainer_name }}"+portainer_role_docker_networks_default: []+portainer_role_docker_networks_custom: []+portainer_role_docker_networks: "{{ docker_networks_common+                                    + lookup('role_var', '_docker_networks_default', role='portainer')+                                    + lookup('role_var', '_docker_networks_custom', role='portainer') }}"  # Restart Policy-portainer_docker_restart_policy: unless-stopped+portainer_role_docker_restart_policy: unless-stopped  # State-portainer_docker_state: started+portainer_role_docker_state: started

modified

roles/portainer/tasks/main.yml

@@ -10,16 +10,16 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"  - name: "Check if config folder exists"   ansible.builtin.stat:-    path: "{{ portainer_paths_location }}"+    path: "{{ portainer_role_paths_location }}"   register: portainer_config_stat  - name: Create directories@@ -29,5 +29,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Setup Tasks-  ansible.builtin.import_tasks: "subtasks/setup.yml"+  ansible.builtin.include_tasks: "subtasks/setup.yml"   when: not portainer_config_stat.stat.exists and (user.pass | length >= 12) and (user.pass | length <= 72)

modified

roles/portainer/tasks/subtasks/setup.yml

@@ -13,8 +13,9 @@  - name: Setup | Create Saltbox user   ansible.builtin.uri:-    url: "http://{{ portainer_name }}:9000/api/users/admin/init"+    url: "http://{{ portainer_name }}:{{ portainer_role_web_port }}/api/users/admin/init"     method: POST-    return_content: yes+    return_content: true     body_format: json     body: {"Username": "{{ user.name }}", "Password": "{{ user.pass }}"}+  no_log: true

modified

roles/postgres/defaults/main.yml

@@ -17,124 +17,84 @@ # Settings ################################ -postgres_docker_env_password: "password4321"-postgres_docker_env_user: "{{ user.name }}"-postgres_docker_env_db: "saltbox"+postgres_role_docker_env_password: "password4321"+postgres_role_docker_env_user: "{{ user.name }}"+postgres_role_docker_env_db: "saltbox" -# Memory limit in format <number>[<unit>].-# Number is a positive integer.-# Unit can be B (byte), K (kibibyte, 1024B), M (mebibyte), G (gibibyte), T (tebibyte), or P (pebibyte).-postgres_docker_memory_limit: 0+# Do not edit or override using the inventory+postgres_role_docker_env_password_include: ""+# Do not edit or override using the inventory+postgres_role_docker_env_user_include: ""+# Do not edit or override using the inventory+postgres_role_docker_env_password_effective: "{{ postgres_role_docker_env_password_include+                                              if (postgres_role_docker_env_password_include | length > 0)+                                              else lookup('role_var', '_docker_env_password', role='postgres') }}"+# Do not edit or override using the inventory+postgres_role_docker_env_user_effective: "{{ postgres_role_docker_env_user_include+                                          if (postgres_role_docker_env_user_include | length > 0)+                                          else lookup('role_var', '_docker_env_user', role='postgres') }}"  ################################ # Paths ################################ -postgres_paths_folder: "{{ postgres_name }}"-postgres_paths_location: "{{ server_appdata_path }}/{{ postgres_paths_folder }}"-postgres_paths_folders_list:-  - "{{ postgres_paths_location }}"+postgres_role_paths_folder: "{{ postgres_name }}"+postgres_role_paths_location: "{{ server_appdata_path }}/{{ postgres_role_paths_folder }}"+postgres_role_paths_folders_list:+  - "{{ postgres_role_paths_location }}"  ################################ # Docker ################################  # Container-postgres_docker_container: "{{ postgres_name }}"+postgres_role_docker_container: "{{ postgres_name }}"  # Image-postgres_docker_image_pull: true-postgres_docker_image_tag: "17-alpine"-postgres_docker_image_repo: "postgres"-postgres_docker_image: "{{ lookup('vars', postgres_name + '_docker_image_repo', default=postgres_docker_image_repo)-                           + ':' + lookup('vars', postgres_name + '_docker_image_tag', default=postgres_docker_image_tag) }}"--# Ports-postgres_docker_ports_defaults: []-postgres_docker_ports_custom: []-postgres_docker_ports: "{{ postgres_docker_ports_defaults-                           + postgres_docker_ports_custom }}"+postgres_role_docker_image_pull: true+postgres_role_docker_image_tag: "17-alpine"+postgres_role_docker_image_repo: "postgres"+postgres_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='postgres') }}:{{ lookup('role_var', '_docker_image_tag', role='postgres') }}"  # Envs-postgres_docker_envs_default:+postgres_role_docker_envs_default:   TZ: "{{ tz }}"   PGDATA: "/data"-  POSTGRES_PASSWORD: "{{ lookup('vars', postgres_name + '_docker_env_password', default=postgres_docker_env_password) }}"-  POSTGRES_USER: "{{ lookup('vars', postgres_name + '_docker_env_user', default=postgres_docker_env_user) }}"-  POSTGRES_DB: "{{ lookup('vars', postgres_name + '_docker_env_db', default=postgres_docker_env_db) }}"-postgres_docker_envs_custom: {}-postgres_docker_envs: "{{ lookup('vars', postgres_name + '_docker_envs_default', default=postgres_docker_envs_default)-                          | combine(lookup('vars', postgres_name + '_docker_envs_custom', default=postgres_docker_envs_custom)) }}"--# Commands-postgres_docker_commands_default: []-postgres_docker_commands_custom: []-postgres_docker_commands: "{{ lookup('vars', postgres_name + '_docker_commands_default', default=postgres_docker_commands_default)-                              + lookup('vars', postgres_name + '_docker_commands_custom', default=postgres_docker_commands_custom) }}"+  POSTGRES_PASSWORD: "{{ postgres_role_docker_env_password_effective }}"+  POSTGRES_USER: "{{ postgres_role_docker_env_user_effective }}"+  POSTGRES_DB: "{{ lookup('role_var', '_docker_env_db', role='postgres') }}"+postgres_role_docker_envs_custom: {}+postgres_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='postgres')+                               | combine(lookup('role_var', '_docker_envs_custom', role='postgres')) }}"  # Volumes-postgres_docker_volumes_default:-  - "{{ postgres_paths_location }}:/data"+postgres_role_docker_volumes_default:+  - "{{ postgres_role_paths_location }}:/data"+  - "{{ postgres_role_paths_location }}:/var/lib/postgresql/data"   - "/etc/passwd:/etc/passwd:ro"-postgres_docker_volumes_custom: []-postgres_docker_volumes: "{{ lookup('vars', postgres_name + '_docker_volumes_default', default=postgres_docker_volumes_default)-                             + lookup('vars', postgres_name + '_docker_volumes_custom', default=postgres_docker_volumes_custom) }}"--# Devices-postgres_docker_devices_default: []-postgres_docker_devices_custom: []-postgres_docker_devices: "{{ lookup('vars', postgres_name + '_docker_devices_default', default=postgres_docker_devices_default)-                             + lookup('vars', postgres_name + '_docker_devices_custom', default=postgres_docker_devices_custom) }}"--# Hosts-postgres_docker_hosts_default: {}-postgres_docker_hosts_custom: {}-postgres_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', postgres_name + '_docker_hosts_default', default=postgres_docker_hosts_default))-                           | combine(lookup('vars', postgres_name + '_docker_hosts_custom', default=postgres_docker_hosts_custom)) }}"--# Labels-postgres_docker_labels_default: {}-postgres_docker_labels_custom: {}-postgres_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', postgres_name + '_docker_labels_default', default=postgres_docker_labels_default))-                            | combine(lookup('vars', postgres_name + '_docker_labels_custom', default=postgres_docker_labels_custom)) }}"+postgres_role_docker_volumes_custom: []+postgres_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='postgres')+                                  + lookup('role_var', '_docker_volumes_custom', role='postgres') }}"  # Hostname-postgres_docker_hostname: "{{ postgres_name }}"--# Network Mode-postgres_docker_network_mode_default: "{{ docker_networks_name_common }}"-postgres_docker_network_mode: "{{ lookup('vars', postgres_name + '_docker_network_mode_default', default=postgres_docker_network_mode_default) }}"+postgres_role_docker_hostname: "{{ postgres_name }}"  # Networks-postgres_docker_networks_alias: "{{ postgres_name }}"-postgres_docker_networks_default: []-postgres_docker_networks_custom: []-postgres_docker_networks: "{{ docker_networks_common-                              + lookup('vars', postgres_name + '_docker_networks_default', default=postgres_docker_networks_default)-                              + lookup('vars', postgres_name + '_docker_networks_dcustom', default=postgres_docker_networks_custom) }}"--# Capabilities-postgres_docker_capabilities_default: []-postgres_docker_capabilities_custom: []-postgres_docker_capabilities: "{{ lookup('vars', postgres_name + '_docker_capabilities_default', default=postgres_docker_capabilities_default)-                                  + lookup('vars', postgres_name + '_docker_capabilities_custom', default=postgres_docker_capabilities_custom) }}"--# Security Opts-postgres_docker_security_opts_default: []-postgres_docker_security_opts_custom: []-postgres_docker_security_opts: "{{ lookup('vars', postgres_name + '_docker_security_opts_default', default=postgres_docker_security_opts_default)-                                   + lookup('vars', postgres_name + '_docker_security_opts_custom', default=postgres_docker_security_opts_custom) }}"+postgres_role_docker_networks_alias: "{{ postgres_name }}"+postgres_role_docker_networks_default: []+postgres_role_docker_networks_custom: []+postgres_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='postgres')+                                   + lookup('role_var', '_docker_networks_custom', role='postgres') }}"  # Restart Policy-postgres_docker_restart_policy: unless-stopped+postgres_role_docker_restart_policy: unless-stopped  # State-postgres_docker_state: started+postgres_role_docker_state: started  # User-postgres_docker_user: "{{ uid }}:{{ gid }}"+postgres_role_docker_user: "{{ uid }}:{{ gid }}" -# Memory Limit-postgres_docker_memory: "{{ lookup('vars', postgres_name + '_docker_memory_limit', default=postgres_docker_memory_limit) }}"+# SHM size+postgres_role_docker_shm_size: "128M"

modified

roles/postgres/tasks/main2.yml

@@ -11,28 +11,33 @@   ansible.builtin.set_fact:     postgres_major_version: ""     postgres_docker_tag_major_version: ""-    postgres_original_image_repo: "{{ true if postgres_docker_image_repo == 'postgres' else false }}"+    postgres_original_image_repo: "{{ true if lookup('role_var', '_docker_image_repo', role='postgres') == 'postgres' else false }}"  - name: Supported image repository   when: postgres_original_image_repo   block:-    - name: "Check if '{{ postgres_paths_location }}' exists"+    - name: "Check if '{{ lookup('role_var', '_paths_location', role='postgres') }}' exists"       ansible.builtin.stat:-        path: "{{ postgres_paths_location }}"+        path: "{{ lookup('role_var', '_paths_location', role='postgres') }}"       register: stat_postgres_path +    - name: "Check if '{{ lookup('role_var', '_paths_location', role='postgres') }}/PG_VERSION' exists"+      ansible.builtin.stat:+        path: "{{ lookup('role_var', '_paths_location', role='postgres') }}/PG_VERSION"+      register: stat_postgres_version_path+     - name: Check for upgrade-      when: stat_postgres_path.stat.exists+      when: stat_postgres_path.stat.exists and stat_postgres_version_path.stat.exists       block:         - name: Read PG_VERSION file           ansible.builtin.slurp:-            src: "{{ postgres_paths_location }}/PG_VERSION"+            src: "{{ lookup('role_var', '_paths_location', role='postgres') }}/PG_VERSION"           register: pg_version_file          - name: Define installed and desired Postgres versions           ansible.builtin.set_fact:             postgres_major_version: "{{ pg_version_file['content'] | b64decode | trim }}"-            postgres_docker_tag_major_version: "{{ lookup('vars', postgres_name + '_docker_image_tag', default=postgres_docker_image_tag).split('-')[0] | regex_replace('^([0-9]+).*', '\\1') }}"+            postgres_docker_tag_major_version: "{{ lookup('role_var', '_docker_image_tag', role='postgres').split('-')[0] | regex_replace('^([0-9]+).*', '\\1') }}"          - name: Display PostgreSQL version           ansible.builtin.debug:@@ -42,8 +47,8 @@           ansible.builtin.assert:             that:               - postgres_docker_tag_major_version is regex("^[0-9]+$")-            fail_msg: "Invalid version specified for 'postgres_docker_image_tag': {{ lookup('vars', postgres_name + '_docker_image_tag', default=postgres_docker_image_tag) }}"-            success_msg: "Valid version specified for 'postgres_docker_image_tag': {{ lookup('vars', postgres_name + '_docker_image_tag', default=postgres_docker_image_tag) }}"+            fail_msg: "Invalid version specified for 'postgres_docker_image_tag': {{ lookup('role_var', '_docker_image_tag', role='postgres') }}"+            success_msg: "Valid version specified for 'postgres_docker_image_tag': {{ lookup('role_var', '_docker_image_tag', role='postgres') }}"      - name: Upgrade PostgreSQL       when: stat_postgres_path.stat.exists and (postgres_major_version != postgres_docker_tag_major_version)@@ -56,39 +61,39 @@         - name: Remove existing Docker container           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml" -        - name: "Check if '{{ postgres_paths_location }}_backup' exists"+        - name: "Check if '{{ lookup('role_var', '_paths_location', role='postgres') }}_backup' exists"           ansible.builtin.stat:-            path: "{{ postgres_paths_location }}_backup"+            path: "{{ lookup('role_var', '_paths_location', role='postgres') }}_backup"           register: stat_postgres_backup_path          - name: Fail if backup location already exists           ansible.builtin.fail:             msg:               - "A backup of the postgres folder already exists, clean it up if it was from a previously successful upgrade. Otherwise ask for help on the discord."-              - "Path is {{ postgres_paths_location }}_backup"+              - "Path is {{ lookup('role_var', '_paths_location', role='postgres') }}_backup"           when: stat_postgres_backup_path.stat.exists          - name: Move Postgres data folder-          ansible.builtin.shell: mv "{{ postgres_paths_location }}" "{{ postgres_paths_location }}_backup"+          ansible.builtin.shell: mv "{{ lookup('role_var', '_paths_location', role='postgres') }}" "{{ lookup('role_var', '_paths_location', role='postgres') }}_backup"          - name: Create directories           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml" -        - name: "Create Docker container (Desired tag: {{ lookup('vars', postgres_name + '_docker_image_tag', default=postgres_docker_image_tag) }})"+        - name: "Create Docker container (Desired tag: {{ lookup('role_var', '_docker_image_tag', role='postgres') }})"           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"           vars:-            postgres_docker_container: "{{ postgres_name + '_new' }}"-            postgres_docker_networks_alias: "{{ postgres_name + '_new' }}"+            postgres_role_docker_container: "{{ postgres_name + '_new' }}"+            postgres_role_docker_networks_alias: "{{ postgres_name + '_new' }}"          - name: "Create Docker container (Previous tag: {{ postgres_major_version }}-alpine)"           ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"           vars:-            postgres_docker_container: "{{ postgres_name + '_old' }}"-            postgres_docker_networks_alias: "{{ postgres_name + '_old' }}"-            postgres_docker_image: "{{ lookup('vars', postgres_name + '_docker_image_repo', default=postgres_docker_image_repo)-                                      + ':' + postgres_major_version + '-alpine' }}"-            postgres_docker_volumes_default:-              - "{{ postgres_paths_location }}_backup:/data"+            postgres_role_docker_container: "{{ postgres_name + '_old' }}"+            postgres_role_docker_networks_alias: "{{ postgres_name + '_old' }}"+            postgres_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='postgres')+                                            + ':' + postgres_major_version + '-alpine' }}"+            postgres_role_docker_volumes_default:+              - "{{ postgres_role_paths_location }}_backup:/data"               - "/etc/passwd:/etc/passwd:ro"          - name: Sleep for 60 seconds@@ -111,13 +116,16 @@          - name: Update user password for SCRAM authentication in new container           ansible.builtin.shell: |-            docker exec {{ postgres_name }}_new psql -U {{ lookup('vars', postgres_name + '_docker_env_user', default=postgres_docker_env_user) }} -d {{ lookup('vars', postgres_name + '_docker_env_db', default=postgres_docker_env_db) }} -c "ALTER USER {{ lookup('vars', postgres_name + '_docker_env_user', default=postgres_docker_env_user) }} WITH PASSWORD '{{ lookup('vars', postgres_name + '_docker_env_password', default=postgres_docker_env_password) }}';"+            docker exec {{ postgres_name }}_new psql -U {{ postgres_role_docker_env_user_effective }} -d {{ lookup('role_var', '_docker_env_db', role='postgres') }} -c "ALTER USER {{ postgres_role_docker_env_user_effective }} WITH PASSWORD '{{ postgres_role_docker_env_password_effective }}';"           when: (postgres_major_version | int < 14) and (postgres_docker_tag_major_version | int >= 14)          - name: Remove temporary containers           community.docker.docker_container:             name: "{{ item }}"             state: absent+            container_default_behavior: compatibility+            stop_timeout: "{{ lookup('role_var', '_docker_stop_timeout', default='180') }}"+            tls_hostname: localhost           loop:             - "{{ postgres_name }}_old"             - "{{ postgres_name }}_new"

modified

roles/pre_tasks/tasks/main.yml

@@ -8,10 +8,10 @@ ######################################################################### --- - name: APT Tasks-  ansible.builtin.import_tasks: "subtasks/apt.yml"+  ansible.builtin.include_tasks: "subtasks/apt.yml"  - name: Git Tasks-  ansible.builtin.import_tasks: "subtasks/git.yml"+  ansible.builtin.include_tasks: "subtasks/git.yml"  - name: Variables Tasks   ansible.builtin.include_tasks: "subtasks/variables.yml"

modified

roles/pre_tasks/tasks/subtasks/git.yml

@@ -23,5 +23,5 @@   when: ('preinstall' in ansible_run_tags) or (not '/srv/git/sb' in git_config.stdout)  - name: Git | Set Sandbox repository as safe directory-  ansible.builtin.shell: git config --global --add safe.directory /opt/sandbox-  when: ('preinstall' in ansible_run_tags) or (not '/opt/sandbox' in git_config.stdout)+  ansible.builtin.shell: git config --global --add safe.directory {{ server_appdata_path }}/sandbox+  when: ('preinstall' in ansible_run_tags) or (not server_appdata_path + '/sandbox' in git_config.stdout)

modified

roles/pre_tasks/tasks/subtasks/variables.yml

@@ -16,10 +16,10 @@   with_items: "{{ pre_tasks_saltbox_roles.stdout_lines }}"  - name: Sandbox-  when: (playbook_dir == "/opt/saltbox_mod")+  when: (playbook_dir == pre_tasks_saltbox_mod_location)   block:     - name: Find Sandbox roles-      ansible.builtin.shell: "find /opt/sandbox/roles -type d -name 'defaults'"+      ansible.builtin.shell: "find {{ server_appdata_path }}/sandbox/roles -type d -name 'defaults'"       register: pre_tasks_sandbox_roles      - name: Include Sandbox role default vars

modified

roles/prometheus/defaults/main.yml

@@ -18,143 +18,112 @@ ################################ # https://prometheus.io/docs/prometheus/latest/storage/ -prometheus_retention: "15d"-prometheus_size: "0"+prometheus_role_retention: "15d"+prometheus_role_size: "0"  ################################ # Paths ################################ -prometheus_paths_folder: "{{ prometheus_name }}"-prometheus_paths_location: "{{ server_appdata_path }}/{{ prometheus_paths_folder }}"-prometheus_config_path: "{{ prometheus_paths_location }}/prometheus.yml"-prometheus_paths_folders_list:-  - "{{ prometheus_paths_location }}"-  - "{{ prometheus_paths_location }}/data"+prometheus_role_paths_folder: "{{ prometheus_name }}"+prometheus_role_paths_location: "{{ server_appdata_path }}/{{ prometheus_role_paths_folder }}"+prometheus_role_paths_config_path: "{{ prometheus_role_paths_location }}/prometheus.yml"+prometheus_role_paths_folders_list:+  - "{{ prometheus_role_paths_location }}"+  - "{{ prometheus_role_paths_location }}/data"  ################################ # Web ################################ -prometheus_web_subdomain: "{{ prometheus_name }}"-prometheus_web_domain: "{{ user.domain }}"-prometheus_web_port: "9090"-prometheus_web_url: "{{ 'https://' + (prometheus_web_subdomain + '.' + prometheus_web_domain-                     if (prometheus_web_subdomain | length > 0)-                     else prometheus_web_domain) }}"+prometheus_role_web_subdomain: "{{ prometheus_name }}"+prometheus_role_web_domain: "{{ user.domain }}"+prometheus_role_web_port: "9090"+prometheus_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='prometheus') + '.' + lookup('role_var', '_web_domain', role='prometheus')+                          if (lookup('role_var', '_web_subdomain', role='prometheus') | length > 0)+                          else lookup('role_var', '_web_domain', role='prometheus')) }}"  ################################ # DNS ################################ -prometheus_dns_record: "{{ prometheus_web_subdomain }}"-prometheus_dns_zone: "{{ prometheus_web_domain }}"-prometheus_dns_proxy: "{{ dns.proxied }}"+prometheus_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='prometheus') }}"+prometheus_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='prometheus') }}"+prometheus_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -prometheus_traefik_sso_middleware: ""-prometheus_traefik_middleware_default: "{{ traefik_default_middleware + ',prometheus-auth' }}"-prometheus_traefik_middleware_custom: ""-prometheus_traefik_certresolver: "{{ traefik_default_certresolver }}"-prometheus_traefik_enabled: true-prometheus_traefik_api_enabled: false-prometheus_traefik_api_endpoint: ""+prometheus_role_traefik_sso_middleware: ""+prometheus_role_traefik_middleware_default: "{{ traefik_default_middleware + ',prometheus-auth' }}"+prometheus_role_traefik_middleware_custom: ""+prometheus_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+prometheus_role_traefik_enabled: true+prometheus_role_traefik_api_enabled: false+prometheus_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-prometheus_docker_container: "{{ prometheus_name }}"+prometheus_role_docker_container: "{{ prometheus_name }}"  # Image-prometheus_docker_image_pull: true-prometheus_docker_image_tag: "latest"-prometheus_docker_image: "prom/prometheus:{{ prometheus_docker_image_tag }}"--# Ports-prometheus_docker_ports_defaults: []-prometheus_docker_ports_custom: []-prometheus_docker_ports: "{{ prometheus_docker_ports_defaults-                             + prometheus_docker_ports_custom }}"+prometheus_role_docker_image_pull: true+prometheus_role_docker_image_tag: "latest"+prometheus_role_docker_image_repo: "prom/prometheus"+prometheus_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='prometheus') }}:{{ lookup('role_var', '_docker_image_tag', role='prometheus') }}"  # Envs-prometheus_docker_envs_default:+prometheus_role_docker_envs_default:   TZ: "{{ tz }}"-prometheus_docker_envs_custom: {}-prometheus_docker_envs: "{{ prometheus_docker_envs_default-                            | combine(prometheus_docker_envs_custom) }}"+prometheus_role_docker_envs_custom: {}+prometheus_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='prometheus')+                                 | combine(lookup('role_var', '_docker_envs_custom', role='prometheus')) }}"  # Commands-prometheus_docker_commands_default:+prometheus_role_docker_commands_default:   - "--config.file=/etc/prometheus/prometheus.yml"   - "--storage.tsdb.path=/data"-  - "--storage.tsdb.retention.time={{ prometheus_retention }}"-  - "--storage.tsdb.retention.size={{ prometheus_size }}"-prometheus_docker_commands_custom: []-prometheus_docker_commands: "{{ prometheus_docker_commands_default-                                + prometheus_docker_commands_custom }}"+  - "--storage.tsdb.retention.time={{ lookup('role_var', '_retention', role='prometheus') }}"+  - "--storage.tsdb.retention.size={{ lookup('role_var', '_size', role='prometheus') }}"+prometheus_role_docker_commands_custom: []+prometheus_role_docker_commands: "{{ lookup('role_var', '_docker_commands_default', role='prometheus')+                                     + lookup('role_var', '_docker_commands_custom', role='prometheus') }}"  # Volumes-prometheus_docker_volumes_default:-  - "{{ prometheus_paths_location }}:/etc/prometheus"-  - "{{ prometheus_paths_location }}/data:/data"-prometheus_docker_volumes_custom: []-prometheus_docker_volumes: "{{ prometheus_docker_volumes_default-                               + prometheus_docker_volumes_custom }}"--# Devices-prometheus_docker_devices_default: []-prometheus_docker_devices_custom: []-prometheus_docker_devices: "{{ prometheus_docker_devices_default-                               + prometheus_docker_devices_custom }}"--# Hosts-prometheus_docker_hosts_default: {}-prometheus_docker_hosts_custom: {}-prometheus_docker_hosts: "{{ docker_hosts_common-                             | combine(prometheus_docker_hosts_default)-                             | combine(prometheus_docker_hosts_custom) }}"+prometheus_role_docker_volumes_default:+  - "{{ prometheus_role_paths_location }}:/etc/prometheus"+  - "{{ prometheus_role_paths_location }}/data:/data"+prometheus_role_docker_volumes_custom: []+prometheus_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='prometheus')+                                    + lookup('role_var', '_docker_volumes_custom', role='prometheus') }}"  # Labels-prometheus_docker_labels_default:+prometheus_role_docker_labels_default:   traefik.http.middlewares.prometheus-auth.basicauth.usersfile: "/etc/traefik/auth"-prometheus_docker_labels_custom: {}-prometheus_docker_labels: "{{ docker_labels_common-                              | combine(prometheus_docker_labels_default)-                              | combine(prometheus_docker_labels_custom) }}"+prometheus_role_docker_labels_custom: {}+prometheus_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='prometheus')+                                   | combine(lookup('role_var', '_docker_labels_custom', role='prometheus')) }}"  # Hostname-prometheus_docker_hostname: "{{ prometheus_name }}"+prometheus_role_docker_hostname: "{{ prometheus_name }}"  # Networks-prometheus_docker_networks_alias: "{{ prometheus_name }}"-prometheus_docker_networks_default: []-prometheus_docker_networks_custom: []-prometheus_docker_networks: "{{ docker_networks_common-                                + prometheus_docker_networks_default-                                + prometheus_docker_networks_custom }}"--# Capabilities-prometheus_docker_capabilities_default: []-prometheus_docker_capabilities_custom: []-prometheus_docker_capabilities: "{{ prometheus_docker_capabilities_default-                                    + prometheus_docker_capabilities_custom }}"--# Security Opts-prometheus_docker_security_opts_default: []-prometheus_docker_security_opts_custom: []-prometheus_docker_security_opts: "{{ prometheus_docker_security_opts_default-                                     + prometheus_docker_security_opts_custom }}"+prometheus_role_docker_networks_alias: "{{ prometheus_name }}"+prometheus_role_docker_networks_default: []+prometheus_role_docker_networks_custom: []+prometheus_role_docker_networks: "{{ docker_networks_common+                                     + lookup('role_var', '_docker_networks_default', role='prometheus')+                                     + lookup('role_var', '_docker_networks_custom', role='prometheus') }}"  # Restart Policy-prometheus_docker_restart_policy: unless-stopped+prometheus_role_docker_restart_policy: unless-stopped  # State-prometheus_docker_state: started+prometheus_role_docker_state: started  # User-prometheus_docker_user: "{{ uid }}:{{ gid }}"+prometheus_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/prometheus/tasks/main.yml

@@ -18,9 +18,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -31,7 +31,7 @@ - name: Import 'prometheus.yml'   ansible.builtin.template:     src: prometheus.yml.j2-    dest: "{{ prometheus_config_path }}"+    dest: "{{ lookup('role_var', '_paths_config_path', role='prometheus') }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0644"

modified

roles/prometheus/templates/prometheus.yml.j2

@@ -10,7 +10,7 @@     static_configs:       - targets: ['cadvisor:8080'] -{% if traefik.metrics %}+{% if lookup('role_var', '_metrics_enabled', role='traefik') %}   - job_name: traefik     scheme: https     metrics_path: /prometheus@@ -18,5 +18,5 @@         username: '{{ user.name }}'         password: '{{ user.pass }}'     static_configs:-      - targets: ['{{ traefik_metrics_subdomain }}.{{ traefik_metrics_domain }}']+      - targets: ['{{ lookup('role_var', '_metrics_subdomain', role='traefik') }}.{{ lookup('role_var', '_metrics_domain', role='traefik') }}'] {% endif %}

modified

roles/prowlarr/defaults/main.yml

@@ -17,151 +17,114 @@ # Settings ################################ -prowlarr_external_auth: true+prowlarr_role_external_auth: true  ################################ # Paths ################################ -prowlarr_paths_folder: "{{ prowlarr_name }}"-prowlarr_paths_location: "{{ server_appdata_path }}/{{ prowlarr_paths_folder }}"-prowlarr_paths_folders_list:-  - "{{ prowlarr_paths_location }}"+prowlarr_role_paths_folder: "{{ prowlarr_name }}"+prowlarr_role_paths_location: "{{ server_appdata_path }}/{{ prowlarr_role_paths_folder }}"+prowlarr_role_paths_folders_list:+  - "{{ prowlarr_role_paths_location }}"  ################################ # Web ################################ -prowlarr_web_subdomain: "{{ prowlarr_name }}"-prowlarr_web_domain: "{{ user.domain }}"-prowlarr_web_port: "9696"-prowlarr_web_url: "{{ 'https://' + (prowlarr_web_subdomain + '.' + prowlarr_web_domain-                   if (prowlarr_web_subdomain | length > 0)-                   else prowlarr_web_domain) }}"+prowlarr_role_web_subdomain: "{{ prowlarr_name }}"+prowlarr_role_web_domain: "{{ user.domain }}"+prowlarr_role_web_port: "9696"+prowlarr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='prowlarr') + '.' + lookup('role_var', '_web_domain', role='prowlarr')+                        if (lookup('role_var', '_web_subdomain', role='prowlarr') | length > 0)+                        else lookup('role_var', '_web_domain', role='prowlarr')) }}"  ################################ # DNS ################################ -prowlarr_dns_record: "{{ prowlarr_web_subdomain }}"-prowlarr_dns_zone: "{{ prowlarr_web_domain }}"-prowlarr_dns_proxy: "{{ dns.proxied }}"+prowlarr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='prowlarr') }}"+prowlarr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='prowlarr') }}"+prowlarr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -prowlarr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-prowlarr_traefik_middleware_default: "{{ traefik_default_middleware-                                        + (',themepark-' + lookup('vars', prowlarr_name + '_name', default=prowlarr_name)-                                          if (prowlarr_themepark_enabled and global_themepark_plugin_enabled)-                                          else '') }}"-prowlarr_traefik_middleware_custom: ""-prowlarr_traefik_certresolver: "{{ traefik_default_certresolver }}"-prowlarr_traefik_enabled: true-prowlarr_traefik_api_enabled: true-prowlarr_traefik_api_endpoint: "PathRegexp(`/[0-9]+/api`) || PathRegexp(`/[0-9]+/download`) || PathPrefix(`/api`) || PathPrefix(`/ping`)"+prowlarr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+prowlarr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                              + (',themepark-' + prowlarr_name+                                                if (lookup('role_var', '_themepark_enabled', role='prowlarr') and global_themepark_plugin_enabled)+                                                else '') }}"+prowlarr_role_traefik_middleware_custom: ""+prowlarr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+prowlarr_role_traefik_enabled: true+prowlarr_role_traefik_api_enabled: true+prowlarr_role_traefik_api_endpoint: "PathRegexp(`/[0-9]+/api`) || PathRegexp(`/[0-9]+/download`) || PathPrefix(`/api`) || PathPrefix(`/ping`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-prowlarr_themepark_enabled: false-prowlarr_themepark_app: "prowlarr"-prowlarr_themepark_theme: "{{ global_themepark_theme }}"-prowlarr_themepark_domain: "{{ global_themepark_domain }}"-prowlarr_themepark_addons: []+prowlarr_role_themepark_enabled: false+prowlarr_role_themepark_app: "prowlarr"+prowlarr_role_themepark_theme: "{{ global_themepark_theme }}"+prowlarr_role_themepark_domain: "{{ global_themepark_domain }}"+prowlarr_role_themepark_addons: []  ################################ # Docker ################################  # Container-prowlarr_docker_container: "{{ prowlarr_name }}"+prowlarr_role_docker_container: "{{ prowlarr_name }}"  # Image-prowlarr_docker_image_pull: true-prowlarr_docker_image_tag: "release"-prowlarr_docker_image: "ghcr.io/hotio/prowlarr:{{ prowlarr_docker_image_tag }}"--# Ports-prowlarr_docker_ports_defaults: []-prowlarr_docker_ports_custom: []-prowlarr_docker_ports: "{{ prowlarr_docker_ports_defaults-                           + prowlarr_docker_ports_custom }}"+prowlarr_role_docker_image_pull: true+prowlarr_role_docker_image_tag: "release"+prowlarr_role_docker_image_repo: "ghcr.io/hotio/prowlarr"+prowlarr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='prowlarr') }}:{{ lookup('role_var', '_docker_image_tag', role='prowlarr') }}"  # Envs-prowlarr_docker_envs_default:+prowlarr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-prowlarr_docker_envs_custom: {}-prowlarr_docker_envs: "{{ prowlarr_docker_envs_default-                          | combine(prowlarr_docker_envs_custom) }}"--# Commands-prowlarr_docker_commands_default: []-prowlarr_docker_commands_custom: []-prowlarr_docker_commands: "{{ prowlarr_docker_commands_default-                              + prowlarr_docker_commands_custom }}"+prowlarr_role_docker_envs_custom: {}+prowlarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='prowlarr')+                               | combine(lookup('role_var', '_docker_envs_custom', role='prowlarr')) }}"  # Volumes-prowlarr_docker_volumes_default:-  - "{{ prowlarr_paths_location }}:/config"-prowlarr_docker_volumes_custom: []-prowlarr_docker_volumes: "{{ prowlarr_docker_volumes_default-                             + prowlarr_docker_volumes_custom }}"--# Devices-prowlarr_docker_devices_default: []-prowlarr_docker_devices_custom: []-prowlarr_docker_devices: "{{ prowlarr_docker_devices_default-                             + prowlarr_docker_devices_custom }}"--# Hosts-prowlarr_docker_hosts_default: {}-prowlarr_docker_hosts_custom: {}-prowlarr_docker_hosts: "{{ docker_hosts_common-                           | combine(prowlarr_docker_hosts_default)-                           | combine(prowlarr_docker_hosts_custom) }}"+prowlarr_role_docker_volumes_default:+  - "{{ prowlarr_role_paths_location }}:/config"+prowlarr_role_docker_volumes_custom: []+prowlarr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='prowlarr')+                                  + lookup('role_var', '_docker_volumes_custom', role='prowlarr') }}"  # Labels-prowlarr_docker_labels_default: {}-prowlarr_docker_labels_custom: {}-prowlarr_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', prowlarr_name + '_docker_labels_default', default=prowlarr_docker_labels_default))-                            | combine((traefik_themepark_labels-                                      if (prowlarr_themepark_enabled and global_themepark_plugin_enabled)-                                      else {}),-                                      lookup('vars', prowlarr_name + '_docker_labels_custom', default=prowlarr_docker_labels_custom)) }}"+prowlarr_role_docker_labels_default: {}+prowlarr_role_docker_labels_custom: {}+prowlarr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='prowlarr')+                                 | combine((traefik_themepark_labels+                                           if (lookup('role_var', '_themepark_enabled', role='prowlarr') and global_themepark_plugin_enabled)+                                           else {}),+                                           lookup('role_var', '_docker_labels_custom', role='prowlarr')) }}"  # Hostname-prowlarr_docker_hostname: "{{ prowlarr_name }}"+prowlarr_role_docker_hostname: "{{ prowlarr_name }}"  # Networks-prowlarr_docker_networks_alias: "{{ prowlarr_name }}"-prowlarr_docker_networks_default: []-prowlarr_docker_networks_custom: []-prowlarr_docker_networks: "{{ docker_networks_common-                              + prowlarr_docker_networks_default-                              + prowlarr_docker_networks_custom }}"--# Capabilities-prowlarr_docker_capabilities_default: []-prowlarr_docker_capabilities_custom: []-prowlarr_docker_capabilities: "{{ prowlarr_docker_capabilities_default-                                  + prowlarr_docker_capabilities_custom }}"--# Security Opts-prowlarr_docker_security_opts_default: []-prowlarr_docker_security_opts_custom: []-prowlarr_docker_security_opts: "{{ prowlarr_docker_security_opts_default-                                   + prowlarr_docker_security_opts_custom }}"+prowlarr_role_docker_networks_alias: "{{ prowlarr_name }}"+prowlarr_role_docker_networks_default: []+prowlarr_role_docker_networks_custom: []+prowlarr_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='prowlarr')+                                   + lookup('role_var', '_docker_networks_custom', role='prowlarr') }}"  # Restart Policy-prowlarr_docker_restart_policy: unless-stopped+prowlarr_role_docker_restart_policy: unless-stopped  # State-prowlarr_docker_state: started+prowlarr_role_docker_state: started

modified

roles/prowlarr/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -24,5 +24,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: "Tweak Settings when SSO is enabled"-  ansible.builtin.import_tasks: "subtasks/auth.yml"-  when: (prowlarr_traefik_sso_middleware | length > 0) and prowlarr_external_auth+  ansible.builtin.include_tasks: "subtasks/auth.yml"+  when: (lookup('role_var', '_traefik_sso_middleware', role='prowlarr') | length > 0) and lookup('role_var', '_external_auth', role='prowlarr')

modified

roles/prowlarr/tasks/subtasks/auth.yml

@@ -9,7 +9,7 @@ --- - name: Auth | Wait for 'config.xml' to be created   ansible.builtin.wait_for:-    path: "/opt/{{ prowlarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ prowlarr_name }}/config.xml"     state: present  - name: Auth | Wait for 10 seconds@@ -18,7 +18,7 @@  - name: Auth | Lookup AuthenticationMethod value   community.general.xml:-    path: "/opt/{{ prowlarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ prowlarr_name }}/config.xml"     xpath: "/Config/AuthenticationMethod"     content: "text"   register: xmlresp@@ -28,7 +28,7 @@   block:     - name: Auth | Change the 'AuthenticationMethod' attribute to 'External'       community.general.xml:-        path: "/opt/{{ prowlarr_name }}/config.xml"+        path: "{{ server_appdata_path }}/{{ prowlarr_name }}/config.xml"         xpath: "/Config/AuthenticationMethod"         value: "External"

modified

roles/python/tasks/main.yml

@@ -20,11 +20,11 @@   ansible.builtin.set_fact:     expected_system_python: >-       {{ '3.8'-      if (ansible_distribution_version is version('20.04', '=='))+      if (ansible_facts['distribution_version'] is version('20.04', '=='))       else '3.10'-        if (ansible_distribution_version is version('22.04', '=='))+        if (ansible_facts['distribution_version'] is version('22.04', '=='))         else '3.12'-          if (ansible_distribution_version is version('24.04', '=='))+          if (ansible_facts['distribution_version'] is version('24.04', '=='))           else 'unknown' }}  - name: Assert system Python matches Ubuntu release@@ -33,11 +33,11 @@       - system_python_short == expected_system_python     fail_msg: |       System Python version mismatch detected!-      Expected Python {{ expected_system_python }} for Ubuntu {{ ansible_distribution_version }}+      Expected Python {{ expected_system_python }} for Ubuntu {{ ansible_facts['distribution_version'] }}       but found Python {{ system_python_short }}.       The system Python version has been changed from the default.       This role cannot safely proceed with cleanup.-    success_msg: "System Python {{ system_python_short }} matches expected version {{ expected_system_python }} for Ubuntu {{ ansible_distribution_version }}"+    success_msg: "System Python {{ system_python_short }} matches expected version {{ expected_system_python }} for Ubuntu {{ ansible_facts['distribution_version'] }}"  - name: Legacy Deadsnakes cleanup   when:

modified

roles/qbittorrent/defaults/main.yml

@@ -11,220 +11,188 @@ ################################  qbittorrent_instances: ["qbittorrent"]-qbittorrent_host_install: false  ################################ # Settings ################################ -qbittorrent_webui_custom_headers_enabled: "{{ 'true' if qbittorrent_themepark_enabled and global_themepark_plugin_enabled else 'false' }}"-qbittorrent_webui_custom_headers_default: "{{ (qbittorrent_themepark_headers if qbittorrent_themepark_enabled and global_themepark_plugin_enabled else '') + qbittorrent_webui_custom_headers_custom }}"-qbittorrent_webui_custom_headers_custom: ""-qbittorrent_webui_custom_headers: "{{ (qbittorrent_webui_custom_headers_default | trim + ' ' + qbittorrent_webui_custom_headers_custom | trim) | trim }}"+qbittorrent_role_host_install: false+qbittorrent_role_webui_custom_headers_enabled: "{{ 'true' if lookup('role_var', '_themepark_enabled', role='qbittorrent') and global_themepark_plugin_enabled else 'false' }}"+qbittorrent_role_webui_custom_headers_default: "{{ (qbittorrent_role_themepark_headers if lookup('role_var', '_themepark_enabled', role='qbittorrent') and global_themepark_plugin_enabled else '') }}"+qbittorrent_role_webui_custom_headers_custom: ""+qbittorrent_role_webui_custom_headers: "{{ (lookup('role_var', '_webui_custom_headers_default', role='qbittorrent') | trim + ' ' + lookup('role_var', '_webui_custom_headers_custom', role='qbittorrent') | trim) | trim }}" # Options are: Delete or MoveToTrash-qbittorrent_torrent_content_remove_option: "Delete"+qbittorrent_role_torrent_content_remove_option: "Delete"  ################################ # Host Install ################################  # Options are: libtorrent1 (latest), libtorrent2 (latest) or legacy (4.3.9)-qbittorrent_host_branch: libtorrent1+qbittorrent_role_host_branch: libtorrent1 # Example being "release-4.4.5_v1.2.18" # If this is set then the above branch logic is ignored-qbittorrent_host_specific_version: ""+qbittorrent_role_host_specific_version: ""  # Lookup variables-qbittorrent_host_download_endpoint: "{{ 'https://github.com/userdocs/qbittorrent-nox-static/releases/download/'-                                     if qbittorrent_host_branch != 'legacy'-                                     else 'https://github.com/userdocs/qbittorrent-nox-static-legacy/releases/download/' }}"-qbittorrent_host_download_url: "{{ qbittorrent_host_download_endpoint }}{{ qbittorrent_host_specific_version-                                                                        if (qbittorrent_host_specific_version | length > 0)-                                                                        else qbittorret_release_version.stdout }}/x86_64-qbittorrent-nox"-qbittorrent_host_release_url: "{{ 'https://github.com/userdocs/qbittorrent-nox-static/releases/latest/download/dependency-version.json'-                               if qbittorrent_host_branch != 'legacy'-                               else 'https://github.com/userdocs/qbittorrent-nox-static-legacy/releases/latest/download/dependency-version.json' }}"-qbittorrent_host_lookup_libtorrent1: 'release-\(.qbittorrent)_v\(.libtorrent_1_2)'-qbittorrent_host_lookup_libtorrent2: 'release-\(.qbittorrent)_v\(.libtorrent_2_0)'-qbittorrent_host_release_lookup: "{{ qbittorrent_host_lookup_libtorrent2-                                  if qbittorrent_host_branch == 'libtorrent2'-                                  else qbittorrent_host_lookup_libtorrent1 }}"-qbittorrent_host_version: |-  curl -sL {{ qbittorrent_host_release_url }} | jq -r '. | "{{ qbittorrent_host_release_lookup }}"'+qbittorrent_role_host_download_endpoint: "{{ 'https://github.com/userdocs/qbittorrent-nox-static/releases/download/'+                                          if lookup('role_var', '_host_branch', role='qbittorrent') != 'legacy'+                                          else 'https://github.com/userdocs/qbittorrent-nox-static-legacy/releases/download/' }}"+qbittorrent_role_host_download_url: "{{ lookup('role_var', '_host_download_endpoint', role='qbittorrent') }}{{ lookup('role_var', '_host_specific_version', role='qbittorrent')+                                                                                                            if (lookup('role_var', '_host_specific_version', role='qbittorrent') | length > 0)+                                                                                                            else qbittorrent_release_version.stdout }}/x86_64-qbittorrent-nox"+qbittorrent_role_host_release_url: "{{ 'https://github.com/userdocs/qbittorrent-nox-static/releases/latest/download/dependency-version.json'+                                    if lookup('role_var', '_host_branch', role='qbittorrent') != 'legacy'+                                    else 'https://github.com/userdocs/qbittorrent-nox-static-legacy/releases/latest/download/dependency-version.json' }}"+qbittorrent_role_host_lookup_libtorrent1: 'release-\(.qbittorrent)_v\(.libtorrent_1_2)'+qbittorrent_role_host_lookup_libtorrent2: 'release-\(.qbittorrent)_v\(.libtorrent_2_0)'+qbittorrent_role_host_release_lookup: "{{ qbittorrent_role_host_lookup_libtorrent2+                                       if lookup('role_var', '_host_branch', role='qbittorrent') == 'libtorrent2'+                                       else qbittorrent_role_host_lookup_libtorrent1 }}"+qbittorrent_role_host_version: |+  curl -sL {{ lookup('role_var', '_host_release_url', role='qbittorrent') }} | jq -r '. | "{{ lookup('role_var', '_host_release_lookup', role='qbittorrent') }}"' -qbittorent_service_name: "saltbox_managed_{{ qbittorrent_name }}.service"+qbittorrent_role_service_name: "saltbox_managed_{{ qbittorrent_name }}.service"+qbittorrent_role_service_after: "network-online.target docker.service"+qbittorrent_role_service_requires: "network-online.target docker.service"+qbittorrent_role_service_wants: ""+qbittorrent_role_service_partof: "docker.service"  ################################ # Paths ################################ -qbittorrent_paths_folder: "{{ qbittorrent_name }}"-qbittorrent_paths_location: "{{ server_appdata_path }}/{{ qbittorrent_paths_folder }}"-qbittorrent_paths_downloads_location: "{{ downloads_torrents_path }}/{{ qbittorrent_paths_folder }}"-qbittorrent_paths_conf: "{{ qbittorrent_paths_location }}/qBittorrent/qBittorrent.conf"-qbittorrent_paths_folders_list:-  - "{{ qbittorrent_paths_location }}"-  - "{{ qbittorrent_paths_downloads_location }}"-  - "{{ qbittorrent_paths_downloads_location }}/completed"-  - "{{ qbittorrent_paths_downloads_location }}/incoming"-  - "{{ qbittorrent_paths_downloads_location }}/watched"-  - "{{ qbittorrent_paths_downloads_location }}/torrents"+qbittorrent_role_paths_folder: "{{ qbittorrent_name }}"+qbittorrent_role_paths_location: "{{ server_appdata_path }}/{{ qbittorrent_role_paths_folder }}"+qbittorrent_role_paths_downloads_location: "{{ downloads_torrents_path }}/{{ qbittorrent_role_paths_folder }}"+qbittorrent_role_paths_conf: "{{ qbittorrent_role_paths_location }}/qBittorrent/qBittorrent.conf"+qbittorrent_role_paths_folders_list:+  - "{{ qbittorrent_role_paths_location }}"+  - "{{ qbittorrent_role_paths_downloads_location }}"+  - "{{ qbittorrent_role_paths_downloads_location }}/completed"+  - "{{ qbittorrent_role_paths_downloads_location }}/incoming"+  - "{{ qbittorrent_role_paths_downloads_location }}/watched"+  - "{{ qbittorrent_role_paths_downloads_location }}/torrents"  ################################ # Web ################################ -qbittorrent_web_subdomain: "{{ qbittorrent_name }}"-qbittorrent_web_domain: "{{ user.domain }}"-qbittorrent_web_port: "8080"-qbittorrent_web_url: "{{ 'https://' + (lookup('vars', qbittorrent_name + '_web_subdomain', default=qbittorrent_web_subdomain) + '.' + lookup('vars', qbittorrent_name + '_web_domain', default=qbittorrent_web_domain)-                      if (lookup('vars', qbittorrent_name + '_web_subdomain', default=qbittorrent_web_subdomain) | length > 0)-                      else lookup('vars', qbittorrent_name + '_web_domain', default=qbittorrent_web_domain)) }}"+qbittorrent_role_web_subdomain: "{{ qbittorrent_name }}"+qbittorrent_role_web_domain: "{{ user.domain }}"+qbittorrent_role_web_port: "8080"+qbittorrent_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='qbittorrent') + '.' + lookup('role_var', '_web_domain', role='qbittorrent')+                           if (lookup('role_var', '_web_subdomain', role='qbittorrent') | length > 0)+                           else lookup('role_var', '_web_domain', role='qbittorrent')) }}"  ################################ # DNS ################################ -qbittorrent_dns_record: "{{ lookup('vars', qbittorrent_name + '_web_subdomain', default=qbittorrent_web_subdomain) }}"-qbittorrent_dns_zone: "{{ lookup('vars', qbittorrent_name + '_web_domain', default=qbittorrent_web_domain) }}"-qbittorrent_dns_proxy: "{{ dns.proxied }}"+qbittorrent_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='qbittorrent') }}"+qbittorrent_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='qbittorrent') }}"+qbittorrent_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -qbittorrent_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-qbittorrent_traefik_middleware_default: "{{ traefik_default_middleware-                                            + (',themepark-' + lookup('vars', qbittorrent_name + '_name', default=qbittorrent_name)-                                              if (qbittorrent_themepark_enabled and global_themepark_plugin_enabled)-                                              else '') }}"-qbittorrent_traefik_middleware_custom: ""-qbittorrent_traefik_certresolver: "{{ traefik_default_certresolver }}"-qbittorrent_traefik_enabled: true-qbittorrent_traefik_api_enabled: true-qbittorrent_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/command`) || PathPrefix(`/query`) || PathPrefix(`/login`) || PathPrefix(`/sync`)"+qbittorrent_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+qbittorrent_role_traefik_middleware_default: "{{ traefik_default_middleware+                                                 + (',themepark-' + qbittorrent_name+                                                   if (lookup('role_var', '_themepark_enabled', role='qbittorrent') and global_themepark_plugin_enabled)+                                                   else '') }}"+qbittorrent_role_traefik_middleware_custom: ""+qbittorrent_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+qbittorrent_role_traefik_enabled: true+qbittorrent_role_traefik_api_enabled: true+qbittorrent_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/command`) || PathPrefix(`/query`) || PathPrefix(`/login`) || PathPrefix(`/sync`)"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-qbittorrent_themepark_enabled: false-qbittorrent_themepark_app: "qbittorrent"-qbittorrent_themepark_theme: "{{ global_themepark_theme }}"-qbittorrent_themepark_domain: "{{ global_themepark_domain }}"-qbittorrent_themepark_addons: []-qbittorrent_themepark_headers: "\"content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' theme-park.dev raw.githubusercontent.com use.fontawesome.com; img-src 'self' theme-park.dev raw.githubusercontent.com data:; script-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; font-src use.fontawesome.com;\""+qbittorrent_role_themepark_enabled: false+qbittorrent_role_themepark_app: "qbittorrent"+qbittorrent_role_themepark_theme: "{{ global_themepark_theme }}"+qbittorrent_role_themepark_domain: "{{ global_themepark_domain }}"+qbittorrent_role_themepark_addons: []+qbittorrent_role_themepark_headers: "\"content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline' theme-park.dev raw.githubusercontent.com use.fontawesome.com; img-src 'self' theme-park.dev raw.githubusercontent.com data:; script-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; font-src use.fontawesome.com;\""  ################################ # Docker ################################  # Container-qbittorrent_docker_container: "{{ qbittorrent_name }}"+qbittorrent_role_docker_container: "{{ qbittorrent_name }}"  # Image-qbittorrent_docker_image_pull: true-qbittorrent_docker_image_repo: "saltydk/qbittorrent"-qbittorrent_docker_image_tag: "latest"-qbittorrent_docker_image: "{{ lookup('vars', qbittorrent_name + '_docker_image_repo', default=qbittorrent_docker_image_repo)-                              + ':' + lookup('vars', qbittorrent_name + '_docker_image_tag', default=qbittorrent_docker_image_tag) }}"+qbittorrent_role_docker_image_pull: true+qbittorrent_role_docker_image_repo: "saltydk/qbittorrent"+qbittorrent_role_docker_image_tag: "latest"+qbittorrent_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='qbittorrent') }}:{{ lookup('role_var', '_docker_image_tag', role='qbittorrent') }}"  # Ports-qbittorrent_docker_ports_56881: "{{ port_lookup_56881.meta.port-                                 if (port_lookup_56881.meta.port is defined) and (port_lookup_56881.meta.port | trim | length > 0)-                                 else '56881' }}"-qbittorrent_docker_ports_8080: "{{ port_lookup_8080.meta.port-                                if (port_lookup_8080.meta.port is defined) and (port_lookup_8080.meta.port | trim | length > 0)-                                else '8090' }}"-qbittorrent_web_port_lookup: "{{ lookup('vars', qbittorrent_name + '_web_port', default=qbittorrent_web_port) }}"+qbittorrent_role_docker_ports_56881: "{{ port_lookup_56881.meta.port+                                      if (port_lookup_56881.meta.port is defined) and (port_lookup_56881.meta.port | trim | length > 0)+                                      else '56881' }}"+qbittorrent_role_docker_ports_8080: "{{ port_lookup_8080.meta.port+                                     if (port_lookup_8080.meta.port is defined) and (port_lookup_8080.meta.port | trim | length > 0)+                                     else '8090' }}"+qbittorrent_role_web_port_lookup: "{{ lookup('role_var', '_web_port', role='qbittorrent') }}" -qbittorrent_docker_ports_defaults:-  - "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}:{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}"-  - "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}:{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}/udp"-qbittorrent_docker_ports_custom: []-qbittorrent_docker_ports: "{{ lookup('vars', qbittorrent_name + '_docker_ports_defaults', default=qbittorrent_docker_ports_defaults)-                              + lookup('vars', qbittorrent_name + '_docker_ports_custom', default=qbittorrent_docker_ports_custom) }}"+qbittorrent_role_docker_ports_default:+  - "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}:{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}"+  - "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}:{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}/udp"+qbittorrent_role_docker_ports_custom: []+qbittorrent_role_docker_ports: "{{ lookup('role_var', '_docker_ports_default', role='qbittorrent')+                                   + lookup('role_var', '_docker_ports_custom', role='qbittorrent') }}"  # Envs-qbittorrent_docker_envs_default:+qbittorrent_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"   UMASK_SET: "002"-qbittorrent_docker_envs_custom: {}-qbittorrent_docker_envs: "{{ lookup('vars', qbittorrent_name + '_docker_envs_default', default=qbittorrent_docker_envs_default)-                             | combine(lookup('vars', qbittorrent_name + '_docker_envs_custom', default=qbittorrent_docker_envs_custom)) }}"--# Commands-qbittorrent_docker_commands_default: []-qbittorrent_docker_commands_custom: []-qbittorrent_docker_commands: "{{ lookup('vars', qbittorrent_name + '_docker_commands_default', default=qbittorrent_docker_commands_default)-                                 + lookup('vars', qbittorrent_name + '_docker_commands_custom', default=qbittorrent_docker_commands_custom) }}"+  S6_SERVICES_GRACETIME: "{{ (lookup('role_var', '_docker_stop_timeout', role='qbittorrent') | int * 1000) | string }}"+qbittorrent_role_docker_envs_custom: {}+qbittorrent_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='qbittorrent')+                                  | combine(lookup('role_var', '_docker_envs_custom', role='qbittorrent')) }}"  # Volumes-qbittorrent_docker_volumes_default:-  - "{{ qbittorrent_paths_location }}:/config"+qbittorrent_role_docker_volumes_default:+  - "{{ qbittorrent_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-qbittorrent_docker_volumes_custom: []-qbittorrent_docker_volumes: "{{ lookup('vars', qbittorrent_name + '_docker_volumes_default', default=qbittorrent_docker_volumes_default)-                                + lookup('vars', qbittorrent_name + '_docker_volumes_custom', default=qbittorrent_docker_volumes_custom) }}"--# Devices-qbittorrent_docker_devices_default: []-qbittorrent_docker_devices_custom: []-qbittorrent_docker_devices: "{{ lookup('vars', qbittorrent_name + '_docker_devices_default', default=qbittorrent_docker_devices_default)-                                + lookup('vars', qbittorrent_name + '_docker_devices_custom', default=qbittorrent_docker_devices_custom) }}"--# Hosts-qbittorrent_docker_hosts_default: {}-qbittorrent_docker_hosts_custom: {}-qbittorrent_docker_hosts: "{{ docker_hosts_common-                              | combine(lookup('vars', qbittorrent_name + '_docker_hosts_default', default=qbittorrent_docker_hosts_default))-                              | combine(lookup('vars', qbittorrent_name + '_docker_hosts_custom', default=qbittorrent_docker_hosts_custom)) }}"+qbittorrent_role_docker_volumes_custom: []+qbittorrent_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='qbittorrent')+                                     + lookup('role_var', '_docker_volumes_custom', role='qbittorrent') }}"  # Labels-qbittorrent_docker_labels_default: {}-qbittorrent_docker_labels_custom: {}-qbittorrent_docker_labels: "{{ docker_labels_common-                               | combine(lookup('vars', qbittorrent_name + '_docker_labels_default', default=qbittorrent_docker_labels_default))-                               | combine((traefik_themepark_labels-                                         if (qbittorrent_themepark_enabled and global_themepark_plugin_enabled)-                                         else {}),-                                         lookup('vars', qbittorrent_name + '_docker_labels_custom', default=qbittorrent_docker_labels_custom)) }}"+qbittorrent_role_docker_labels_default: {}+qbittorrent_role_docker_labels_custom: {}+qbittorrent_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='qbittorrent')+                                    | combine((traefik_themepark_labels+                                              if (lookup('role_var', '_themepark_enabled', role='qbittorrent') and global_themepark_plugin_enabled)+                                              else {}),+                                              lookup('role_var', '_docker_labels_custom', role='qbittorrent')) }}"  # Hostname-qbittorrent_docker_hostname: "{{ qbittorrent_name }}"--# Network Mode-qbittorrent_docker_network_mode_default: "{{ docker_networks_name_common }}"-qbittorrent_docker_network_mode: "{{ lookup('vars', qbittorrent_name + '_docker_network_mode_default', default=qbittorrent_docker_network_mode_default) }}"+qbittorrent_role_docker_hostname: "{{ qbittorrent_name }}"  # Networks-qbittorrent_docker_networks_alias: "{{ qbittorrent_name }}"-qbittorrent_docker_networks_default: []-qbittorrent_docker_networks_custom: []-qbittorrent_docker_networks: "{{ docker_networks_common-                                 + lookup('vars', qbittorrent_name + '_docker_networks_default', default=qbittorrent_docker_networks_default)-                                 + lookup('vars', qbittorrent_name + '_docker_networks_custom', default=qbittorrent_docker_networks_custom) }}"--# Capabilities-qbittorrent_docker_capabilities_default: []-qbittorrent_docker_capabilities_custom: []-qbittorrent_docker_capabilities: "{{ lookup('vars', qbittorrent_name + '_docker_capabilities_default', default=qbittorrent_docker_capabilities_default)-                                     + lookup('vars', qbittorrent_name + '_docker_capabilities_custom', default=qbittorrent_docker_capabilities_custom) }}"--# Security Opts-qbittorrent_docker_security_opts_default: []-qbittorrent_docker_security_opts_custom: []-qbittorrent_docker_security_opts: "{{ lookup('vars', qbittorrent_name + '_docker_security_opts_default', default=qbittorrent_docker_security_opts_default)-                                      + lookup('vars', qbittorrent_name + '_docker_security_opts_custom', default=qbittorrent_docker_security_opts_custom) }}"+qbittorrent_role_docker_networks_alias: "{{ qbittorrent_name }}"+qbittorrent_role_docker_networks_default: []+qbittorrent_role_docker_networks_custom: []+qbittorrent_role_docker_networks: "{{ docker_networks_common+                                      + lookup('role_var', '_docker_networks_default', role='qbittorrent')+                                      + lookup('role_var', '_docker_networks_custom', role='qbittorrent') }}"  # Restart Policy-qbittorrent_docker_restart_policy: unless-stopped+qbittorrent_role_docker_restart_policy: unless-stopped  # Stop Timeout-qbittorrent_docker_stop_timeout: 900+qbittorrent_role_docker_stop_timeout: 900  # State-qbittorrent_docker_state: started+qbittorrent_role_docker_state: started

modified

roles/qbittorrent/tasks/main2.yml

@@ -15,8 +15,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -30,43 +31,42 @@   ansible.builtin.include_tasks: subtasks/legacy.yml   when: qbittorrent_legacy_service.stat.exists -- name: Check if '{{ qbittorent_service_name }}' exists+- name: Check if '{{ qbittorrent_role_service_name }}' exists   ansible.builtin.stat:-    path: "/etc/systemd/system/{{ qbittorent_service_name }}"+    path: "/etc/systemd/system/{{ qbittorrent_role_service_name }}"   register: qbittorrent_service -- name: Stop '{{ qbittorent_service_name }}'+- name: Stop '{{ qbittorrent_role_service_name }}'   ansible.builtin.systemd_service:-    name: "{{ qbittorent_service_name }}"+    name: "{{ qbittorrent_role_service_name }}"     state: stopped   when: qbittorrent_service.stat.exists -- name: Remove '{{ qbittorent_service_name }}' file+- name: Remove '{{ qbittorrent_role_service_name }}' file   ansible.builtin.file:-    path: "/etc/systemd/system/{{ qbittorent_service_name }}"+    path: "/etc/systemd/system/{{ qbittorrent_role_service_name }}"     state: absent-  when: qbittorrent_service.stat.exists and not qbittorrent_host_install+  when: qbittorrent_service.stat.exists and (not lookup('role_var', '_host_install', role='qbittorrent'))  - name: Remove '{{ qbittorrent_name }}-nox' file   ansible.builtin.file:     path: "/usr/bin/{{ qbittorrent_name }}-nox"     state: absent-  when: qbittorrent_service.stat.exists and not qbittorrent_host_install+  when: qbittorrent_service.stat.exists and (not lookup('role_var', '_host_install', role='qbittorrent'))  - name: Create directories   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Check if config file exists   ansible.builtin.stat:-    path: "{{ qbittorrent_paths_conf }}"-  register: qbittorrent_paths_conf_stat+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"+  register: qbittorrent_role_paths_conf_stat  - name: Pre-Install Tasks-  ansible.builtin.import_tasks: "subtasks/pre-install/main.yml"-  when: (not continuous_integration)+  ansible.builtin.include_tasks: "subtasks/pre-install/main.yml"  - name: Host Install-  when: qbittorrent_host_install+  when: lookup('role_var', '_host_install', role='qbittorrent')   block:     - name: Add '{{ qbittorrent_name }}' to hosts       ansible.builtin.blockinfile:@@ -76,12 +76,12 @@           172.19.0.1 {{ qbittorrent_name }}      - name: Get Download Url-      ansible.builtin.shell: "{{ qbittorrent_host_version }}"-      register: qbittorret_release_version+      ansible.builtin.shell: "{{ lookup('role_var', '_host_version', role='qbittorrent') }}"+      register: qbittorrent_release_version      - name: Download 'qbittorrent-nox'       ansible.builtin.get_url:-        url: "{{ qbittorrent_host_download_url }}"+        url: "{{ lookup('role_var', '_host_download_url', role='qbittorrent') }}"         dest: "/usr/bin/{{ qbittorrent_name }}-nox"         mode: "0755"         force: true@@ -89,25 +89,25 @@     - name: Import '{{ qbittorrent_name }}.service'       ansible.builtin.template:         src: "qbittorrent.service.j2"-        dest: "/etc/systemd/system/{{ qbittorent_service_name }}"+        dest: "/etc/systemd/system/{{ qbittorrent_role_service_name }}"         mode: "0644"         force: true -    - name: Systemd daemon-reload '{{ qbittorent_service_name }}'+    - name: Systemd daemon-reload '{{ qbittorrent_role_service_name }}'       ansible.builtin.systemd_service:-        name: "{{ qbittorent_service_name }}"+        name: "{{ qbittorrent_role_service_name }}"         state: stopped         enabled: false         daemon_reload: true -    - name: Start '{{ qbittorent_service_name }}'+    - name: Start '{{ qbittorrent_role_service_name }}'       ansible.builtin.systemd_service:-        name: "{{ qbittorent_service_name }}"+        name: "{{ qbittorrent_role_service_name }}"         state: started         enabled: true  - name: Docker Install-  when: not qbittorrent_host_install+  when: not lookup('role_var', '_host_install', role='qbittorrent')   block:     - name: Remove '{{ qbittorrent_name }}' from hosts       ansible.builtin.blockinfile:@@ -119,5 +119,5 @@       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install/main.yml"-  when: (not continuous_integration) and (not qbittorrent_paths_conf_stat.stat.exists)+  ansible.builtin.include_tasks: "subtasks/post-install/main.yml"+  when: (not qbittorrent_role_paths_conf_stat.stat.exists)

modified

roles/qbittorrent/tasks/subtasks/post-install/main.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Wait for config to be created   ansible.builtin.wait_for:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     state: present  - name: Post-Install | Wait for 30 seconds@@ -18,25 +18,25 @@  - name: Post-Install | Stop container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_docker_container.yml"-  when: not qbittorrent_host_install+  when: not lookup('role_var', '_host_install', role='qbittorrent') -- name: Post-Install | Stop '{{ qbittorent_service_name }}'+- name: Post-Install | Stop '{{ lookup('role_var', '_service_name', role='qbittorrent') }}'   ansible.builtin.systemd_service:-    name: "{{ qbittorent_service_name }}"+    name: "{{ lookup('role_var', '_service_name', role='qbittorrent') }}"     state: stopped     enabled: true-  when: qbittorrent_host_install+  when: lookup('role_var', '_host_install', role='qbittorrent')  - name: Post-Install | Settings Task-  ansible.builtin.import_tasks: "settings/main.yml"+  ansible.builtin.include_tasks: "settings/main.yml"  - name: Post-Install | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"-  when: not qbittorrent_host_install+  when: not lookup('role_var', '_host_install', role='qbittorrent') -- name: Post-Install | Start '{{ qbittorent_service_name }}'+- name: Post-Install | Start '{{ lookup('role_var', '_service_name', role='qbittorrent') }}'   ansible.builtin.systemd_service:-    name: "{{ qbittorent_service_name }}"+    name: "{{ lookup('role_var', '_service_name', role='qbittorrent') }}"     state: started     enabled: true-  when: qbittorrent_host_install+  when: lookup('role_var', '_host_install', role='qbittorrent')

modified

roles/qbittorrent/tasks/subtasks/post-install/settings/main.yml

@@ -9,10 +9,10 @@ --- - name: Post-Install | Settings | Update Session\Port in 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: BitTorrent     option: Session\Port-    value: "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}"+    value: "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -21,10 +21,10 @@  - name: Post-Install | Settings | Update Connection\PortRangeMin in 'qBittorrent.conf' config settings (legacy)   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: Connection\PortRangeMin-    value: "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}"+    value: "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -33,7 +33,7 @@  - name: Post-Install | Settings | Update WebUI\HostHeaderValidation 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\HostHeaderValidation     value: "false"@@ -45,7 +45,7 @@  - name: Post-Install | Settings | Update WebUI\CSRFProtection 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\CSRFProtection     value: "false"@@ -57,10 +57,10 @@  - name: Post-Install | Settings | Update WebUI\CustomHTTPHeaders 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\CustomHTTPHeaders-    value: "{{ qbittorrent_webui_custom_headers }}"+    value: "{{ lookup('role_var', '_webui_custom_headers', role='qbittorrent') }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -69,10 +69,10 @@  - name: Post-Install | Settings | Update WebUI\CustomHTTPHeadersEnabled 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\CustomHTTPHeadersEnabled-    value: "{{ qbittorrent_webui_custom_headers_enabled }}"+    value: "{{ lookup('role_var', '_webui_custom_headers_enabled', role='qbittorrent') }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -81,7 +81,7 @@  - name: Post-Install | Settings | Update LegalNotice.Accepted 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: LegalNotice     option: Accepted     value: "true"@@ -93,10 +93,10 @@  - name: Post-Install | Settings | Update WebUI\Port 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\Port-    value: "{{ lookup('vars', qbittorrent_name + '_docker_ports_8080', default=qbittorrent_docker_ports_8080) if qbittorrent_host_install else '8080' }}"+    value: "{{ lookup('role_var', '_docker_ports_8080', role='qbittorrent') if lookup('role_var', '_host_install', role='qbittorrent') else '8080' }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -105,10 +105,10 @@  - name: Post-Install | Settings | Update WebUI\Port 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\Address-    value: "{{ '172.19.0.1' if qbittorrent_host_install else '*' }}"+    value: "{{ '172.19.0.1' if lookup('role_var', '_host_install', role='qbittorrent') else '*' }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -117,7 +117,7 @@  - name: Post-Install | Settings | Update WebUI\TrustedReverseProxiesList 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\TrustedReverseProxiesList     value: "172.19.0.0/16"@@ -129,7 +129,7 @@  - name: Post-Install | Settings | Update WebUI\ReverseProxySupportEnabled 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Preferences     option: WebUI\ReverseProxySupportEnabled     value: "true"@@ -141,7 +141,7 @@  - name: Post-Install | Settings | Update FileLogger\Enabled 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Application     option: FileLogger\Enabled     value: "true"@@ -153,10 +153,10 @@  - name: Post-Install | Settings | Update FileLogger\Path 'qBittorrent.conf' config settings   community.general.ini_file:-    path: "{{ qbittorrent_paths_conf }}"+    path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"     section: Application     option: FileLogger\Path-    value: "{{ qbittorrent_paths_location + '/log' if qbittorrent_host_install else '/config/log' }}"+    value: "{{ lookup('role_var', '_paths_location', role='qbittorrent') + '/log' if lookup('role_var', '_host_install', role='qbittorrent') else '/config/log' }}"     no_extra_spaces: true     state: present     owner: "{{ user.name }}"@@ -164,19 +164,20 @@     mode: "0664"  - name: Post-Install | Settings | Generate Password Hash-  when: not qbittorrent_paths_conf_stat.stat.exists+  when: not qbittorrent_role_paths_conf_stat.stat.exists   block:     - name: Post-Install | Settings | Generate Password Hash       qbittorrent_passwd:         password: "{{ user.pass }}"       register: qbittorrent_hashed_passwd+      no_log: true      - name: Post-Install | Settings | Set qBittorrent 'WebUI\Username'       community.general.ini_file:+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\Username         value: '{{ user.name }}'-        path: "{{ qbittorrent_paths_conf }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -185,10 +186,10 @@      - name: Post-Install | Settings | Set qBittorrent 'WebUI\Password_PBKDF2'       community.general.ini_file:+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\Password_PBKDF2-        value: '{{ qbittorrent_hashed_passwd.msg }}'-        path: "{{ qbittorrent_paths_conf }}"+        value: '{{ qbittorrent_hashed_passwd.hash }}'         no_extra_spaces: true         state: present         owner: "{{ user.name }}"

modified

roles/qbittorrent/tasks/subtasks/pre-install/main.yml

@@ -9,14 +9,14 @@ --- - name: Pre-Install | Remove 'qbittorrent.yml' file   ansible.builtin.file:-    path: "/opt/traefik/{{ qbittorrent_name }}.yml"+    path: "{{ server_appdata_path }}/traefik/{{ qbittorrent_name }}.yml"     state: absent  - name: Pre-Install | Initialize or update port range low bound   ansible.builtin.set_fact:     port_range_low_bound: "{{ port_range_low_bound | default(56881) }}" -- name: Pre-Install | Get next available port within the range of '56881-56901' # noqa fqcn[action]+- name: Pre-Install | Get next available port within the range of '56881-56901'   find_open_port:     low_bound: "{{ port_range_low_bound }}"     high_bound: 56901@@ -26,9 +26,9 @@  - name: Pre-Install | Update port range low bound for next iteration   ansible.builtin.set_fact:-    port_range_low_bound: "{{ (lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) | int) + 1 }}"--- name: Pre-Install | Get next available port within the range of '8090-8100' # noqa fqcn[action]+    port_range_low_bound: "{{ (lookup('role_var', '_docker_ports_56881', role='qbittorrent') | int) + 1 }}"++- name: Pre-Install | Get next available port within the range of '8090-8100'   find_open_port:     low_bound: 8090     high_bound: 8100@@ -37,14 +37,14 @@   ignore_errors: true  - name: Pre-Install | Settings | Update 'qBittorrent.conf' config settings-  when: qbittorrent_paths_conf_stat.stat.exists+  when: qbittorrent_role_paths_conf_stat.stat.exists   block:     - name: Pre-Install | Settings | Update Session\Port in 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: BitTorrent         option: Session\Port-        value: "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}"+        value: "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -53,10 +53,10 @@      - name: Pre-Install | Settings | Update Session\TorrentContentRemoveOption in 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: BitTorrent         option: Session\TorrentContentRemoveOption-        value: "{{ lookup('vars', qbittorrent_name + '_torrent_content_remove_option', default=qbittorrent_torrent_content_remove_option) }}"+        value: "{{ lookup('role_var', '_torrent_content_remove_option', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -65,10 +65,10 @@      - name: Pre-Install | Settings | Update Connection\PortRangeMin in 'qBittorrent.conf' config settings (legacy)       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: Connection\PortRangeMin-        value: "{{ lookup('vars', qbittorrent_name + '_docker_ports_56881', default=qbittorrent_docker_ports_56881) }}"+        value: "{{ lookup('role_var', '_docker_ports_56881', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -77,7 +77,7 @@      - name: Pre-Install | Settings | Update WebUI\HostHeaderValidation 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\HostHeaderValidation         value: "false"@@ -89,7 +89,7 @@      - name: Pre-Install | Settings | Update WebUI\CSRFProtection 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\CSRFProtection         value: "false"@@ -101,10 +101,10 @@      - name: Pre-Install | Settings | Update WebUI\CustomHTTPHeaders 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\CustomHTTPHeaders-        value: "{{ qbittorrent_webui_custom_headers }}"+        value: "{{ lookup('role_var', '_webui_custom_headers', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -113,10 +113,10 @@      - name: Pre-Install | Settings | Update WebUI\CustomHTTPHeadersEnabled 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\CustomHTTPHeadersEnabled-        value: "{{ qbittorrent_webui_custom_headers_enabled }}"+        value: "{{ lookup('role_var', '_webui_custom_headers_enabled', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -125,7 +125,7 @@      - name: Pre-Install | Settings | Update LegalNotice.Accepted 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: LegalNotice         option: Accepted         value: "true"@@ -137,10 +137,10 @@      - name: Pre-Install | Settings | Update WebUI\Port 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\Port-        value: "{{ qbittorrent_docker_ports_8080 if qbittorrent_host_install else lookup('vars', qbittorrent_name + '_web_port', default=qbittorrent_web_port) }}"+        value: "{{ lookup('role_var', '_docker_ports_8080', role='qbittorrent') if lookup('role_var', '_host_install', role='qbittorrent') else lookup('role_var', '_web_port', role='qbittorrent') }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -149,10 +149,10 @@      - name: Pre-Install | Settings | Update WebUI\Port 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\Address-        value: "{{ '172.19.0.1' if qbittorrent_host_install else '*' }}"+        value: "{{ '172.19.0.1' if lookup('role_var', '_host_install', role='qbittorrent') else '*' }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -161,7 +161,7 @@      - name: Pre-Install | Settings | Update WebUI\TrustedReverseProxiesList 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\TrustedReverseProxiesList         value: "172.19.0.0/16"@@ -173,7 +173,7 @@      - name: Pre-Install | Settings | Update WebUI\ReverseProxySupportEnabled 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Preferences         option: WebUI\ReverseProxySupportEnabled         value: "true"@@ -185,7 +185,7 @@      - name: Pre-Install | Settings | Update FileLogger\Enabled 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Application         option: FileLogger\Enabled         value: "true"@@ -197,10 +197,10 @@      - name: Pre-Install | Settings | Update FileLogger\Path 'qBittorrent.conf' config settings       community.general.ini_file:-        path: "{{ qbittorrent_paths_conf }}"+        path: "{{ lookup('role_var', '_paths_conf', role='qbittorrent') }}"         section: Application         option: FileLogger\Path-        value: "{{ qbittorrent_paths_location + '/log' if qbittorrent_host_install else '/config/log' }}"+        value: "{{ lookup('role_var', '_paths_location', role='qbittorrent') + '/log' if lookup('role_var', '_host_install', role='qbittorrent') else '/config/log' }}"         no_extra_spaces: true         state: present         owner: "{{ user.name }}"@@ -210,9 +210,9 @@ - name: Pre-Install | Import 'qbittorrent.yml' file   ansible.builtin.template:     src: "qbittorrent.yml.j2"-    dest: "/opt/traefik/{{ qbittorrent_name }}.yml"+    dest: "{{ server_appdata_path }}/traefik/{{ qbittorrent_name }}.yml"     owner: '{{ user.name }}'     group: '{{ user.name }}'     mode: "0644"     force: true-  when: qbittorrent_host_install+  when: lookup('role_var', '_host_install', role='qbittorrent')

modified

roles/qbittorrent/templates/qbittorrent.service.j2

@@ -10,8 +10,22 @@  [Unit] Description={{ qbittorrent_name }}-After=network-online.target docker.service-Requires=network-online.target docker.service+{% set service_after = lookup('role_var', '_service_after', role='qbittorrent') %}+{% if service_after | length > 0 %}+After={{ service_after }}+{% endif %}+{% set service_requires = lookup('role_var', '_service_requires', role='qbittorrent') %}+{% if service_requires | length > 0 %}+Requires={{ service_requires }}+{% endif %}+{% set service_wants = lookup('role_var', '_service_wants', role='qbittorrent') %}+{% if service_wants | length > 0 %}+Wants={{ service_wants }}+{% endif %}+{% set service_partof = lookup('role_var', '_service_partof', role='qbittorrent') %}+{% if service_partof | length > 0 %}+PartOf={{ service_partof }}+{% endif %} StartLimitIntervalSec=500s StartLimitBurst=5 @@ -19,9 +33,9 @@ User={{ user.name }} Group={{ user.name }} Type=exec-Environment="XDG_CONFIG_HOME={{ qbittorrent_paths_location }}" "XDG_DATA_HOME={{ qbittorrent_paths_location }}" "HOME={{ qbittorrent_paths_location }}"+Environment="XDG_CONFIG_HOME={{ lookup('role_var', '_paths_location', role='qbittorrent') }}" "XDG_DATA_HOME={{ lookup('role_var', '_paths_location', role='qbittorrent') }}" "HOME={{ lookup('role_var', '_paths_location', role='qbittorrent') }}" ExecStartPre=/bin/sleep 10-ExecStart=/usr/bin/{{ qbittorrent_name }}-nox --webui-port={{ qbittorrent_docker_ports_8080 }}+ExecStart=/usr/bin/{{ qbittorrent_name }}-nox --webui-port={{ lookup('role_var', '_docker_ports_8080', role='qbittorrent') }} AmbientCapabilities=CAP_NET_RAW TimeoutStopSec=1800 Restart=on-failure

modified

roles/qbittorrent/templates/qbittorrent.yml.j2

@@ -17,13 +17,13 @@       service: "{{ qbittorrent_name }}"       tls:         options: securetls@file-        certResolver: {{ qbittorrent_traefik_certresolver }}-{% if lookup('vars', qbittorrent_name + '_traefik_api_enabled', default=qbittorrent_traefik_api_enabled) %}+        certResolver: {{ lookup('role_var', '_traefik_certresolver', role='qbittorrent') }}+{% if lookup('role_var', '_traefik_api_enabled', role='qbittorrent') %}      {{ qbittorrent_name }}-api-http:       entryPoints:         - "web"-      rule: "{{ traefik_host_template + ' && (' + lookup('vars', qbittorrent_name + '_traefik_api_endpoint', default=qbittorrent_traefik_api_endpoint) }})"+      rule: "{{ traefik_host_template + ' && (' + lookup('role_var', '_traefik_api_endpoint', role='qbittorrent') }})"       middlewares:         {{ traefik_default_middleware_http_api.split(',') | to_nice_yaml | trim | indent(8) }}       service: "{{ qbittorrent_name }}"@@ -31,29 +31,29 @@     {{ qbittorrent_name }}-api:       entryPoints:         - "websecure"-      rule: "{{ traefik_host_template + ' && (' + lookup('vars', qbittorrent_name + '_traefik_api_endpoint', default=qbittorrent_traefik_api_endpoint) }})"+      rule: "{{ traefik_host_template + ' && (' + lookup('role_var', '_traefik_api_endpoint', role='qbittorrent') }})"       middlewares:         {{ traefik_default_middleware_api.split(',') | to_nice_yaml | trim | indent(8) }}       service: "{{ qbittorrent_name }}"       tls:         options: securetls@file-        certResolver: {{ qbittorrent_traefik_certresolver }}+        certResolver: {{ lookup('role_var', '_traefik_certresolver', role='qbittorrent') }} {% endif %}    services:     {{ qbittorrent_name }}:       loadBalancer:         servers:-          - url: "http://172.19.0.1:{{ qbittorrent_docker_ports_8080 }}"-{% if qbittorrent_themepark_enabled and global_themepark_plugin_enabled %}+          - url: "http://172.19.0.1:{{ lookup('role_var', '_docker_ports_8080', role='qbittorrent') }}"+{% if lookup('role_var', '_themepark_enabled', role='qbittorrent') and global_themepark_plugin_enabled %}    middlewares:-    themepark-{{ lookup("vars", qbittorrent_name + "_name", default=qbittorrent_name) }}:+    themepark-{{ qbittorrent_name }}:       plugin:         themepark:-          app: "{{ qbittorrent_themepark_app }}"-          theme: "{{ lookup("vars", qbittorrent_name + "_themepark_theme", default=qbittorrent_themepark_theme) }}"-{% if lookup("vars", qbittorrent_name + "_themepark_addons", default=qbittorrent_themepark_addons) | length > 0 %}-          addons: "{{ lookup("vars", qbittorrent_name + "_themepark_addons", default=qbittorrent_themepark_addons) }}"+          app: "{{ qbittorrent_role_themepark_app }}"+          theme: "{{ lookup('role_var', '_themepark_theme', role='qbittorrent') }}"+{% if lookup('role_var', '_themepark_addons', role='qbittorrent') | length > 0 %}+          addons: "{{ lookup('role_var', '_themepark_addons', role='qbittorrent') }}" {% endif %} {% endif %}

modified

roles/radarr/defaults/main.yml

@@ -17,171 +17,121 @@ # Settings ################################ -radarr_external_auth: true+radarr_role_external_auth: true  ################################ # Paths ################################ -radarr_paths_folder: "{{ radarr_name }}"-radarr_paths_location: "{{ server_appdata_path }}/{{ radarr_paths_folder }}"-radarr_paths_folders_list:-  - "{{ radarr_paths_location }}"-radarr_paths_config_location: "{{ radarr_paths_location }}/config.xml"+radarr_role_paths_folder: "{{ radarr_name }}"+radarr_role_paths_location: "{{ server_appdata_path }}/{{ radarr_role_paths_folder }}"+radarr_role_paths_folders_list:+  - "{{ radarr_role_paths_location }}"+radarr_role_paths_config_location: "{{ radarr_role_paths_location }}/config.xml"  ################################ # Web ################################ -radarr_web_subdomain: "{{ radarr_name }}"-radarr_web_domain: "{{ user.domain }}"-radarr_web_port: "7878"-radarr_web_url: "{{ 'https://' + (lookup('vars', radarr_name + '_web_subdomain', default=radarr_web_subdomain) + '.' + lookup('vars', radarr_name + '_web_domain', default=radarr_web_domain)-                 if (lookup('vars', radarr_name + '_web_subdomain', default=radarr_web_subdomain) | length > 0)-                 else lookup('vars', radarr_name + '_web_domain', default=radarr_web_domain)) }}"+radarr_role_web_subdomain: "{{ radarr_name }}"+radarr_role_web_domain: "{{ user.domain }}"+radarr_role_web_port: "7878"+radarr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='radarr') + '.' + lookup('role_var', '_web_domain', role='radarr')+                      if (lookup('role_var', '_web_subdomain', role='radarr') | length > 0)+                      else lookup('role_var', '_web_domain', role='radarr')) }}"  ################################ # DNS ################################ -radarr_dns_record: "{{ lookup('vars', radarr_name + '_web_subdomain', default=radarr_web_subdomain) }}"-radarr_dns_zone: "{{ lookup('vars', radarr_name + '_web_domain', default=radarr_web_domain) }}"-radarr_dns_proxy: "{{ dns.proxied }}"+radarr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='radarr') }}"+radarr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='radarr') }}"+radarr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -radarr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-radarr_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',themepark-' + lookup('vars', radarr_name + '_name', default=radarr_name)-                                         if (radarr_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-radarr_traefik_middleware_custom: ""-radarr_traefik_certresolver: "{{ traefik_default_certresolver }}"-radarr_traefik_enabled: true-radarr_traefik_api_enabled: true-radarr_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"+radarr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+radarr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + radarr_name+                                              if (lookup('role_var', '_themepark_enabled', role='radarr') and global_themepark_plugin_enabled)+                                              else '') }}"+radarr_role_traefik_middleware_custom: ""+radarr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+radarr_role_traefik_enabled: true+radarr_role_traefik_api_enabled: true+radarr_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"  ################################-# API-################################--# default to blank-radarr_api_key:--################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-radarr_themepark_enabled: false-radarr_themepark_app: "radarr"-radarr_themepark_theme: "{{ global_themepark_theme }}"-radarr_themepark_domain: "{{ global_themepark_domain }}"-radarr_themepark_addons: []+radarr_role_themepark_enabled: false+radarr_role_themepark_app: "radarr"+radarr_role_themepark_theme: "{{ global_themepark_theme }}"+radarr_role_themepark_domain: "{{ global_themepark_domain }}"+radarr_role_themepark_addons: []  ################################ # Docker ################################  # Container-radarr_docker_container: "{{ radarr_name }}"+radarr_role_docker_container: "{{ radarr_name }}"  # Image-radarr_docker_image_pull: true-radarr_docker_image_repo: "ghcr.io/hotio/radarr"-radarr_docker_image_tag: "release"-radarr_docker_image: "{{ lookup('vars', radarr_name + '_docker_image_repo', default=radarr_docker_image_repo)-                         + ':' + lookup('vars', radarr_name + '_docker_image_tag', default=radarr_docker_image_tag) }}"--# Ports-radarr_docker_ports_defaults: []-radarr_docker_ports_custom: []-radarr_docker_ports: "{{ lookup('vars', radarr_name + '_docker_ports_defaults', default=radarr_docker_ports_defaults)-                         + lookup('vars', radarr_name + '_docker_ports_custom', default=radarr_docker_ports_custom) }}"+radarr_role_docker_image_pull: true+radarr_role_docker_image_repo: "ghcr.io/hotio/radarr"+radarr_role_docker_image_tag: "release"+radarr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='radarr') }}:{{ lookup('role_var', '_docker_image_tag', role='radarr') }}"  # Envs-radarr_docker_envs_default:+radarr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-radarr_docker_envs_custom: {}-radarr_docker_envs: "{{ lookup('vars', radarr_name + '_docker_envs_default', default=radarr_docker_envs_default)-                        | combine(lookup('vars', radarr_name + '_docker_envs_custom', default=radarr_docker_envs_custom)) }}"--# Commands-radarr_docker_commands_default: []-radarr_docker_commands_custom: []-radarr_docker_commands: "{{ lookup('vars', radarr_name + '_docker_commands_default', default=radarr_docker_commands_default)-                            + lookup('vars', radarr_name + '_docker_commands_custom', default=radarr_docker_commands_custom) }}"+radarr_role_docker_envs_custom: {}+radarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='radarr')+                             | combine(lookup('role_var', '_docker_envs_custom', role='radarr')) }}"  # Volumes-radarr_docker_volumes_default:-  - "{{ radarr_paths_location }}:/config"+radarr_role_docker_volumes_default:+  - "{{ radarr_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-radarr_docker_volumes_legacy:+radarr_role_docker_volumes_legacy:   - "/mnt/unionfs/Media/Movies:/movies"-radarr_docker_volumes_custom: []-radarr_docker_volumes: "{{ lookup('vars', radarr_name + '_docker_volumes_default', default=radarr_docker_volumes_default)-                           + lookup('vars', radarr_name + '_docker_volumes_custom', default=radarr_docker_volumes_custom)-                           + (lookup('vars', radarr_name + '_docker_volumes_legacy', default=radarr_docker_volumes_legacy)-                             if docker_legacy_volume-                             else []) }}"--# Devices-radarr_docker_devices_default: []-radarr_docker_devices_custom: []-radarr_docker_devices: "{{ lookup('vars', radarr_name + '_docker_devices_default', default=radarr_docker_devices_default)-                           + lookup('vars', radarr_name + '_docker_devices_custom', default=radarr_docker_devices_custom) }}"--# Hosts-radarr_docker_hosts_default: {}-radarr_docker_hosts_custom: {}-radarr_docker_hosts: "{{ docker_hosts_common-                         | combine(lookup('vars', radarr_name + '_docker_hosts_default', default=radarr_docker_hosts_default))-                         | combine(lookup('vars', radarr_name + '_docker_hosts_custom', default=radarr_docker_hosts_custom)) }}"+radarr_role_docker_volumes_custom: []+radarr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='radarr')+                                + lookup('role_var', '_docker_volumes_custom', role='radarr')+                                + (lookup('role_var', '_docker_volumes_legacy', role='radarr')+                                  if docker_legacy_volume+                                  else []) }}"  # Labels-radarr_docker_labels_default: {}-radarr_docker_labels_custom: {}-radarr_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', radarr_name + '_docker_labels_default', default=radarr_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (radarr_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', radarr_name + '_docker_labels_custom', default=radarr_docker_labels_custom)) }}"+radarr_role_docker_labels_default: {}+radarr_role_docker_labels_custom: {}+radarr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='radarr')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='radarr') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='radarr')) }}"  # Hostname-radarr_docker_hostname: "{{ radarr_name }}"--# Network Mode-radarr_docker_network_mode_default: "{{ docker_networks_name_common }}"-radarr_docker_network_mode: "{{ lookup('vars', radarr_name + '_docker_network_mode_default', default=radarr_docker_network_mode_default) }}"+radarr_role_docker_hostname: "{{ radarr_name }}"  # Networks-radarr_docker_networks_alias: "{{ radarr_name }}"-radarr_docker_networks_default: []-radarr_docker_networks_custom: []-radarr_docker_networks: "{{ docker_networks_common-                            + lookup('vars', radarr_name + '_docker_networks_default', default=radarr_docker_networks_default)-                            + lookup('vars', radarr_name + '_docker_networks_custom', default=radarr_docker_networks_custom) }}"--# Capabilities-radarr_docker_capabilities_default: []-radarr_docker_capabilities_custom: []-radarr_docker_capabilities: "{{ lookup('vars', radarr_name + '_docker_capabilities_default', default=radarr_docker_capabilities_default)-                                + lookup('vars', radarr_name + '_docker_capabilities_custom', default=radarr_docker_capabilities_custom) }}"--# Security Opts-radarr_docker_security_opts_default: []-radarr_docker_security_opts_custom: []-radarr_docker_security_opts: "{{ lookup('vars', radarr_name + '_docker_security_opts_default', default=radarr_docker_security_opts_default)-                                 + lookup('vars', radarr_name + '_docker_security_opts_custom', default=radarr_docker_security_opts_custom) }}"+radarr_role_docker_networks_alias: "{{ radarr_name }}"+radarr_role_docker_networks_default: []+radarr_role_docker_networks_custom: []+radarr_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='radarr')+                                 + lookup('role_var', '_docker_networks_custom', role='radarr') }}"  # Restart Policy-radarr_docker_restart_policy: unless-stopped+radarr_role_docker_restart_policy: unless-stopped  # State-radarr_docker_state: started+radarr_role_docker_state: started

modified

roles/radarr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -24,5 +24,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: "Tweak Settings when SSO is enabled"-  ansible.builtin.import_tasks: "subtasks/auth.yml"-  when: (lookup('vars', radarr_name + '_traefik_sso_middleware', default=radarr_traefik_sso_middleware) | length > 0) and lookup('vars', radarr_name + '_external_auth', default=radarr_external_auth)+  ansible.builtin.include_tasks: "subtasks/auth.yml"+  when: (lookup('vars', radarr_name + '_traefik_sso_middleware', default=radarr_role_traefik_sso_middleware) | length > 0) and lookup('vars', radarr_name + '_external_auth', default=radarr_role_external_auth)

modified

roles/radarr/tasks/subtasks/auth.yml

@@ -9,7 +9,7 @@ --- - name: Auth | Wait for 'config.xml' to be created   ansible.builtin.wait_for:-    path: "/opt/{{ radarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ radarr_name }}/config.xml"     state: present  - name: Auth | Wait for 10 seconds@@ -18,7 +18,7 @@  - name: Auth | Lookup AuthenticationMethod value   community.general.xml:-    path: "/opt/{{ radarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ radarr_name }}/config.xml"     xpath: "/Config/AuthenticationMethod"     content: "text"   register: xmlresp@@ -28,7 +28,7 @@   block:     - name: Auth | Change the 'AuthenticationMethod' attribute to 'External'       community.general.xml:-        path: "/opt/{{ radarr_name }}/config.xml"+        path: "{{ server_appdata_path }}/{{ radarr_name }}/config.xml"         xpath: "/Config/AuthenticationMethod"         value: "External"

modified

roles/rclone/tasks/main.yml

@@ -8,13 +8,13 @@ ######################################################################### --- - name: Build URL Tasks-  ansible.builtin.import_tasks: "subtasks/01_build_url.yml"+  ansible.builtin.include_tasks: "subtasks/01_build_url.yml"  - name: Install Binary Tasks-  ansible.builtin.import_tasks: "subtasks/02_install_binary.yml"+  ansible.builtin.include_tasks: "subtasks/02_install_binary.yml"  - name: Import Existing Config Tasks-  ansible.builtin.import_tasks: "subtasks/03_import_config.yml"+  ansible.builtin.include_tasks: "subtasks/03_import_config.yml"  - name: Preinstall Tasks   ansible.builtin.include_tasks: "subtasks/99_preinstall.yml"

modified

roles/rclone/tasks/subtasks/01_build_url.yml

@@ -9,7 +9,7 @@ --- - name: Build URL | Install common packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - curl       - jq@@ -65,7 +65,7 @@           if ((rclone.version | type_debug == 'float') or (rclone.version | type_debug == 'int'))           else (rclone.version | regex_replace('(^v\\.|^v)', '')) }} -    - name: Build URL | Check if version '{{ rclone_version_specified0 }}' is available+    - name: Build URL | Check if specified version is available       ansible.builtin.shell: |         curl -sL {{ svm }}https://api.github.com/repos/ncw/rclone/git/refs/tags \         | jq -r  '.[] | .ref' | sed 's/\/\?refs\/tags\/v//g' \

modified

roles/rclone/tasks/subtasks/02_install_binary.yml

@@ -9,7 +9,7 @@ --- - name: Install Binary | Install common packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - unzip       - man-db

modified

roles/redis/defaults/main.yml

@@ -17,102 +17,54 @@ # Paths ################################ -redis_paths_folder: "{{ redis_name }}"-redis_paths_location: "{{ server_appdata_path }}/{{ redis_paths_folder }}"-redis_paths_folders_list:-  - "{{ redis_paths_location }}"+redis_role_paths_folder: "{{ redis_name }}"+redis_role_paths_location: "{{ server_appdata_path }}/{{ redis_role_paths_folder }}"+redis_role_paths_folders_list:+  - "{{ redis_role_paths_location }}"  ################################ # Docker ################################  # Container-redis_docker_container: "{{ redis_name }}"+redis_role_docker_container: "{{ redis_name }}"  # Image-redis_docker_image_pull: true-redis_docker_image_tag: "alpine"-redis_docker_image_repo: "redis"-redis_docker_image: "{{ lookup('vars', redis_name + '_docker_image_repo', default=redis_docker_image_repo) }}:{{ lookup('vars', redis_name + '_docker_image_tag', default=redis_docker_image_tag) }}"--# Ports-redis_docker_ports_defaults: []-redis_docker_ports_custom: []-redis_docker_ports: "{{ lookup('vars', redis_name + '_docker_ports_defaults', default=redis_docker_ports_defaults)-                        + lookup('vars', redis_name + '_docker_ports_custom', default=redis_docker_ports_custom) }}"+redis_role_docker_image_pull: true+redis_role_docker_image_tag: "alpine"+redis_role_docker_image_repo: "redis"+redis_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='redis') }}:{{ lookup('role_var', '_docker_image_tag', role='redis') }}"  # Envs-redis_docker_envs_default:+redis_role_docker_envs_default:   TZ: "{{ tz }}"-redis_docker_envs_custom: {}-redis_docker_envs: "{{ lookup('vars', redis_name + '_', default=redis_docker_envs_default)-                       | combine(lookup('vars', redis_name + '_docker_envs_custom', default=redis_docker_envs_custom)) }}"--# Commands-redis_docker_commands_default: []-redis_docker_commands_custom: []-redis_docker_commands: "{{ lookup('vars', redis_name + '_docker_commands_default', default=redis_docker_commands_default)-                           + lookup('vars', redis_name + '_docker_commands_custom', default=redis_docker_commands_custom) }}"+redis_role_docker_envs_custom: {}+redis_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='redis')+                            | combine(lookup('role_var', '_docker_envs_custom', role='redis')) }}"  # Volumes-redis_docker_volumes_default:-  - "{{ redis_paths_location }}:/data"-redis_docker_volumes_custom: []-redis_docker_volumes: "{{ lookup('vars', redis_name + '_docker_volumes_default', default=redis_docker_volumes_default)-                          + lookup('vars', redis_name + '_docker_volumes_custom', default=redis_docker_volumes_custom) }}"--# Devices-redis_docker_devices_default: []-redis_docker_devices_custom: []-redis_docker_devices: "{{ lookup('vars', redis_name + '_docker_devices_default', default=redis_docker_devices_default)-                          + lookup('vars', redis_name + '_docker_devices_custom', default=redis_docker_devices_custom) }}"--# Hosts-redis_docker_hosts_default: {}-redis_docker_hosts_custom: {}-redis_docker_hosts: "{{ docker_hosts_common-                        | combine(lookup('vars', redis_name + '_docker_hosts_default', default=redis_docker_hosts_default))-                        | combine(lookup('vars', redis_name + '_docker_hosts_custom', default=redis_docker_hosts_custom)) }}"--# Labels-redis_docker_labels_default: {}-redis_docker_labels_custom: {}-redis_docker_labels: "{{ docker_labels_common-                         | combine(lookup('vars', redis_name + '_docker_labels_default', default=redis_docker_labels_default))-                         | combine(lookup('vars', redis_name + '_docker_labels_custom', default=redis_docker_labels_custom)) }}"+redis_role_docker_volumes_default:+  - "{{ redis_role_paths_location }}:/data"+redis_role_docker_volumes_custom: []+redis_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='redis')+                               + lookup('role_var', '_docker_volumes_custom', role='redis') }}"  # Hostname-redis_docker_hostname: "{{ redis_name }}"--# Network Mode-redis_docker_network_mode_default: "{{ docker_networks_name_common }}"-redis_docker_network_mode: "{{ lookup('vars', redis_name + '_docker_network_mode_default', default=redis_docker_network_mode_default) }}"+redis_role_docker_hostname: "{{ redis_name }}"  # Networks-redis_docker_networks_alias: "{{ redis_name }}"-redis_docker_networks_default: []-redis_docker_networks_custom: []-redis_docker_networks: "{{ docker_networks_common-                           + lookup('vars', redis_name + '_docker_networks_default', default=redis_docker_networks_default)-                           + lookup('vars', redis_name + '_docker_networks_custom', default=redis_docker_networks_custom) }}"--# Capabilities-redis_docker_capabilities_default: []-redis_docker_capabilities_custom: []-redis_docker_capabilities: "{{ lookup('vars', redis_name + '_docker_capabilities_default', default=redis_docker_capabilities_default)-                               + lookup('vars', redis_name + '_docker_capabilities_custom', default=redis_docker_capabilities_custom) }}"--# Security Opts-redis_docker_security_opts_default: []-redis_docker_security_opts_custom: []-redis_docker_security_opts: "{{ lookup('vars', redis_name + '_docker_security_opts_default', default=redis_docker_security_opts_default)-                                + lookup('vars', redis_name + '_docker_security_opts_custom', default=redis_docker_security_opts_custom) }}"+redis_role_docker_networks_alias: "{{ redis_name }}"+redis_role_docker_networks_default: []+redis_role_docker_networks_custom: []+redis_role_docker_networks: "{{ docker_networks_common+                                + lookup('role_var', '_docker_networks_default', role='redis')+                                + lookup('role_var', '_docker_networks_custom', role='redis') }}"  # Restart Policy-redis_docker_restart_policy: unless-stopped+redis_role_docker_restart_policy: unless-stopped  # State-redis_docker_state: started+redis_role_docker_state: started  # User-redis_docker_user: "{{ uid }}:{{ gid }}"+redis_role_docker_user: "{{ uid }}:{{ gid }}"

modified

roles/redis/tasks/main2.yml

@@ -12,7 +12,7 @@  - name: Reset Redis directory   ansible.builtin.file:-    path: "{{ redis_paths_location }}"+    path: "{{ redis_role_paths_location }}"     state: absent   when: ('authelia-reset' in ansible_run_tags)

modified

roles/remote/defaults/main.yml

@@ -29,10 +29,10 @@ rclone_port_lookup: "{{ port_lookup_rclone.meta.port                      if (port_lookup_rclone.meta.port is defined) and (port_lookup_rclone.meta.port | trim | length > 0)                      else '5572' }}"-rclone_remort_port: "{{ lookup('vars', 'rclone_remote_' + rclone_remote_name + '_port', default=rclone_port_lookup) }}"+rclone_remote_port: "{{ lookup('vars', 'rclone_remote_' + rclone_remote_name + '_port', default=rclone_port_lookup) }}" -rclone_remort_port_low_bound: 5572-rclone_remort_port_high_bound: 6072+rclone_remote_port_low_bound: 5572+rclone_remote_port_high_bound: 6072  rclone_remote_name: "{{ item | filter_rclone_remote_name }}" rclone_remote_with_path: "{{ item | filter_rclone_remote_with_path }}"@@ -41,6 +41,7 @@ rclone_first_remote_name_with_path: "{{ rclone | filter_rclone_first_remote_name_with_path }}"  remote_update_rclone: true+# Enforces the use of auth (your accounts.yml credentials) on rclone rc when enabled rclone_enable_metrics: false  ################################@@ -48,8 +49,9 @@ ################################  rclone_vfs_refresh_interval: 10800+rclone_vfs_refresh_auth_args: " --user='{{ user.name }}' --pass='{{ user.pass }}'" rclone_vfs_refresh_command: |--  /usr/bin/rclone rc vfs/refresh recursive=true --url http://localhost:{{ rclone_remort_port }} _async=true+  /usr/bin/rclone rc vfs/refresh recursive=true --url http://127.0.0.1:{{ rclone_remote_port }}{{ rclone_vfs_refresh_auth_args if (rclone_enable_metrics | bool) else '' }} _async=true  ################################ # NFS

modified

roles/remote/tasks/cleanup.yml

@@ -17,34 +17,34 @@ - name: "Cleanup | Fail if 'rclone_service_name' is empty"   ansible.builtin.fail:     msg: "rclone_service_name is empty"-  when: rclone_service_name | length == 0+  when: (rclone_service_name | length == 0)  - name: "Cleanup | Stop and disable existing '{{ rclone_service_name }}.service'"   ansible.builtin.systemd_service:     name: "{{ rclone_service_name }}.service"     state: stopped     enabled: false-  when: rclone_service_name_full in saltbox_managed_rclone_services and rclone_service_status != 'not-found' and rclone_service_status != 'failed'+  when: (rclone_service_name_full in saltbox_managed_rclone_services) and (rclone_service_status != 'not-found') and (rclone_service_status != 'failed')  - name: "Cleanup | Delete '{{ rclone_service_name }}.service'"   ansible.builtin.file:     path: "/etc/systemd/system/{{ rclone_service_name }}.service"     state: absent-  when: rclone_service_name_full in saltbox_managed_rclone_services+  when: (rclone_service_name_full in saltbox_managed_rclone_services)  - name: "Cleanup | Stop and disable existing '{{ rclone_refresh_service_name }}'"   ansible.builtin.systemd_service:     name: "{{ rclone_refresh_service_name }}"     state: stopped     enabled: false-  when: rclone_refresh_service_name in saltbox_managed_rclone_services and rclone_service_status != 'not-found' and rclone_service_status != 'failed'+  when: (rclone_refresh_service_name in saltbox_managed_rclone_services) and (rclone_service_status != 'not-found') and (rclone_service_status != 'failed')  - name: "Cleanup | Stop and disable existing '{{ rclone_service_name }}_refresh.timer'"   ansible.builtin.systemd_service:     name: "{{ rclone_service_name }}_refresh.timer"     state: stopped     enabled: false-  when: rclone_refresh_service_name in saltbox_managed_rclone_services and rclone_service_status != 'not-found' and rclone_service_status != 'failed'+  when: (rclone_refresh_service_name in saltbox_managed_rclone_services) and (rclone_service_status != 'not-found') and (rclone_service_status != 'failed')  - name: "Cleanup | Delete '{{ rclone_service_name }}_refresh' services"   ansible.builtin.file:@@ -55,7 +55,7 @@   loop:     - "{{ rclone_service_name }}_refresh.service"     - "{{ rclone_service_name }}_refresh.timer"-  when: rclone_refresh_service_name in saltbox_managed_rclone_services+  when: (rclone_refresh_service_name in saltbox_managed_rclone_services)  - name: "Cleanup | Set 'cleanup_mount_path'"   ansible.builtin.set_fact:@@ -64,7 +64,7 @@ - name: "Cleanup | Fail if 'cleanup_mount_path' is empty"   ansible.builtin.fail:     msg: "rclone_service_name is empty"-  when: cleanup_mount_path | length == 0+  when: (cleanup_mount_path | length == 0)  - name: "Cleanup | Check if '{{ cleanup_mount_path }}' exists"   ansible.builtin.stat:@@ -92,7 +92,7 @@       when: cleanup_mount_path_stat2.stat.exists      - name: "Cleanup | Backup non-empty '{{ cleanup_mount_path }}' path"-      ansible.builtin.shell: "mv {{ cleanup_mount_path }} {{ cleanup_mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_date_time['epoch'] | int) }}"+      ansible.builtin.shell: "mv {{ cleanup_mount_path }} {{ cleanup_mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_facts['date_time']['epoch'] | int) }}"       ignore_errors: true       when: cleanup_mount_path_stat2.stat.exists and (cleanup_mount_path_stat_files.matched | int > 0)

modified

roles/remote/tasks/main.yml

@@ -22,8 +22,8 @@  - name: Get Docker service state   ansible.builtin.set_fact:-    remote_docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"-    remote_docker_controller_service_running: "{{ (services['saltbox_managed_docker_controller.service'] is defined) and (services['saltbox_managed_docker_controller.service']['state'] == 'running') }}"+    remote_docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"+    remote_docker_controller_service_running: "{{ (ansible_facts['services']['saltbox_managed_docker_controller.service'] is defined) and (ansible_facts['services']['saltbox_managed_docker_controller.service']['state'] == 'running') }}"   when: remote_docker_binary.stat.exists  - name: Tasks for when Docker exists and is running@@ -38,6 +38,13 @@       ansible.builtin.set_fact:         containers_list: "{{ remote_docker_running_containers_ps.stdout }}" +    - name: Check for saltbox_docker_controller:app (legacy controller) in service file+      ansible.builtin.shell: "grep -q 'saltbox_docker_controller:app' /etc/systemd/system/saltbox_managed_docker_controller.service"+      register: remote_legacy_docker_controller+      failed_when: false+      changed_when: false+      when: (remote_docker_controller_service_running is defined) and remote_docker_controller_service_running+     - name: Block Docker Controller       ansible.builtin.uri:         url: "{{ docker_controller_url }}/block/20"@@ -50,7 +57,7 @@       ansible.builtin.systemd_service:         name: saltbox_managed_docker_controller         state: restarted-      when: remote_docker_controller_service_running is defined and remote_docker_controller_service_running+      when: (remote_docker_controller_service_running is defined) and remote_docker_controller_service_running and (remote_legacy_docker_controller.rc is not defined or remote_legacy_docker_controller.rc != 0)      - name: Wait until Controller is ready       ansible.builtin.uri:@@ -78,7 +85,7 @@      - name: Stop Saltbox Docker containers       ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/stop_saltbox_docker_containers.yml"-      when: remote_docker_controller_service_running is defined and remote_docker_controller_service_running+      when: (remote_docker_controller_service_running is defined) and remote_docker_controller_service_running      - name: "Stop all running Docker containers"       ansible.builtin.shell: "docker stop {{ containers_list }}"@@ -91,7 +98,7 @@         method: POST         timeout: 600       ignore_errors: true-      when: remote_docker_controller_service_running is defined and remote_docker_controller_service_running+      when: (remote_docker_controller_service_running is defined) and remote_docker_controller_service_running      - name: Stop docker service       ansible.builtin.systemd_service:@@ -113,14 +120,14 @@   block:     - name: "Create services folder."       ansible.builtin.file:-        path: "/opt/services"+        path: "{{ server_appdata_path }}/services"         state: directory         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0775"         recurse: true -    - name: "Synchronize '/etc/systemd/system' to '/opt/services'"+    - name: "Synchronize '/etc/systemd/system' to '{{ server_appdata_path }}/services'"       ansible.builtin.shell: |         /usr/bin/rsync \           --delay-updates \@@ -133,14 +140,14 @@           --exclude='saltbox_managed_*' \           --include='*.service' \           --include='*.mount' \-          /etc/systemd/system/* /opt/services/+          /etc/systemd/system/* {{ server_appdata_path }}/services/       args:         executable: /bin/bash       ignore_errors: true      - name: "Reset permissions of folders"       ansible.builtin.file:-        path: "/opt/services"+        path: "{{ server_appdata_path }}/services"         state: directory         owner: "{{ user.name }}"         group: "{{ user.name }}"@@ -203,7 +210,7 @@ - name: Get list of existing remote services   ansible.builtin.set_fact:     saltbox_managed_rclone_services: "{{ (saltbox_managed_rclone_services | default({})) | combine({rclone_service.key: rclone_service.value.status}) }}"-  loop: "{{ services | dict2items }}"+  loop: "{{ ansible_facts['services'] | dict2items }}"   loop_control:     loop_var: rclone_service   when: (rclone_service_template in rclone_service.key)@@ -227,9 +234,9 @@     - name: Remote Tasks       ansible.builtin.include_tasks: "remote.yml"       with_items: "{{ rclone.remotes }}"-      when: rclone_remote_is_defined and item.settings.template != "nfs" and item.settings.mount+      when: rclone_remote_is_defined and (item.settings.template != "nfs") and (item.settings.mount | bool)      - name: Remote Tasks (NFS)       ansible.builtin.include_tasks: "nfs.yml"       with_items: "{{ rclone.remotes }}"-      when: rclone_remote_is_defined and item.settings.template == "nfs" and item.settings.mount+      when: rclone_remote_is_defined and (item.settings.template == "nfs") and (item.settings.mount | bool)

modified

roles/remote/tasks/nfs.yml

@@ -10,7 +10,7 @@ - name: "Remote (NFS) | Install NFS requirements"   ansible.builtin.apt:     name: nfs-common-    state: present+    state: latest  - name: "Remote (NFS) | Set Variables"   ansible.builtin.set_fact:@@ -43,7 +43,7 @@       ignore_errors: true      - name: "Remote (NFS) | Backup non-empty '{{ mount_path }}' path"-      ansible.builtin.shell: "mv {{ mount_path }} {{ mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_date_time['epoch'] | int) }}"+      ansible.builtin.shell: "mv {{ mount_path }} {{ mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_facts['date_time']['epoch'] | int) }}"       ignore_errors: true       when: (mount_path_stat_files.matched | int > 0)

modified

roles/remote/tasks/remote.yml

@@ -13,10 +13,10 @@     _service_refresh: "{{ rclone_service_template + rclone_remote_name }}_refresh"     mount_path: "/mnt/remote/{{ rclone_remote_name }}" -- name: Remote | Get next available port within the range of '5572-5672' # noqa fqcn[action]+- name: Remote | Get next available port within the range of '5572-5672'   find_open_port:-    low_bound: "{{ rclone_remort_port_low_bound }}"-    high_bound: "{{ rclone_remort_port_high_bound }}"+    low_bound: "{{ rclone_remote_port_low_bound }}"+    high_bound: "{{ rclone_remote_port_high_bound }}"     protocol: both   register: port_lookup_rclone @@ -46,7 +46,7 @@       ignore_errors: true      - name: "Remote | Backup non-empty '{{ mount_path }}' path"-      ansible.builtin.shell: "mv {{ mount_path }} {{ mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_date_time['epoch'] | int) }}"+      ansible.builtin.shell: "mv {{ mount_path }} {{ mount_path }}_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_facts['date_time']['epoch'] | int) }}"       ignore_errors: true       when: (mount_path_stat_files.matched | int > 0)

modified

roles/remote/templates/dropbox.j2

@@ -19,10 +19,10 @@ ExecStartPre=/bin/sleep 10 ExecStart=/usr/bin/rclone mount \     --allow-other \-{% if mounts.ipv4_only %}-    --bind={{ ansible_default_ipv4.address }} \+{% if rclone_mounts_ipv4_only %}+    --bind={{ ansible_facts['default_ipv4']['address'] }} \ {% endif %}-{% if (rclone_vfs_cache_dir_lookup | length > 0) and item.settings.vfs_cache.enabled %}+{% if (rclone_vfs_cache_dir_lookup | length > 0) and (item.settings.vfs_cache.enabled | bool) %}     --cache-dir={{ rclone_vfs_cache_dir_lookup }} \ {% endif %}     --config={{ rclone_config_path }} \@@ -32,17 +32,21 @@     --dropbox-pacer-min-sleep=85ms \     --poll-interval=30s \     --rc \-    --rc-addr=localhost:{{ rclone_remort_port }} \-{% if rclone_enable_metrics %}-    --metrics-addr=172.19.0.1:{{ rclone_remort_port }} \+{% if (rclone_enable_metrics | bool) %}+    --rc-addr=0.0.0.0:{{ rclone_remote_port }} \+    --rc-enable-metrics \+    --rc-user='{{ user.name }}' \+    --rc-pass='{{ user.pass }}' \+{% else %}+    --rc-addr=127.0.0.1:{{ rclone_remote_port }} \+    --rc-no-auth \ {% endif %}-    --rc-no-auth \     --syslog \     --timeout=10m \     --umask=002 \     --use-mmap \     --user-agent='{{ user_agent }}' \-{% if item.settings.vfs_cache.enabled %}+{% if (item.settings.vfs_cache.enabled | bool) %}     --vfs-cache-min-free-space={{ rclone_vfs_cache_min_free_space }} \     --vfs-cache-max-age={{ item.settings.vfs_cache.max_age | default('504h') }} \     --vfs-cache-max-size={{ item.settings.vfs_cache.size | default('50G') }} \@@ -52,7 +56,7 @@     --vfs-read-ahead=128M \ {% endif %}     --vfs-read-chunk-size-limit=2G \-    --vfs-read-chunk-size={{ '32M' if item.settings.vfs_cache.enabled else '64M' }} \+    --vfs-read-chunk-size={{ '32M' if (item.settings.vfs_cache.enabled | bool) else '64M' }} \     -v \     "{{ rclone_remote_with_path }}" "/mnt/remote/{{ rclone_remote_name }}" ExecStop=/bin/fusermount3 -uz "/mnt/remote/{{ rclone_remote_name }}"@@ -60,7 +64,7 @@ RestartSec=5 StartLimitInterval=60s StartLimitBurst=3-{% if item.settings.vfs_cache.enabled %}+{% if (item.settings.vfs_cache.enabled | bool) %} TimeoutSec=21600 LimitNOFILE=infinity LimitMEMLOCK=infinity

modified

roles/remote/templates/google.j2

@@ -19,16 +19,16 @@ ExecStartPre=/bin/sleep 10 ExecStart=/usr/bin/rclone mount \     --allow-other \-{% if mounts.ipv4_only %}-    --bind={{ ansible_default_ipv4.address }} \+{% if rclone_mounts_ipv4_only %}+    --bind={{ ansible_facts['default_ipv4']['address'] }} \ {% endif %}-{% if (rclone_vfs_cache_dir_lookup | length > 0) and item.settings.vfs_cache.enabled %}+{% if (rclone_vfs_cache_dir_lookup | length > 0) and (item.settings.vfs_cache.enabled | bool) %}     --cache-dir={{ rclone_vfs_cache_dir_lookup }} \ {% endif %}     --config={{ rclone_config_path }} \-    --buffer-size={{ '32M' if item.settings.vfs_cache.enabled else '64M' }} \+    --buffer-size={{ '32M' if (item.settings.vfs_cache.enabled | bool) else '64M' }} \     --dir-cache-time={{ rclone_cloud_dir_cache_time }} \-{% if not item.settings.vfs_cache.enabled %}+{% if not (item.settings.vfs_cache.enabled | bool) %}     --drive-chunk-size=64M \ {% endif %}     --drive-pacer-burst=1000 \@@ -36,17 +36,21 @@     --drive-skip-gdocs \     --poll-interval=15s \     --rc \-    --rc-addr=localhost:{{ rclone_remort_port }} \-{% if rclone_enable_metrics %}-    --metrics-addr=172.19.0.1:{{ rclone_remort_port }} \+{% if (rclone_enable_metrics | bool) %}+    --rc-addr=0.0.0.0:{{ rclone_remote_port }} \+    --rc-enable-metrics \+    --rc-user='{{ user.name }}' \+    --rc-pass='{{ user.pass }}' \+{% else %}+    --rc-addr=127.0.0.1:{{ rclone_remote_port }} \+    --rc-no-auth \ {% endif %}-    --rc-no-auth \     --syslog \     --timeout=10m \     --umask=002 \     --use-mmap \     --user-agent='{{ user_agent }}' \-{% if item.settings.vfs_cache.enabled %}+{% if (item.settings.vfs_cache.enabled | bool) %}     --vfs-cache-min-free-space={{ rclone_vfs_cache_min_free_space }} \     --vfs-cache-max-age={{ item.settings.vfs_cache.max_age | default('504h') }} \     --vfs-cache-max-size={{ item.settings.vfs_cache.size | default('50G') }} \@@ -56,7 +60,7 @@     --vfs-read-ahead=128M \ {% endif %}     --vfs-read-chunk-size-limit=2G \-    --vfs-read-chunk-size={{ '32M' if item.settings.vfs_cache.enabled else '64M' }} \+    --vfs-read-chunk-size={{ '32M' if (item.settings.vfs_cache.enabled | bool) else '64M' }} \     -v \     "{{ rclone_remote_with_path }}" "/mnt/remote/{{ rclone_remote_name }}" ExecStop=/bin/fusermount3 -uz "/mnt/remote/{{ rclone_remote_name }}"@@ -64,7 +68,7 @@ RestartSec=5 StartLimitInterval=60s StartLimitBurst=3-{% if item.settings.vfs_cache.enabled %}+{% if (item.settings.vfs_cache.enabled | bool) %} TimeoutSec=21600 LimitNOFILE=infinity LimitMEMLOCK=infinity

modified

roles/remote/templates/sftp.j2

@@ -19,7 +19,7 @@ ExecStartPre=/bin/sleep 10 ExecStart=/usr/bin/rclone mount \     --allow-other \-{% if (rclone_vfs_cache_dir_lookup | length > 0) and item.settings.vfs_cache.enabled %}+{% if (rclone_vfs_cache_dir_lookup | length > 0) and (item.settings.vfs_cache.enabled | bool) %}     --cache-dir={{ rclone_vfs_cache_dir_lookup }} \ {% endif %}     --config={{ rclone_config_path }} \@@ -27,20 +27,24 @@     --dir-cache-time={{ rclone_sftp_dir_cache_time }} \     --max-read-ahead=200M \     --rc \-    --rc-addr=localhost:{{ rclone_remort_port }} \-{% if rclone_enable_metrics %}-    --metrics-addr=172.19.0.1:{{ rclone_remort_port }} \+{% if (rclone_enable_metrics | bool) %}+    --rc-addr=0.0.0.0:{{ rclone_remote_port }} \+    --rc-enable-metrics \+    --rc-user='{{ user.name }}' \+    --rc-pass='{{ user.pass }}' \+{% else %}+    --rc-addr=127.0.0.1:{{ rclone_remote_port }} \+    --rc-no-auth \ {% endif %}-    --rc-no-auth \     --sftp-chunk-size={{ rclone_sftp_chunk_size }} \     --sftp-concurrency={{ rclone_sftp_concurrency }} \-{% if rclone_sftp_disable_hashcheck %}+{% if (rclone_sftp_disable_hashcheck | bool) %}     --sftp-disable-hashcheck \ {% endif %}     --syslog \     --umask=002 \     --user-agent='{{ user_agent }}' \-{% if item.settings.vfs_cache.enabled %}+{% if (item.settings.vfs_cache.enabled | bool) %}     --vfs-cache-min-free-space={{ rclone_vfs_cache_min_free_space }} \     --vfs-cache-max-age={{ item.settings.vfs_cache.max_age | default('504h') }} \     --vfs-cache-max-size={{ item.settings.vfs_cache.size | default('50G') }} \

modified

roles/restore/tasks/main.yml

@@ -12,14 +12,14 @@     msg:       - "Rclone backup is not enabled."       - "You must enable rclone, in the backup settings, to perform a with a specific tar file restore."-  when: (not backup.rclone.enable) and (restore_tar is defined)+  when: (not backup_rclone_enabled) and (restore_tar is defined)  - name: Fail when local backup method is enabled and using restore_tar   ansible.builtin.fail:     msg:       - "The restore_tar setting does not work with a local backup enabled."       - "Remember to empty the local backup folder if you disable the setting."-  when: backup.local.enable and (restore_tar is defined)+  when: backup_rclone_enabled and (restore_tar is defined)  - name: "Check if user '{{ user.name }}' exists"   ansible.builtin.shell: "id -un {{ user.name }} >/dev/null 2>&1;"@@ -37,7 +37,7 @@   when: (user_check.rc == 1) and (not restore_tar is defined)  - name: Variables-  ansible.builtin.import_tasks: "variables.yml"+  ansible.builtin.include_tasks: "variables.yml"  - name: "Check if 'localhost.yml' exists in '{{ playbook_dir }}'"   ansible.builtin.stat:@@ -85,8 +85,8 @@ - name: BTRFS Tasks   ansible.builtin.include_tasks: "btrfs.yml"   loop:-    - /opt-    - /mnt/local+    - "{{ server_appdata_path }}"+    - "{{ server_local_folder_path }}"   loop_control:     loop_var: outer_item @@ -98,8 +98,8 @@     group: "{{ user.name }}"     mode: "0775"   with_items:-    - /opt-    - /mnt/local+    - "{{ server_appdata_path }}"+    - "{{ server_local_folder_path }}"  - name: "Create backup location '{{ backup.local.destination }}'"   ansible.builtin.file:@@ -129,11 +129,11 @@  # Restore from remote backup when local backup does not exist - name: Restore Remote-  ansible.builtin.import_tasks: "restore_remote.yml"+  ansible.builtin.include_tasks: "restore_remote.yml"   when: (dir_files.matched | int == 0) and (not restore_tar is defined)  - name: Restore specific tar-  ansible.builtin.import_tasks: "restore_tar.yml"+  ansible.builtin.include_tasks: "restore_tar.yml"   when: (dir_files.matched | int == 0) and (restore_tar is defined)  - name: "Look for 'backup_excludes_list.txt' file in '{{ backup.local.destination }}'"@@ -143,7 +143,7 @@  - name: "Delete 'z' opt folder when doing full restore"   ansible.builtin.file:-    path: "/opt/z"+    path: "{{ server_appdata_path }}/z"     state: absent   when: (not restore_tar is defined) @@ -157,23 +157,67 @@     force: true   when: backup_excludes_list.stat.exists and (not restore_tar is defined) -- name: "Backup existing folders in '/opt' to prevent overwriting them"-  ansible.builtin.shell: mv '/opt/{{ (item | basename | splitext)[0] }}' '/opt/{{ (item | basename | splitext)[0] }}_bak' 2>/dev/null || true+- name: "Check for existing backup folders (full restore)"+  ansible.builtin.stat:+    path: "{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}_bak"   with_fileglob:     - "{{ backup.local.destination }}/opt/*.tar"-  loop_control:-    label: "'/opt/{{ (item | basename | splitext)[0] }}' --> '/opt/{{ (item | basename | splitext)[0] }}_bak'"--- name: "Unarchive backup tarballs into '/opt'"-  ansible.builtin.shell: tar -xf '{{ item }}' -C '/opt/'+  register: existing_bak_folders_full+  when: (not restore_tar is defined)++- name: "Fail if backup folders already exist (full restore)"+  ansible.builtin.fail:+    msg:+      - "Backup folder '{{ server_appdata_path }}/{{ (item.item | basename | splitext)[0] }}_bak' already exists."+      - "Please remove or rename existing backup folders before running restore."+      - "This prevents accidental loss of existing backup data."+  with_items: "{{ existing_bak_folders_full.results }}"+  when: (not restore_tar is defined) and item.stat.exists+  loop_control:+    label: "'{{ server_appdata_path }}/{{ (item.item | basename | splitext)[0] }}_bak'"++- name: "Backup existing folders in '{{ server_appdata_path }}' to prevent overwriting them (full restore)"+  ansible.builtin.shell: mv '{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}' '{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}_bak' 2>/dev/null || true   with_fileglob:     - "{{ backup.local.destination }}/opt/*.tar"   loop_control:-    label: "'{{ item | basename }}' --> '/opt/{{ (item | basename | splitext)[0] }}'"+    label: "'{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}' --> '{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}_bak'"+  when: (not restore_tar is defined)++- name: "Check for existing backup folder (specific tar restore)"+  ansible.builtin.stat:+    path: "{{ server_appdata_path }}/{{ (restore_tar | basename | splitext)[0] }}_bak"+  register: existing_bak_folder_specific+  when: (restore_tar is defined)++- name: "Fail if backup folder already exists (specific tar restore)"+  ansible.builtin.fail:+    msg:+      - "Backup folder '{{ server_appdata_path }}/{{ (restore_tar | basename | splitext)[0] }}_bak' already exists."+      - "Please remove or rename the existing backup folder before running restore."+      - "This prevents accidental loss of existing backup data."+  when: (restore_tar is defined) and existing_bak_folder_specific.stat.exists++- name: "Backup existing folder in '{{ server_appdata_path }}' to prevent overwriting it (specific tar restore)"+  ansible.builtin.shell: mv '{{ server_appdata_path }}/{{ (restore_tar | basename | splitext)[0] }}' '{{ server_appdata_path }}/{{ (restore_tar | basename | splitext)[0] }}_bak' 2>/dev/null || true+  when: (restore_tar is defined)++- name: "Unarchive backup tarballs into '{{ server_appdata_path }}' (full restore)"+  ansible.builtin.shell: tar -xf '{{ item }}' -C '{{ server_appdata_path }}/'+  with_fileglob:+    - "{{ backup.local.destination }}/opt/*.tar"+  loop_control:+    label: "'{{ item | basename }}' --> '{{ server_appdata_path }}/{{ (item | basename | splitext)[0] }}'"   register: unarchive--- name: "Set '/opt' ownership and permissions"-  ansible.builtin.import_tasks: "permissions.yml"+  when: (not restore_tar is defined)++- name: "Unarchive specific backup tarball into '{{ server_appdata_path }}' (specific tar restore)"+  ansible.builtin.shell: tar -xf '{{ backup.local.destination }}/opt/{{ restore_tar }}' -C '{{ server_appdata_path }}/'+  register: unarchive+  when: (restore_tar is defined)++- name: "Set '{{ server_appdata_path }}' ownership and permissions"+  ansible.builtin.include_tasks: "permissions.yml"   tags: opt-permissions-reset  - name: Cleanup backup location@@ -182,13 +226,9 @@     state: absent   become: true   become_user: "{{ user.name }}"-  when: (not backup.local.enable)+  when: (not backup_local_enabled)  - name: Finished restoring the backup   ansible.builtin.debug:     msg: Finished restoring the backup. You are now ready to install Saltbox!   when: (unarchive is succeeded)--- name: Settings Role-  ansible.builtin.include_role:-    name: settings

modified

roles/restore/tasks/permissions.yml

@@ -7,8 +7,8 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Set '/opt' ownership recursively-  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} /opt"+- name: Set '{{ server_appdata_path }}' ownership recursively+  ansible.builtin.shell: "chown -R {{ user.name }}:{{ user.name }} {{ server_appdata_path }}" -- name: Set '/opt' permissions recursively-  ansible.builtin.shell: "chmod -R ugo+X /opt"+- name: Set '{{ server_appdata_path }}' permissions recursively+  ansible.builtin.shell: "chmod -R ugo+X {{ server_appdata_path }}"

modified

roles/restore/tasks/restore_remote.yml

@@ -7,16 +7,12 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----# Checks- - name: Fail when no backup method is enabled or when no local backup exists   ansible.builtin.fail:     msg:       - "Rclone is not enabled and no local backup exists."       - "You must either enable rclone, in the backup settings, or provide backup tarball files locally, to perform a restore."-  when: (not backup.rclone.enable)--# Folder+  when: (not backup_rclone_enabled)  - name: Cleanup backup location   ansible.builtin.file:@@ -24,8 +20,6 @@     state: absent   become: true   become_user: "{{ user.name }}"--# Rclone  - name: "Check if 'rclone.conf' exists in '{{ playbook_dir }}' folder"   ansible.builtin.stat:@@ -88,8 +82,6 @@   become: true   become_user: "{{ user.name }}" -# Checks- - name: "Check if tar files were retrieved"   ansible.builtin.find:     paths: "{{ backup.local.destination }}/opt"

modified

roles/restore/tasks/restore_tar.yml

@@ -7,16 +7,12 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----# Folder- - name: Cleanup backup location   ansible.builtin.file:     path: "{{ backup.local.destination }}"     state: absent   become: true   become_user: "{{ user.name }}"--# Rclone  - name: "Check if 'rclone.conf' exists in '{{ playbook_dir }}' folder"   ansible.builtin.stat:@@ -79,8 +75,6 @@   become: true   become_user: "{{ user.name }}" -# Checks- - name: "Check if tar files were retrieved"   ansible.builtin.find:     paths: "{{ backup.local.destination }}/opt"

modified

roles/sabnzbd/defaults/main.yml

@@ -17,178 +17,141 @@ # Paths ################################ -sabnzbd_paths_folder: "{{ sabnzbd_name }}"-sabnzbd_paths_location: "{{ server_appdata_path }}/{{ sabnzbd_paths_folder }}"-sabnzbd_paths_downloads_location: "{{ downloads_usenet_path }}/{{ sabnzbd_paths_folder }}"-sabnzbd_paths_folders_list:-  - "{{ sabnzbd_paths_location }}"-  - "{{ sabnzbd_paths_downloads_location }}"-  - "{{ sabnzbd_paths_downloads_location }}/complete"-  - "{{ sabnzbd_paths_downloads_location }}/incomplete"-  - "{{ sabnzbd_paths_downloads_location }}/watch"-sabnzbd_paths_config_location: "{{ sabnzbd_paths_location }}/sabnzbd.ini"+sabnzbd_role_paths_folder: "{{ sabnzbd_name }}"+sabnzbd_role_paths_location: "{{ server_appdata_path }}/{{ sabnzbd_role_paths_folder }}"+sabnzbd_role_paths_downloads_location: "{{ downloads_usenet_path }}/{{ sabnzbd_role_paths_folder }}"+sabnzbd_role_paths_folders_list:+  - "{{ sabnzbd_role_paths_location }}"+  - "{{ sabnzbd_role_paths_downloads_location }}"+  - "{{ sabnzbd_role_paths_downloads_location }}/complete"+  - "{{ sabnzbd_role_paths_downloads_location }}/incomplete"+  - "{{ sabnzbd_role_paths_downloads_location }}/watch"+sabnzbd_role_paths_config_location: "{{ sabnzbd_role_paths_location }}/sabnzbd.ini"  ################################ # Web ################################ -sabnzbd_web_subdomain: "{{ sabnzbd_name }}"-sabnzbd_web_domain: "{{ user.domain }}"-sabnzbd_web_port: "8080"-sabnzbd_web_url: "{{ 'https://' + (sabnzbd_web_subdomain + '.' + sabnzbd_web_domain-                  if (sabnzbd_web_subdomain | length > 0)-                  else sabnzbd_web_domain) }}"-sabnzbd_web_local_url: "{{ 'http://' + sabnzbd_name + ':' + sabnzbd_web_port }}"+sabnzbd_role_web_subdomain: "{{ sabnzbd_name }}"+sabnzbd_role_web_domain: "{{ user.domain }}"+sabnzbd_role_web_port: "8080"+sabnzbd_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='sabnzbd') + '.' + lookup('role_var', '_web_domain', role='sabnzbd')+                       if (lookup('role_var', '_web_subdomain', role='sabnzbd') | length > 0)+                       else lookup('role_var', '_web_domain', role='sabnzbd')) }}"+sabnzbd_role_web_local_url: "{{ 'http://' + sabnzbd_name + ':' + lookup('role_var', '_web_port', role='sabnzbd') }}"  ################################ # DNS ################################ -sabnzbd_dns_record: "{{ sabnzbd_web_subdomain }}"-sabnzbd_dns_zone: "{{ sabnzbd_web_domain }}"-sabnzbd_dns_proxy: "{{ dns.proxied }}"+sabnzbd_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='sabnzbd') }}"+sabnzbd_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='sabnzbd') }}"+sabnzbd_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -sabnzbd_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-sabnzbd_traefik_middleware_default: "{{ traefik_default_middleware-                                        + (',themepark-' + lookup('vars', sabnzbd_name + '_name', default=sabnzbd_name)-                                          if (sabnzbd_themepark_enabled and global_themepark_plugin_enabled)-                                          else '') }}"-sabnzbd_traefik_middleware_custom: ""-sabnzbd_traefik_certresolver: "{{ traefik_default_certresolver }}"-sabnzbd_traefik_enabled: true-sabnzbd_traefik_api_enabled: true-sabnzbd_traefik_api_endpoint: "PathPrefix(`/api`)"+sabnzbd_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+sabnzbd_role_traefik_middleware_default: "{{ traefik_default_middleware+                                             + (',themepark-' + sabnzbd_name+                                               if (lookup('role_var', '_themepark_enabled', role='sabnzbd') and global_themepark_plugin_enabled)+                                               else '') }}"+sabnzbd_role_traefik_middleware_custom: ""+sabnzbd_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+sabnzbd_role_traefik_enabled: true+sabnzbd_role_traefik_api_enabled: true+sabnzbd_role_traefik_api_endpoint: "PathPrefix(`/api`)"  ################################ # Config ################################ -sabnzbd_config_settings_web:+sabnzbd_role_config_settings_web:   # Web-  - { option: "host_whitelist", value: "{{ sabnzbd_web_subdomain }}.{{ sabnzbd_web_domain }}, {{ sabnzbd_name }}" }+  - { option: "host_whitelist", value: "{{ lookup('role_var', '_web_subdomain', role='sabnzbd') }}.{{ lookup('role_var', '_web_domain', role='sabnzbd') }}, {{ sabnzbd_name }}" }   - { option: "url_base", value: "" }   - { option: "log_dir", value: "/config/logs" } -sabnzbd_config_settings_default:+sabnzbd_role_config_settings_default:   # Web-  - { option: "host_whitelist", value: "{{ sabnzbd_web_subdomain }}.{{ sabnzbd_web_domain }}, {{ sabnzbd_name }}" }+  - { option: "host_whitelist", value: "{{ lookup('role_var', '_web_subdomain', role='sabnzbd') }}.{{ lookup('role_var', '_web_domain', role='sabnzbd') }}, {{ sabnzbd_name }}" }   - { option: "url_base", value: "" }   # Paths-  - { option: "dirscan_dir", value: "{{ sabnzbd_paths_downloads_location }}/watch" }-  - { option: "download_dir", value: "{{ sabnzbd_paths_downloads_location }}/incomplete" }-  - { option: "complete_dir", value: "{{ sabnzbd_paths_downloads_location }}/complete" }+  - { option: "dirscan_dir", value: "{{ lookup('role_var', '_paths_downloads_location', role='sabnzbd') }}/watch" }+  - { option: "download_dir", value: "{{ lookup('role_var', '_paths_downloads_location', role='sabnzbd') }}/incomplete" }+  - { option: "complete_dir", value: "{{ lookup('role_var', '_paths_downloads_location', role='sabnzbd') }}/complete" }   - { option: "log_dir", value: "/config/logs" } -sabnzbd_config_settings_custom: []+sabnzbd_role_config_settings_custom: [] -sabnzbd_config_settings_list: "{{ sabnzbd_config_settings_default-                                  + sabnzbd_config_settings_custom }}"+sabnzbd_role_config_settings_list: "{{ lookup('role_var', '_config_settings_default', role='sabnzbd')+                                       + lookup('role_var', '_config_settings_custom', role='sabnzbd') }}"  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-sabnzbd_themepark_enabled: false-sabnzbd_themepark_app: "sabnzbd"-sabnzbd_themepark_theme: "{{ global_themepark_theme }}"-sabnzbd_themepark_domain: "{{ global_themepark_domain }}"-sabnzbd_themepark_addons: []+sabnzbd_role_themepark_enabled: false+sabnzbd_role_themepark_app: "sabnzbd"+sabnzbd_role_themepark_theme: "{{ global_themepark_theme }}"+sabnzbd_role_themepark_domain: "{{ global_themepark_domain }}"+sabnzbd_role_themepark_addons: []  ################################ # Docker ################################  # Container-sabnzbd_docker_container: "{{ sabnzbd_name }}"+sabnzbd_role_docker_container: "{{ sabnzbd_name }}"  # Image-sabnzbd_docker_image_pull: true-sabnzbd_docker_image_tag: "latest"-sabnzbd_docker_image: "ghcr.io/hotio/sabnzbd:{{ sabnzbd_docker_image_tag }}"--# Ports-sabnzbd_docker_ports_defaults: []-sabnzbd_docker_ports_custom: []-sabnzbd_docker_ports: "{{ sabnzbd_docker_ports_defaults-                          + sabnzbd_docker_ports_custom }}"+sabnzbd_role_docker_image_pull: true+sabnzbd_role_docker_image_repo: "ghcr.io/hotio/sabnzbd"+sabnzbd_role_docker_image_tag: "latest"+sabnzbd_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='sabnzbd') }}:{{ lookup('role_var', '_docker_image_tag', role='sabnzbd') }}"  # Envs-sabnzbd_docker_envs_default:+sabnzbd_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-sabnzbd_docker_envs_custom: {}-sabnzbd_docker_envs: "{{ sabnzbd_docker_envs_default-                         | combine(sabnzbd_docker_envs_custom) }}"--# Commands-sabnzbd_docker_commands_default: []-sabnzbd_docker_commands_custom: []-sabnzbd_docker_commands: "{{ sabnzbd_docker_commands_default-                             + sabnzbd_docker_commands_custom }}"+sabnzbd_role_docker_envs_custom: {}+sabnzbd_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='sabnzbd')+                              | combine(lookup('role_var', '_docker_envs_custom', role='sabnzbd')) }}"  # Volumes-sabnzbd_docker_volumes_default:-  - "{{ sabnzbd_paths_location }}:/config"+sabnzbd_role_docker_volumes_default:+  - "{{ sabnzbd_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-sabnzbd_docker_volumes_custom: []-sabnzbd_docker_volumes: "{{ sabnzbd_docker_volumes_default-                            + sabnzbd_docker_volumes_custom }}"--# Devices-sabnzbd_docker_devices_default: []-sabnzbd_docker_devices_custom: []-sabnzbd_docker_devices: "{{ sabnzbd_docker_devices_default-                            + sabnzbd_docker_devices_custom }}"--# Hosts-sabnzbd_docker_hosts_default: {}-sabnzbd_docker_hosts_custom: {}-sabnzbd_docker_hosts: "{{ docker_hosts_common-                          | combine(sabnzbd_docker_hosts_default)-                          | combine(sabnzbd_docker_hosts_custom) }}"+sabnzbd_role_docker_volumes_custom: []+sabnzbd_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='sabnzbd')+                                 + lookup('role_var', '_docker_volumes_custom', role='sabnzbd') }}"  # Labels-sabnzbd_docker_labels_default: {}-sabnzbd_docker_labels_custom: {}-sabnzbd_docker_labels: "{{ docker_labels_common-                           | combine(sabnzbd_docker_labels_default)-                           | combine((traefik_themepark_labels-                                    if (sabnzbd_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    sabnzbd_docker_labels_custom) }}"+sabnzbd_role_docker_labels_default: {}+sabnzbd_role_docker_labels_custom: {}+sabnzbd_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='sabnzbd')+                                | combine((traefik_themepark_labels+                                          if (lookup('role_var', '_themepark_enabled', role='sabnzbd') and global_themepark_plugin_enabled)+                                          else {}),+                                          lookup('role_var', '_docker_labels_custom', role='sabnzbd')) }}"  # Hostname-sabnzbd_docker_hostname: "{{ sabnzbd_name }}"+sabnzbd_role_docker_hostname: "{{ sabnzbd_name }}"  # Networks-sabnzbd_docker_networks_alias: "{{ sabnzbd_name }}"-sabnzbd_docker_networks_default: []-sabnzbd_docker_networks_custom: []-sabnzbd_docker_networks: "{{ docker_networks_common-                             + sabnzbd_docker_networks_default-                             + sabnzbd_docker_networks_custom }}"--# Capabilities-sabnzbd_docker_capabilities_default: []-sabnzbd_docker_capabilities_custom: []-sabnzbd_docker_capabilities: "{{ sabnzbd_docker_capabilities_default-                                 + sabnzbd_docker_capabilities_custom }}"--# Security Opts-sabnzbd_docker_security_opts_default: []-sabnzbd_docker_security_opts_custom: []-sabnzbd_docker_security_opts: "{{ sabnzbd_docker_security_opts_default-                                  + sabnzbd_docker_security_opts_custom }}"+sabnzbd_role_docker_networks_alias: "{{ sabnzbd_name }}"+sabnzbd_role_docker_networks_default: []+sabnzbd_role_docker_networks_custom: []+sabnzbd_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='sabnzbd')+                                  + lookup('role_var', '_docker_networks_custom', role='sabnzbd') }}"  # Restart Policy-sabnzbd_docker_restart_policy: unless-stopped+sabnzbd_role_docker_restart_policy: unless-stopped  # State-sabnzbd_docker_state: started+sabnzbd_role_docker_state: started

modified

roles/sabnzbd/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -22,12 +22,12 @@  - name: Check if existing config exists   ansible.builtin.stat:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ sabnzbd_role_paths_config_location }}"   register: sabnzbd_conf_stat  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: Post-Install Tasks-  ansible.builtin.import_tasks: "subtasks/post-install/main.yml"+  ansible.builtin.include_tasks: "subtasks/post-install/main.yml"   when: (not continuous_integration)

modified

roles/sabnzbd/tasks/subtasks/post-install/main.yml

@@ -8,9 +8,9 @@ ######################################################################### --- - name: Post-Install | Settings Task-  ansible.builtin.import_tasks: "settings.yml"+  ansible.builtin.include_tasks: "settings.yml"   when: (not sabnzbd_conf_stat.stat.exists)  - name: Post-Install | Web Task-  ansible.builtin.import_tasks: "web.yml"+  ansible.builtin.include_tasks: "web.yml"   when: sabnzbd_conf_stat.stat.exists

modified

roles/sabnzbd/tasks/subtasks/post-install/settings.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Settings | Wait for config file to be created   ansible.builtin.wait_for:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ sabnzbd_role_paths_config_location }}"     state: present  - name: Post-Install | Settings | Stop container@@ -21,7 +21,7 @@  - name: Post-Install | Settings | Update config settings   community.general.ini_file:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ sabnzbd_role_paths_config_location }}"     section: misc     option: "{{ item.option }}"     value: "{{ item.value }}"@@ -29,7 +29,7 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"-  loop: "{{ sabnzbd_config_settings_list }}"+  loop: "{{ sabnzbd_role_config_settings_list }}"  - name: Post-Install | Settings | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/sabnzbd/tasks/subtasks/post-install/web.yml

@@ -9,7 +9,7 @@ --- - name: Post-Install | Web | Wait for config file to be created   ansible.builtin.wait_for:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ sabnzbd_role_paths_config_location }}"     state: present  - name: Post-Install | Web | Stop container@@ -21,7 +21,7 @@  - name: Post-Install | Web | Update config settings   community.general.ini_file:-    path: "{{ sabnzbd_paths_config_location }}"+    path: "{{ sabnzbd_role_paths_config_location }}"     section: misc     option: "{{ item.option }}"     value: "{{ item.value }}"@@ -29,7 +29,7 @@     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"-  loop: "{{ sabnzbd_config_settings_web }}"+  loop: "{{ sabnzbd_role_config_settings_web }}"  - name: Post-Install | Web | Start container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_docker_container.yml"

modified

roles/saltbox_mod/tasks/main.yml

@@ -16,15 +16,14 @@     mode: "0775"     recurse: true   with_items:-    - /opt/saltbox_mod+    - "{{ server_appdata_path }}/saltbox_mod"  - name: Clone saltbox_mod repo   ansible.builtin.git:     repo: "{{ saltbox_mod_repo }}"-    dest: /opt/saltbox_mod+    dest: "{{ server_appdata_path }}/saltbox_mod"     clone: true     version: "{{ saltbox_mod_branch }}"     force: "{{ saltbox_mod_force_overwrite }}"   become: true   become_user: "{{ user.name }}"-  ignore_errors: true

modified

roles/sandbox/tasks/main.yml

@@ -9,7 +9,7 @@ --- - name: Create Sandbox directory   ansible.builtin.file:-    path: "/opt/sandbox"+    path: "{{ server_appdata_path }}/sandbox"     state: directory     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -18,13 +18,13 @@  - name: Check if git repository exists   ansible.builtin.stat:-    path: "/opt/sandbox/.git"+    path: "{{ server_appdata_path }}/sandbox/.git"   register: git_repo_check  - name: Clone Sandbox repo 'HEAD'   ansible.builtin.git:     repo: https://github.com/saltyorg/sandbox.git-    dest: /opt/sandbox+    dest: "{{ server_appdata_path }}/sandbox"     clone: true     version: HEAD     force: true@@ -37,7 +37,7 @@ - name: Clone Sandbox repo 'master'   ansible.builtin.git:     repo: https://github.com/saltyorg/sandbox.git-    dest: /opt/sandbox+    dest: "{{ server_appdata_path }}/sandbox"     clone: true     version: master     force: true@@ -47,18 +47,7 @@     - not git_repo_check.stat.exists     - sandbox_clone_status is failed -- name: Import default files when missing-  ansible.builtin.copy:-    src: "{{ item }}"-    dest: "/opt/sandbox/{{ (item | basename | splitext)[0] }}"-    owner: "{{ user.name }}"-    group: "{{ user.name }}"-    mode: "0664"-    force: false-  with_fileglob:-    - /opt/sandbox/defaults/*.*- - name: Activate Git Hooks-  ansible.builtin.shell: bash /opt/sandbox/bin/git/init-hooks+  ansible.builtin.shell: bash {{ server_appdata_path }}/sandbox/bin/git/init-hooks   args:-    chdir: "/opt/sandbox"+    chdir: "{{ server_appdata_path }}/sandbox"

modified

roles/sanity_check/tasks/main.yml

@@ -8,31 +8,31 @@ ######################################################################### --- - name: System Check-  ansible.builtin.import_tasks: "subtasks/01_system.yml"+  ansible.builtin.include_tasks: "subtasks/01_system.yml"  - name: Ansible Version Check-  ansible.builtin.import_tasks: "subtasks/02_ansible_version.yml"+  ansible.builtin.include_tasks: "subtasks/02_ansible_version.yml"  - name: Python Version Check-  ansible.builtin.import_tasks: "subtasks/03_python_version.yml"+  ansible.builtin.include_tasks: "subtasks/03_python_version.yml"  - name: UFW Check   ansible.builtin.include_tasks: "subtasks/04_ufw.yml"  - name: Backup Lock Check-  ansible.builtin.import_tasks: "subtasks/05_backup.yml"+  ansible.builtin.include_tasks: "subtasks/05_backup.yml"  - name: Touch Logs-  ansible.builtin.import_tasks: "subtasks/06_logs.yml"+  ansible.builtin.include_tasks: "subtasks/06_logs.yml"  - name: Create Temp Folder-  ansible.builtin.import_tasks: "subtasks/07_tmp.yml"+  ansible.builtin.include_tasks: "subtasks/07_tmp.yml"  - name: Skipped Tags Check-  ansible.builtin.import_tasks: "subtasks/08_skipped_tags.yml"+  ansible.builtin.include_tasks: "subtasks/08_skipped_tags.yml"  - name: Repository Check-  ansible.builtin.import_tasks: "subtasks/09_repo.yml"+  ansible.builtin.include_tasks: "subtasks/09_repo.yml"  - name: CPU Check-  ansible.builtin.import_tasks: "subtasks/10_cpu.yml"+  ansible.builtin.include_tasks: "subtasks/10_cpu.yml"

modified

roles/sanity_check/tasks/subtasks/01_system.yml

@@ -10,11 +10,11 @@ - name: System | Ensure Ansible is running on Ubuntu 20.04+   ansible.builtin.assert:     that:-      - ((ansible_distribution == 'Ubuntu') and (ansible_facts['distribution_version'] is version('20.04', '>=')))+      - ((ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_version'] is version('20.04', '>=')))     fail_msg: >-       Saltbox was designed for use on Ubuntu servers running version 20.04+.     success_msg: >--      System is running {{ ansible_lsb.description if ansible_lsb is defined else (ansible_distribution + ' ' + ansible_distribution_version) }}.+      System is running {{ ansible_facts['lsb']['description'] }}.  - name: System | Virtualization Check   ansible.builtin.command: "systemd-detect-virt"

modified

roles/sanity_check/tasks/subtasks/03_python_version.yml

@@ -9,4 +9,4 @@ --- - name: Python Version | Print Python version   ansible.builtin.debug:-    msg: "Ansible running on Python version: {{ ansible_python_version }}"+    msg: "Ansible running on Python version: {{ ansible_facts['python_version'] }}"

modified

roles/sanity_check/tasks/subtasks/05_backup.yml

@@ -15,7 +15,7 @@ # Age in hours - name: Backup | Get age of '{{ sanity_check_backup_lockfile_path | basename }}' file   ansible.builtin.set_fact:-    backup_lock_age: "{{ ((ansible_date_time.epoch | float - backup_lock.stat.mtime) / 3600) | int }}"+    backup_lock_age: "{{ ((ansible_facts['date_time']['epoch'] | float - backup_lock.stat.mtime) / 3600) | int }}"   when: backup_lock.stat.exists  # Delete if older than 2 hours.

modified

roles/scripts/tasks/main.yml

@@ -9,7 +9,7 @@ --- - name: Install common packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - jq       - figlet@@ -26,21 +26,19 @@     mode: "0775"     recurse: true   with_items:-    - /opt/scripts-    - /opt/scripts/docker-    - /opt/scripts/frontail-    - /opt/scripts/nzbget-    - /opt/scripts/sabnzbd-    - /opt/scripts/plex-    - /opt/scripts/plex_autoscan-    - /opt/scripts/tautulli-    - /opt/scripts/torrents-    - /opt/scripts/rclone+    - "{{ server_appdata_path }}/scripts"+    - "{{ server_appdata_path }}/scripts/frontail"+    - "{{ server_appdata_path }}/scripts/nzbget"+    - "{{ server_appdata_path }}/scripts/sabnzbd"+    - "{{ server_appdata_path }}/scripts/plex"+    - "{{ server_appdata_path }}/scripts/tautulli"+    - "{{ server_appdata_path }}/scripts/torrents"+    - "{{ server_appdata_path }}/scripts/rclone"  - name: Import 'arrpush.py'   ansible.builtin.get_url:     url: "https://raw.githubusercontent.com/l3uddz/arrpush/master/arrpush.py"-    dest: "/opt/scripts/torrents/arrpush.py"+    dest: "{{ server_appdata_path }}/scripts/torrents/arrpush.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -57,7 +55,7 @@ - name: Import 'TorrentCleanup.py'   ansible.builtin.get_url:     url: "https://raw.githubusercontent.com/l3uddz/TorrentCleanup/master/TorrentCleanup.py"-    dest: "/opt/scripts/torrents/TorrentCleanup.py"+    dest: "{{ server_appdata_path }}/scripts/torrents/TorrentCleanup.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -74,7 +72,7 @@ - name: Import 'plex_trash_fixer.py'   ansible.builtin.get_url:     url: "https://raw.githubusercontent.com/l3uddz/plex_trash_fixer/master/plex_trash_fixer.py"-    dest: "/opt/scripts/plex/plex_trash_fixer.py"+    dest: "{{ server_appdata_path }}/scripts/plex/plex_trash_fixer.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -88,36 +86,9 @@   delay: 10   ignore_errors: true -- name: Import 'plex_autoscan_url.sh'-  ansible.builtin.copy:-    src: "plex_autoscan_url.sh"-    dest: "/opt/scripts/plex_autoscan/plex_autoscan_url.sh"-    owner: "{{ user.name }}"-    group: "{{ user.name }}"-    mode: "0775"-    force: true--- name: Import 'plexsql.sh'-  ansible.builtin.copy:-    src: "plexsql.sh"-    dest: "/opt/scripts/plex/plexsql.sh"-    owner: "{{ user.name }}"-    group: "{{ user.name }}"-    mode: "0775"-    force: true--- name: Import 'restart_containers.sh'-  ansible.builtin.copy:-    src: "restart_containers.sh"-    dest: "/opt/scripts/docker/restart_containers.sh"-    owner: "{{ user.name }}"-    group: "{{ user.name }}"-    mode: "0775"-    force: true- - name: Check if 'frontail_custom_preset.json' exists   ansible.builtin.stat:-    path: "/opt/scripts/frontail/frontail_custom_preset.json"+    path: "{{ server_appdata_path }}/scripts/frontail/frontail_custom_preset.json"     get_attributes: false     get_checksum: false     get_mime: false@@ -126,7 +97,7 @@ - name: Import 'frontail_custom_preset.json'   ansible.builtin.copy:     src: "frontail_custom_preset.json"-    dest: "/opt/scripts/frontail/frontail_custom_preset.json"+    dest: "{{ server_appdata_path }}/scripts/frontail/frontail_custom_preset.json"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -136,7 +107,7 @@ - name: Import 'sync_torrents_to_rclone_remote.sh'   ansible.builtin.template:     src: "sync_torrents_to_rclone_remote.sh.j2"-    dest: "/opt/scripts/rclone/sync_torrents_to_rclone_remote.sh"+    dest: "{{ server_appdata_path }}/scripts/rclone/sync_torrents_to_rclone_remote.sh"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -146,7 +117,7 @@ - name: Import 'download_torrents_from_rclone_remote.sh'   ansible.builtin.template:     src: "download_torrents_from_rclone_remote.sh.j2"-    dest: "/opt/scripts/rclone/download_torrents_from_rclone_remote.sh"+    dest: "{{ server_appdata_path }}/scripts/rclone/download_torrents_from_rclone_remote.sh"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -156,7 +127,7 @@ - name: Import 'StickyDownloadQueue.py'   ansible.builtin.get_url:     url: "https://raw.githubusercontent.com/Hidendra/nzbget-sticky-download-queue/master/StickyDownloadQueue.py"-    dest: "/opt/scripts/nzbget/StickyDownloadQueue.py"+    dest: "{{ server_appdata_path }}/scripts/nzbget/StickyDownloadQueue.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"@@ -173,7 +144,7 @@ - name: Import 'CappedDownloadQueue.py'   ansible.builtin.get_url:     url: "https://raw.githubusercontent.com/Hidendra/nzbget-capped-download-queue/master/CappedDownloadQueue.py"-    dest: "/opt/scripts/nzbget/CappedDownloadQueue.py"+    dest: "{{ server_appdata_path }}/scripts/nzbget/CappedDownloadQueue.py"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0775"

modified

roles/scripts/templates/download_torrents_from_rclone_remote.sh.j2

@@ -13,7 +13,7 @@  if ! /usr/bin/screen -list | /bin/grep -q "torrents_download"; then -	/bin/rm -rfv /opt/scripts/rclone/download_torrents_from_rclone_remote.log+	/bin/rm -rfv {{ server_appdata_path }}/scripts/rclone/download_torrents_from_rclone_remote.log  	/usr/bin/screen -dmS torrents_download /usr/bin/rclone copy \ 		--user-agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36' \@@ -24,7 +24,7 @@ 		--checkers=16 \ 		--drive-chunk-size=128M \ 		--fast-list \-		--log-file=/opt/scripts/rclone/download_torrents_from_rclone_remote.log \+		--log-file={{ server_appdata_path }}/scripts/rclone/download_torrents_from_rclone_remote.log \ 		{{ rclone_first_remote_name }}:/downloads/torrents {{ downloads_torrents_path }}  fi

modified

roles/scripts/templates/sync_torrents_to_rclone_remote.sh.j2

@@ -12,7 +12,7 @@  if ! /usr/bin/screen -list | /bin/grep -q "torrents_sync"; then -	/bin/rm -rfv /opt/scripts/rclone/sync_torrents_to_rclone_remote.log+	/bin/rm -rfv {{ server_appdata_path }}/scripts/rclone/sync_torrents_to_rclone_remote.log  	/usr/bin/screen -dmS torrents_sync /usr/bin/rclone sync \ 		--user-agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36' \@@ -23,7 +23,7 @@ 		--checkers=16 \ 		--drive-chunk-size=128M \ 		--fast-list \-		--log-file=/opt/scripts/rclone/sync_torrents_to_rclone_remote.log \+		--log-file={{ server_appdata_path }}/scripts/rclone/sync_torrents_to_rclone_remote.log \ 		{{ downloads_torrents_path }} {{ rclone_first_remote_name }}:/downloads/torrents  fi

modified

roles/scrutiny/defaults/main.yml

@@ -17,130 +17,87 @@ # Paths ################################ -scrutiny_paths_folder: "{{ scrutiny_name }}"-scrutiny_paths_location: "{{ server_appdata_path }}/{{ scrutiny_paths_folder }}"-scrutiny_paths_folders_list:-  - "{{ scrutiny_paths_location }}"-  - "{{ scrutiny_paths_location }}/scrutiny"-  - "{{ scrutiny_paths_location }}/influxdb"+scrutiny_role_paths_folder: "{{ scrutiny_name }}"+scrutiny_role_paths_location: "{{ server_appdata_path }}/{{ scrutiny_role_paths_folder }}"+scrutiny_role_paths_folders_list:+  - "{{ scrutiny_role_paths_location }}"+  - "{{ scrutiny_role_paths_location }}/scrutiny"+  - "{{ scrutiny_role_paths_location }}/influxdb"  ################################ # Web ################################ -scrutiny_web_subdomain: "{{ scrutiny_name }}"-scrutiny_web_domain: "{{ user.domain }}"-scrutiny_web_port: "8080"-scrutiny_web_url: "{{ 'https://' + (scrutiny_web_subdomain + '.' + scrutiny_web_domain-                   if (scrutiny_web_subdomain | length > 0)-                   else scrutiny_web_domain) }}"+scrutiny_role_web_subdomain: "{{ scrutiny_name }}"+scrutiny_role_web_domain: "{{ user.domain }}"+scrutiny_role_web_port: "8080"+scrutiny_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='scrutiny') + '.' + lookup('role_var', '_web_domain', role='scrutiny')+                        if (lookup('role_var', '_web_subdomain', role='scrutiny') | length > 0)+                        else lookup('role_var', '_web_domain', role='scrutiny')) }}"  ################################ # DNS ################################ -scrutiny_dns_record: "{{ scrutiny_web_subdomain }}"-scrutiny_dns_zone: "{{ scrutiny_web_domain }}"-scrutiny_dns_proxy: "{{ dns.proxied }}"+scrutiny_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='scrutiny') }}"+scrutiny_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='scrutiny') }}"+scrutiny_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -scrutiny_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-scrutiny_traefik_middleware_default: "{{ traefik_default_middleware }}"-scrutiny_traefik_middleware_custom: ""-scrutiny_traefik_certresolver: "{{ traefik_default_certresolver }}"-scrutiny_traefik_enabled: true+scrutiny_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+scrutiny_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+scrutiny_role_traefik_middleware_custom: ""+scrutiny_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+scrutiny_role_traefik_enabled: true  ################################ # Docker ################################  # Container-scrutiny_docker_container: "{{ scrutiny_name }}"+scrutiny_role_docker_container: "{{ scrutiny_name }}"  # Image-scrutiny_docker_image_pull: true-scrutiny_docker_image_tag: "master-omnibus"-scrutiny_docker_image: "ghcr.io/analogj/scrutiny:{{ scrutiny_docker_image_tag }}"--# Ports-scrutiny_docker_ports_defaults: []-scrutiny_docker_ports_custom: []-scrutiny_docker_ports: "{{ scrutiny_docker_ports_defaults-                           + scrutiny_docker_ports_custom }}"+scrutiny_role_docker_image_pull: true+scrutiny_role_docker_image_repo: "ghcr.io/analogj/scrutiny"+scrutiny_role_docker_image_tag: "master-omnibus"+scrutiny_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='scrutiny') }}:{{ lookup('role_var', '_docker_image_tag', role='scrutiny') }}"  # Envs-scrutiny_docker_envs_default:+scrutiny_role_docker_envs_default:   TZ: "{{ tz }}"-scrutiny_docker_envs_custom: {}-scrutiny_docker_envs: "{{ scrutiny_docker_envs_default-                          | combine(scrutiny_docker_envs_custom) }}"--# Commands-scrutiny_docker_commands_default: []-scrutiny_docker_commands_custom: []-scrutiny_docker_commands: "{{ scrutiny_docker_commands_default-                              + scrutiny_docker_commands_custom }}"+scrutiny_role_docker_envs_custom: {}+scrutiny_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='scrutiny')+                               | combine(lookup('role_var', '_docker_envs_custom', role='scrutiny')) }}"  # Volumes-scrutiny_docker_volumes_default:-  - "{{ scrutiny_paths_location }}/scrutiny:/opt/scrutiny/config"-  - "{{ scrutiny_paths_location }}/influxdb:/opt/scrutiny/influxdb"+scrutiny_role_docker_volumes_default:+  - "{{ lookup('role_var', '_paths_location', role='scrutiny') }}/scrutiny:/opt/scrutiny/config"+  - "{{ lookup('role_var', '_paths_location', role='scrutiny') }}/influxdb:/opt/scrutiny/influxdb"   - "/run/udev:/run/udev:ro"-scrutiny_docker_volumes_custom: []-scrutiny_docker_volumes: "{{ scrutiny_docker_volumes_default-                             + scrutiny_docker_volumes_custom }}"--# Devices-scrutiny_docker_devices_default: []-scrutiny_docker_devices_custom: []-scrutiny_docker_devices: "{{ scrutiny_docker_devices_default-                             + scrutiny_docker_devices_custom }}"--# Hosts-scrutiny_docker_hosts_default: {}-scrutiny_docker_hosts_custom: {}-scrutiny_docker_hosts: "{{ docker_hosts_common-                           | combine(scrutiny_docker_hosts_default)-                           | combine(scrutiny_docker_hosts_custom) }}"--# Labels-scrutiny_docker_labels_default: {}-scrutiny_docker_labels_custom: {}-scrutiny_docker_labels: "{{ docker_labels_common-                            | combine(scrutiny_docker_labels_default)-                            | combine(scrutiny_docker_labels_custom) }}"+scrutiny_role_docker_volumes_custom: []+scrutiny_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='scrutiny')+                                  + lookup('role_var', '_docker_volumes_custom', role='scrutiny') }}"  # Hostname-scrutiny_docker_hostname: "{{ scrutiny_name }}"+scrutiny_role_docker_hostname: "{{ scrutiny_name }}"  # Networks-scrutiny_docker_networks_alias: "{{ scrutiny_name }}"-scrutiny_docker_networks_default: []-scrutiny_docker_networks_custom: []-scrutiny_docker_networks: "{{ docker_networks_common-                              + scrutiny_docker_networks_default-                              + scrutiny_docker_networks_custom }}"--# Capabilities-scrutiny_docker_capabilities_default: []-scrutiny_docker_capabilities_custom: []-scrutiny_docker_capabilities: "{{ scrutiny_docker_capabilities_default-                                  + scrutiny_docker_capabilities_custom }}"--# Security Opts-scrutiny_docker_security_opts_default: []-scrutiny_docker_security_opts_custom: []-scrutiny_docker_security_opts: "{{ scrutiny_docker_security_opts_default-                                   + scrutiny_docker_security_opts_custom }}"+scrutiny_role_docker_networks_alias: "{{ scrutiny_name }}"+scrutiny_role_docker_networks_default: []+scrutiny_role_docker_networks_custom: []+scrutiny_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='scrutiny')+                                   + lookup('role_var', '_docker_networks_custom', role='scrutiny') }}"  # Restart Policy-scrutiny_docker_restart_policy: unless-stopped+scrutiny_role_docker_restart_policy: unless-stopped  # State-scrutiny_docker_state: started+scrutiny_role_docker_state: started  # Privileged-scrutiny_docker_privileged: true+scrutiny_role_docker_privileged: true

modified

roles/scrutiny/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/shell/defaults/main.yml

@@ -26,7 +26,7 @@ ################################  shell_z_git_repo_url: "https://github.com/rupa/z.git"-shell_z_git_repo_dest: "/opt/z"+shell_z_git_repo_dest: "{{ server_appdata_path }}/z"  ################################ # Bash@@ -64,7 +64,7 @@   DISABLE_UPDATE_PROMPT=true  shell_zsh_zshrc_block_content2: |-  # zsh - allows commmands to run with the un-expanded glob+  # zsh - allows commands to run with the un-expanded glob   unsetopt nomatch   # zsh - set TIMEFMT   export TIMEFMT=$'

modified

roles/shell/tasks/main.yml

@@ -13,5 +13,5 @@ - name: Import 'z' subtask   ansible.builtin.include_tasks: "subtasks/z.yml" -- name: Import '{{ shell_type }}' subtask+- name: "Import '{{ shell_type }}' subtask"   ansible.builtin.include_tasks: "subtasks/shell/{{ shell_type }}.yml"

modified

roles/shell/tasks/subtasks/misc.yml

@@ -9,13 +9,13 @@ --- - name: Misc | Install argcomplete   ansible.builtin.shell: "pip install {{ shell_misc_argcomplete_pip_package }}"-  when: ansible_distribution_version is version('22.04', '<=')+  when: ansible_facts['distribution_version'] is version('22.04', '<=')  - name: Misc | Install argcomplete   ansible.builtin.apt:     name: python3-argcomplete     state: present-  when: ansible_distribution_version is version('24.04', '>=')+  when: ansible_facts['distribution_version'] is version('24.04', '>=')  # For Ansible command line utilities - name: Misc | Activate argcomplete

modified

roles/shell/tasks/subtasks/shell/bash.yml

@@ -36,10 +36,10 @@     shell: "{{ shell_bash_binary_path }}"   register: shell_update_task -- name: Bash | Set Bash as default shell+- name: Bash | Print Bash shell status   ansible.builtin.debug:     msg:-      - "Set Bash as default shell"+      - "Bash was set as default shell"   when: (shell_update_task is changed)  - name: Bash | Default shell set to Bash

modified

roles/shell/tasks/subtasks/shell/zsh.yml

@@ -10,7 +10,7 @@ - name: ZSH | Install 'zsh'   ansible.builtin.apt:     name: "{{ shell_zsh_apt_packages_list }}"-    state: present+    state: latest  - name: ZSH | Clone 'oh-my-zsh' repo   ansible.builtin.git:@@ -21,24 +21,22 @@     force: true   become: true   become_user: "{{ user.name }}"-  register: cloning-  ignore_errors: true  - name: ZSH | Check if an existing '.zshrc' file is present   ansible.builtin.stat:     path: "{{ shell_zsh_zshrc_path }}"   register: existing_zshrc -- name: ZSH | Create '{{ shell_zsh_zshrc_path }}' file+- name: "ZSH | Create '{{ shell_zsh_zshrc_path }}' file"   ansible.builtin.copy:     src: "{{ shell_zsh_zshrc_template_path }}"     dest: "{{ shell_zsh_zshrc_path }}"     group: "{{ user.name }}"     owner: "{{ user.name }}"     mode: "0664"-  when: (cloning is success) and (not existing_zshrc.stat.exists)+  when: (not existing_zshrc.stat.exists) -- name: ZSH | Add items to '{{ shell_zsh_zshrc_path }}'+- name: "ZSH | Add items to '{{ shell_zsh_zshrc_path }}'"   ansible.builtin.blockinfile:     path: "{{ shell_zsh_zshrc_path }}"     marker: "### SALTBOX MANAGED BLOCK 1 - {mark} ###"@@ -50,7 +48,7 @@     group: "{{ user.name }}"     mode: "0664" -- name: ZSH | Add items to '{{ shell_zsh_zshrc_path }}'+- name: "ZSH | Add items to '{{ shell_zsh_zshrc_path }}'"   ansible.builtin.blockinfile:     path: "{{ shell_zsh_zshrc_path }}"     marker: "### SALTBOX MANAGED BLOCK 2 - {mark} ###"@@ -61,7 +59,7 @@     group: "{{ user.name }}"     mode: "0664" -- name: ZSH | Add custom items to '{{ shell_zsh_zshrc_path }}'+- name: "ZSH | Add custom items to '{{ shell_zsh_zshrc_path }}'"   ansible.builtin.blockinfile:     path: "{{ shell_zsh_zshrc_path }}"     marker: "### SALTBOX MANAGED BLOCK CUSTOM - {mark} ###"@@ -91,7 +89,7 @@     path: "{{ shell_zsh_binary_path }}"   register: shell_zsh_binary_path_stat -- name: ZSH | Create an 'alternatives link' to '{{ shell_zsh_binary_path }}'+- name: "ZSH | Create an 'alternatives link' to '{{ shell_zsh_binary_path }}'"   community.general.alternatives:     name: zsh     link: "{{ shell_zsh_binary_path }}"@@ -105,21 +103,21 @@     shell: "{{ shell_zsh_binary_path }}"   register: shell_update_task -- name: ZSH | Set ZSH as default shell+- name: ZSH | Print ZSH shell status   ansible.builtin.debug:-    msg: "Set ZSH as default shell"+    msg: "ZSH was set as default shell"   when: (shell_update_task is changed) -- name: "Oh My Posh Block"+- name: ZSH | Oh My Posh Block   when: shell_ohmyposh_enabled   block:-    - name: "Install Oh My Posh"+    - name: ZSH | Install Oh My Posh       ansible.builtin.shell: "curl -s https://ohmyposh.dev/install.sh | bash -s -- -d /usr/local/bin/" -    - name: "Install Meslo Nerd Font"-      ansible.builtin.shell: "script -q -c '/usr/local/bin/oh-my-posh font install meslo --plain' /dev/null"+    - name: ZSH | Install Meslo Nerd Font+      ansible.builtin.shell: "/usr/local/bin/oh-my-posh font install meslo --headless" -    - name: ZSH | Add Oh My Posh to '{{ shell_zsh_zshrc_path }}'+    - name: "ZSH | Add Oh My Posh to '{{ shell_zsh_zshrc_path }}'"       ansible.builtin.blockinfile:         path: "{{ shell_zsh_zshrc_path }}"         marker: "### SALTBOX MANAGED BLOCK 3 - {mark} ###"

modified

roles/shell/tasks/subtasks/z.yml

@@ -25,10 +25,3 @@     force: true   become: true   become_user: "{{ user.name }}"-  register: shell_z_git_clone_status-  ignore_errors: true--- name: z | 'z' Installed-  ansible.builtin.debug:-    msg: "'z (jump around)' Installed"-  when: (shell_z_git_clone_status is succeeded)

modified

roles/sonarr/defaults/main.yml

@@ -17,171 +17,121 @@ # Settings ################################ -sonarr_external_auth: true+sonarr_role_external_auth: true  ################################ # Paths ################################ -sonarr_paths_folder: "{{ sonarr_name }}"-sonarr_paths_location: "{{ server_appdata_path }}/{{ sonarr_paths_folder }}"-sonarr_paths_folders_list:-  - "{{ sonarr_paths_location }}"-sonarr_paths_config_location: "{{ sonarr_paths_location }}/config.xml"+sonarr_role_paths_folder: "{{ sonarr_name }}"+sonarr_role_paths_location: "{{ server_appdata_path }}/{{ sonarr_role_paths_folder }}"+sonarr_role_paths_folders_list:+  - "{{ sonarr_role_paths_location }}"+sonarr_role_paths_config_location: "{{ sonarr_role_paths_location }}/config.xml"  ################################ # Web ################################ -sonarr_web_subdomain: "{{ sonarr_name }}"-sonarr_web_domain: "{{ user.domain }}"-sonarr_web_port: "8989"-sonarr_web_url: "{{ 'https://' + (lookup('vars', sonarr_name + '_web_subdomain', default=sonarr_web_subdomain) + '.' + lookup('vars', sonarr_name + '_web_domain', default=sonarr_web_domain)-                 if (lookup('vars', sonarr_name + '_web_subdomain', default=sonarr_web_subdomain) | length > 0)-                 else lookup('vars', sonarr_name + '_web_domain', default=sonarr_web_domain)) }}"+sonarr_role_web_subdomain: "{{ sonarr_name }}"+sonarr_role_web_domain: "{{ user.domain }}"+sonarr_role_web_port: "8989"+sonarr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='sonarr') + '.' + lookup('role_var', '_web_domain', role='sonarr')+                      if (lookup('role_var', '_web_subdomain', role='sonarr') | length > 0)+                      else lookup('role_var', '_web_domain', role='sonarr')) }}"  ################################ # DNS ################################ -sonarr_dns_record: "{{ lookup('vars', sonarr_name + '_web_subdomain', default=sonarr_web_subdomain) }}"-sonarr_dns_zone: "{{ lookup('vars', sonarr_name + '_web_domain', default=sonarr_web_domain) }}"-sonarr_dns_proxy: "{{ dns.proxied }}"+sonarr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='sonarr') }}"+sonarr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='sonarr') }}"+sonarr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -sonarr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-sonarr_traefik_middleware_default: "{{ traefik_default_middleware-                                       + (',themepark-' + lookup('vars', sonarr_name + '_name', default=sonarr_name)-                                         if (sonarr_themepark_enabled and global_themepark_plugin_enabled)-                                         else '') }}"-sonarr_traefik_middleware_custom: ""-sonarr_traefik_certresolver: "{{ traefik_default_certresolver }}"-sonarr_traefik_enabled: true-sonarr_traefik_api_enabled: true-sonarr_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"+sonarr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+sonarr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                            + (',themepark-' + sonarr_name+                                              if (lookup('role_var', '_themepark_enabled', role='sonarr') and global_themepark_plugin_enabled)+                                              else '') }}"+sonarr_role_traefik_middleware_custom: ""+sonarr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+sonarr_role_traefik_enabled: true+sonarr_role_traefik_api_enabled: true+sonarr_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/feed`) || PathPrefix(`/ping`)"  ################################-# API-################################--# default to blank-sonarr_api_key:--################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-sonarr_themepark_enabled: false-sonarr_themepark_app: "sonarr"-sonarr_themepark_theme: "{{ global_themepark_theme }}"-sonarr_themepark_domain: "{{ global_themepark_domain }}"-sonarr_themepark_addons: []+sonarr_role_themepark_enabled: false+sonarr_role_themepark_app: "sonarr"+sonarr_role_themepark_theme: "{{ global_themepark_theme }}"+sonarr_role_themepark_domain: "{{ global_themepark_domain }}"+sonarr_role_themepark_addons: []  ################################ # Docker ################################  # Container-sonarr_docker_container: "{{ sonarr_name }}"+sonarr_role_docker_container: "{{ sonarr_name }}"  # Image-sonarr_docker_image_pull: true-sonarr_docker_image_repo: "ghcr.io/hotio/sonarr"-sonarr_docker_image_tag: "release"-sonarr_docker_image: "{{ lookup('vars', sonarr_name + '_docker_image_repo', default=sonarr_docker_image_repo)-                         + ':' + lookup('vars', sonarr_name + '_docker_image_tag', default=sonarr_docker_image_tag) }}"--# Ports-sonarr_docker_ports_defaults: []-sonarr_docker_ports_custom: []-sonarr_docker_ports: "{{ lookup('vars', sonarr_name + '_docker_ports_defaults', default=sonarr_docker_ports_defaults)-                         + lookup('vars', sonarr_name + '_docker_ports_custom', default=sonarr_docker_ports_custom) }}"+sonarr_role_docker_image_pull: true+sonarr_role_docker_image_repo: "ghcr.io/hotio/sonarr"+sonarr_role_docker_image_tag: "release"+sonarr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='sonarr') }}:{{ lookup('role_var', '_docker_image_tag', role='sonarr') }}"  # Envs-sonarr_docker_envs_default:+sonarr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-sonarr_docker_envs_custom: {}-sonarr_docker_envs: "{{ lookup('vars', sonarr_name + '_docker_envs_default', default=sonarr_docker_envs_default)-                        | combine(lookup('vars', sonarr_name + '_docker_envs_custom', default=sonarr_docker_envs_custom)) }}"--# Commands-sonarr_docker_commands_default: []-sonarr_docker_commands_custom: []-sonarr_docker_commands: "{{ lookup('vars', sonarr_name + '_docker_commands_default', default=sonarr_docker_commands_default)-                            + lookup('vars', sonarr_name + '_docker_commands_custom', default=sonarr_docker_commands_custom) }}"+sonarr_role_docker_envs_custom: {}+sonarr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='sonarr')+                             | combine(lookup('role_var', '_docker_envs_custom', role='sonarr')) }}"  # Volumes-sonarr_docker_volumes_default:-  - "{{ sonarr_paths_location }}:/config"+sonarr_role_docker_volumes_default:+  - "{{ sonarr_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-sonarr_docker_volumes_legacy:+sonarr_role_docker_volumes_legacy:   - "/mnt/unionfs/Media/TV:/tv"-sonarr_docker_volumes_custom: []-sonarr_docker_volumes: "{{ lookup('vars', sonarr_name + '_docker_volumes_default', default=sonarr_docker_volumes_default)-                           + lookup('vars', sonarr_name + '_docker_volumes_custom', default=sonarr_docker_volumes_custom)-                           + (lookup('vars', sonarr_name + '_docker_volumes_legacy', default=sonarr_docker_volumes_legacy)-                             if docker_legacy_volume-                             else []) }}"--# Devices-sonarr_docker_devices_default: []-sonarr_docker_devices_custom: []-sonarr_docker_devices: "{{ lookup('vars', sonarr_name + '_docker_devices_default', default=sonarr_docker_devices_default)-                           + lookup('vars', sonarr_name + '_docker_devices_custom', default=sonarr_docker_devices_custom) }}"--# Hosts-sonarr_docker_hosts_default: {}-sonarr_docker_hosts_custom: {}-sonarr_docker_hosts: "{{ docker_hosts_common-                         | combine(lookup('vars', sonarr_name + '_docker_hosts_default', default=sonarr_docker_hosts_default))-                         | combine(lookup('vars', sonarr_name + '_docker_hosts_custom', default=sonarr_docker_hosts_custom)) }}"+sonarr_role_docker_volumes_custom: []+sonarr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='sonarr')+                                + lookup('role_var', '_docker_volumes_custom', role='sonarr')+                                + (lookup('role_var', '_docker_volumes_legacy', role='sonarr')+                                  if docker_legacy_volume+                                  else []) }}"  # Labels-sonarr_docker_labels_default: {}-sonarr_docker_labels_custom: {}-sonarr_docker_labels: "{{ docker_labels_common-                          | combine(lookup('vars', sonarr_name + '_docker_labels_default', default=sonarr_docker_labels_default))-                          | combine((traefik_themepark_labels-                                    if (sonarr_themepark_enabled and global_themepark_plugin_enabled)-                                    else {}),-                                    lookup('vars', sonarr_name + '_docker_labels_custom', default=sonarr_docker_labels_custom)) }}"+sonarr_role_docker_labels_default: {}+sonarr_role_docker_labels_custom: {}+sonarr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='sonarr')+                               | combine((traefik_themepark_labels+                                         if (lookup('role_var', '_themepark_enabled', role='sonarr') and global_themepark_plugin_enabled)+                                         else {}),+                                         lookup('role_var', '_docker_labels_custom', role='sonarr')) }}"  # Hostname-sonarr_docker_hostname: "{{ sonarr_name }}"--# Network Mode-sonarr_docker_network_mode_default: "{{ docker_networks_name_common }}"-sonarr_docker_network_mode: "{{ lookup('vars', sonarr_name + '_docker_network_mode_default', default=sonarr_docker_network_mode_default) }}"+sonarr_role_docker_hostname: "{{ sonarr_name }}"  # Networks-sonarr_docker_networks_alias: "{{ sonarr_name }}"-sonarr_docker_networks_default: []-sonarr_docker_networks_custom: []-sonarr_docker_networks: "{{ docker_networks_common-                            + lookup('vars', sonarr_name + '_docker_networks_default', default=sonarr_docker_networks_default)-                            + lookup('vars', sonarr_name + '_docker_networks_custom', default=sonarr_docker_networks_custom) }}"--# Capabilities-sonarr_docker_capabilities_default: []-sonarr_docker_capabilities_custom: []-sonarr_docker_capabilities: "{{ lookup('vars', sonarr_name + '_docker_capabilities_default', default=sonarr_docker_capabilities_default)-                                + lookup('vars', sonarr_name + '_docker_capabilities_custom', default=sonarr_docker_capabilities_custom) }}"--# Security Opts-sonarr_docker_security_opts_default: []-sonarr_docker_security_opts_custom: []-sonarr_docker_security_opts: "{{ lookup('vars', sonarr_name + '_docker_security_opts_default', default=sonarr_docker_security_opts_default)-                                 + lookup('vars', sonarr_name + '_docker_security_opts_custom', default=sonarr_docker_security_opts_custom) }}"+sonarr_role_docker_networks_alias: "{{ sonarr_name }}"+sonarr_role_docker_networks_default: []+sonarr_role_docker_networks_custom: []+sonarr_role_docker_networks: "{{ docker_networks_common+                                 + lookup('role_var', '_docker_networks_default', role='sonarr')+                                 + lookup('role_var', '_docker_networks_custom', role='sonarr') }}"  # Restart Policy-sonarr_docker_restart_policy: unless-stopped+sonarr_role_docker_restart_policy: unless-stopped  # State-sonarr_docker_state: started+sonarr_role_docker_state: started

modified

roles/sonarr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -24,5 +24,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: "Tweak Settings when SSO is enabled"-  ansible.builtin.import_tasks: "subtasks/auth.yml"-  when: (lookup('vars', sonarr_name + '_traefik_sso_middleware', default=sonarr_traefik_sso_middleware) | length > 0) and lookup('vars', sonarr_name + '_external_auth', default=sonarr_external_auth)+  ansible.builtin.include_tasks: "subtasks/auth.yml"+  when: (lookup('role_var', '_traefik_sso_middleware', role='sonarr') | length > 0) and lookup('role_var', '_external_auth', role='sonarr')

modified

roles/sonarr/tasks/subtasks/auth.yml

@@ -9,7 +9,7 @@ --- - name: Auth | Wait for 'config.xml' to be created   ansible.builtin.wait_for:-    path: "/opt/{{ sonarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ sonarr_name }}/config.xml"     state: present  - name: Auth | Wait for 10 seconds@@ -18,7 +18,7 @@  - name: Auth | Lookup AuthenticationMethod value   community.general.xml:-    path: "/opt/{{ sonarr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ sonarr_name }}/config.xml"     xpath: "/Config/AuthenticationMethod"     content: "text"   register: xmlresp@@ -28,7 +28,7 @@   block:     - name: Auth | Change the 'AuthenticationMethod' attribute to 'External'       community.general.xml:-        path: "/opt/{{ sonarr_name }}/config.xml"+        path: "{{ server_appdata_path }}/{{ sonarr_name }}/config.xml"         xpath: "/Config/AuthenticationMethod"         value: "External"

modified

roles/system/tasks/main.yml

@@ -8,23 +8,23 @@ ######################################################################### --- - name: Logrotate-  ansible.builtin.import_tasks: "subtasks/logrotate.yml"+  ansible.builtin.include_tasks: "subtasks/logrotate.yml"  - name: APT tasks   ansible.builtin.include_tasks: "subtasks/apt.yml"  - name: Network tasks-  ansible.builtin.import_tasks: "subtasks/network.yml"+  ansible.builtin.include_tasks: "subtasks/network.yml"  - name: sysctl tasks   ansible.builtin.include_tasks: "subtasks/sysctl.yml"   when: run_sysctl_tasks -- name: pam_limits tasks+- name: PAM limits tasks   ansible.builtin.include_tasks: "subtasks/pam_limits.yml"  - name: Mounts tasks-  ansible.builtin.import_tasks: "subtasks/mounts.yml"+  ansible.builtin.include_tasks: "subtasks/mounts.yml"  - name: CPU Frequency tasks   ansible.builtin.include_tasks: "subtasks/cpufrequency.yml"@@ -35,12 +35,12 @@   when: cpu_performance_mode and ("none" in systemd_detect_virt.stdout)  - name: Set Time Zone task-  ansible.builtin.import_tasks: "subtasks/timezone.yml"+  ansible.builtin.include_tasks: "subtasks/timezone.yml"   when: (tz is defined)   tags: set-timezone  - name: Set Locale task-  ansible.builtin.import_tasks: "subtasks/locale.yml"+  ansible.builtin.include_tasks: "subtasks/locale.yml"   tags: set-locale  - name: flush_handlers

modified

roles/system/tasks/subtasks/apt.yml

@@ -23,7 +23,7 @@     dest: "/etc/needrestart/conf.d/saltbox.conf"     mode: "0644"     force: true-  when: ('needrestart' in ansible_facts.packages)+  when: ('needrestart' in ansible_facts['packages'])  - name: APT | Fix any potential dpkg issues   block:@@ -48,7 +48,7 @@  - name: APT | Install required packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - apt-utils       - byobu

modified

roles/system/tasks/subtasks/cpufrequency.yml

@@ -10,18 +10,18 @@ - name: CPU Frequency | Install 'cpufrequtils'   ansible.builtin.apt:     name: cpufrequtils-    state: present+    state: latest  - name: CPU Frequency | Install 'linux-tools' for Ubuntu   ansible.builtin.apt:-    state: present+    state: latest     name:       - linux-tools-common       - linux-tools-generic-  when: (ansible_distribution == 'Ubuntu')+  when: (ansible_facts['distribution'] == 'Ubuntu') -- name: "CPU Frequency | Install 'linux-tools-{{ ansible_kernel }}'"-  ansible.builtin.shell: "apt-get install -qq $(apt-cache search -n linux-tools-{{ ansible_kernel }} | awk '{print $1}' | tail -n 1)"+- name: "CPU Frequency | Install 'linux-tools-{{ ansible_facts['kernel'] }}'"+  ansible.builtin.shell: "apt-get install -qq $(apt-cache search -n linux-tools-{{ ansible_facts['kernel'] }} | awk '{print $1}' | tail -n 1)"   ignore_errors: true  - name: CPU Frequency | Ensure 'cpufrequtils' is enabled@@ -68,4 +68,4 @@     enabled: false     daemon_reload: true   ignore_errors: true-  when: ('ondemand.service' in services and services['ondemand.service']['status'] == 'enabled')+  when: ('ondemand.service' in services and ansible_facts['services']['ondemand.service']['status'] == 'enabled')

modified

roles/system/tasks/subtasks/locale.yml

@@ -10,14 +10,14 @@ - name: Locale | Install locales   ansible.builtin.apt:     name: locales-    state: present+    state: latest -- name: Locale | Ensure localisation files for '{{ system_locale }}' are available+- name: Locale | Ensure localization files for '{{ system_locale }}' are available   community.general.locale_gen:     name: "{{ system_locale }}"     state: present -- name: Locale | Ensure localisation files for '{{ system_language }}' are available+- name: Locale | Ensure localization files for '{{ system_language }}' are available   community.general.locale_gen:     name: "{{ system_language }}"     state: present@@ -25,7 +25,6 @@ - name: Locale | Get current locale and language configuration   ansible.builtin.command: localectl status   register: locale_status-  changed_when: false  - name: Locale | Parse 'LANG' from current locale and language configuration   ansible.builtin.set_fact:

modified

roles/system/tasks/subtasks/logrotate.yml

@@ -11,7 +11,7 @@  - name: Logrotate | Install required packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - logrotate @@ -39,7 +39,7 @@           }       - path: "sandbox"         content: |-          /opt/sandbox/sandbox.log {+          {{ server_appdata_path }}/sandbox/sandbox.log {               su {{ user.name }} {{ user.name }}               weekly               rotate 5@@ -50,7 +50,7 @@           }       - path: "saltbox_mod"         content: |-          /opt/saltbox_mod/saltbox_mod.log {+          {{ server_appdata_path }}/saltbox_mod/saltbox_mod.log {               su {{ user.name }} {{ user.name }}               weekly               rotate 5@@ -61,10 +61,10 @@           }       - path: "traefik"         content: |-          /opt/traefik/access.log {+          {{ server_appdata_path }}/traefik/access.log {               su {{ user.name }} {{ user.name }}-              rotate {{ traefik_log_max_backups }}-              size {{ traefik_log_max_size }}+              rotate {{ lookup('role_var', '_log_max_backups', role='traefik') }}+              size {{ lookup('role_var', '_log_max_size', role='traefik') }}               missingok               notifempty               postrotate@@ -78,6 +78,6 @@     path: "/etc/logrotate.d/{{ item.path }}"     marker: "### SALTBOX MANAGED BLOCK - {mark} ###"     block: "{{ item.content }}"-    create: yes+    create: true     mode: "0644"   loop: "{{ logrotate_d_items }}"

modified

roles/system/tasks/subtasks/mounts.yml

@@ -9,7 +9,7 @@ --- - name: Mounts | Display system mounts   ansible.builtin.debug:-    msg: "{{ ansible_mounts }}"+    msg: "{{ ansible_facts['mounts'] }}"     verbosity: 1  - name: Mounts | Set opts for '/' ext4 mount@@ -20,13 +20,13 @@     fstype: ext4     src: "{{ item.device }}"   with_items:-    - "{{ ansible_mounts }}"+    - "{{ ansible_facts['mounts'] }}"   when: (item.mount == '/') and (item.fstype == 'ext4')  - name: "Mounts | Install 'fuse3'"   ansible.builtin.apt:     name: "fuse3"-    state: present+    state: latest  - name: Mounts | Import 'fuse.conf'   ansible.builtin.copy:

modified

roles/system/tasks/subtasks/network.yml

@@ -9,14 +9,14 @@ --- - name: Network | Install common packages   ansible.builtin.apt:-    state: present+    state: latest     name:       - vnstat       - pciutils       - ethtool  - name: Network | Network Tasks Block-  when: (ansible_default_ipv4 is defined) and (ansible_default_ipv4.type == "ether")+  when: (ansible_facts['default_ipv4'] is defined) and (ansible_facts['default_ipv4']['type'] == "ether")   block:     - name: Network | Check for '/etc/vnstat.conf'       ansible.builtin.stat:@@ -27,7 +27,7 @@       ansible.builtin.lineinfile:         path: "/etc/vnstat.conf"         regexp: '(Interface)\s?.*'-        line: '\1 "{{ ansible_default_ipv4.interface }}"'+        line: '\1 "{{ ansible_facts["default_ipv4"]["interface"] }}"'         state: present         backrefs: true       when: (vnstat_conf.stat.exists)@@ -52,7 +52,7 @@         create: false         marker: "### {mark} SALTBOX MANAGED BLOCK ###"         block: |-          ethtool -K {{ ansible_default_ipv4.interface }} tso off gso off+          ethtool -K {{ ansible_facts['default_ipv4']['interface'] }} tso off gso off         insertbefore: "^exit 0"         owner: "root"         group: "root"

modified

roles/system/tasks/subtasks/timezone.yml

@@ -23,29 +23,50 @@     - (system.timezone is defined)     - ('auto' in system.timezone | lower)   block:-    - name: Time Zone | Get IP geolocation data-      community.general.ipinfoio_facts:+    - name: Time Zone | Get timezone from IP using multiple sources+      ip_timezone_lookup:+        ip_address: "{{ ip_address_public }}"+        timeout: 5+        min_consensus: 2+      register: tz_lookup -    - name: Time Zone | Set 'timezone' variable from 'ipinfoio_facts'+    - name: Time Zone | Set 'timezone' variable from IP lookup       ansible.builtin.set_fact:-        timezone: "{{ ansible_facts.timezone }}"-        timezone_string: "Time zone: {{ timezone }}"+        timezone: "{{ tz_lookup.timezone }}"+      when:+        - tz_lookup.timezone is defined+        - tz_lookup.timezone is not none+        - tz_lookup.confidence in ['high', 'medium']++    - name: Time Zone | Display timezone detection results+      ansible.builtin.debug:+        msg: "Detected timezone '{{ tz_lookup.timezone }}' with {{ tz_lookup.confidence }} confidence ({{ tz_lookup.consensus_count }}/{{ tz_lookup.successful_lookups }} sources agree)"+      when: tz_lookup.timezone is defined++    - name: Time Zone | Fail if low confidence or no consensus+      ansible.builtin.fail:+        msg: "Could not reliably determine timezone. Only {{ tz_lookup.consensus_count }} sources agreed. Manual configuration may be required."+      when:+        - tz_lookup.timezone is none or tz_lookup.confidence == 'low'    rescue:-    - name: Time Zone | Get IP geolocation data (with curl)+    - name: Time Zone | Fallback to curl method if module fails       ansible.builtin.shell: "curl -s https://ipapi.co/timezone"       register: system_curl_timezone       failed_when: (system_curl_timezone.stdout | trim | length == 0) -    - name: Time Zone | Set 'timezone' variable from 'ipinfoio_facts'+    - name: Time Zone | Set 'timezone' variable from curl fallback       ansible.builtin.set_fact:         timezone: "{{ system_curl_timezone.stdout | trim }}"-        timezone_string: "Time zone: {{ timezone }}"  - name: Time Zone | Check if timezone is valid   ansible.builtin.fail:-    msg: "Invalid timezone given, given timezone was {{ timezone }}\"."-  when: (timezone_list.stdout is defined) and timezone not in timezone_list.stdout+    msg: "Invalid timezone given, given timezone was {{ timezone }}."+  when: (timezone_list.stdout_lines is defined) and timezone not in timezone_list.stdout_lines++- name: Time Zone | Set 'timezone_string' variable+  ansible.builtin.set_fact:+    timezone_string: "Time zone: {{ timezone }}"  - name: Time Zone | Set timezone   ansible.builtin.shell: "timedatectl set-timezone {{ timezone }}; timedatectl"

modified

roles/tautulli/defaults/main.yml

@@ -17,155 +17,112 @@ # Paths ################################ -tautulli_paths_folder: "{{ tautulli_name }}"-tautulli_paths_location: "{{ server_appdata_path }}/{{ tautulli_paths_folder }}"-tautulli_paths_scripts_location: "{{ server_appdata_path }}/scripts/tautulli"-tautulli_paths_folders_list:-  - "{{ tautulli_paths_location }}"-  - "{{ tautulli_paths_scripts_location }}"+tautulli_role_paths_folder: "{{ tautulli_name }}"+tautulli_role_paths_location: "{{ server_appdata_path }}/{{ tautulli_role_paths_folder }}"+tautulli_role_paths_scripts_location: "{{ server_appdata_path }}/scripts/tautulli"+tautulli_role_paths_folders_list:+  - "{{ tautulli_role_paths_location }}"+  - "{{ tautulli_role_paths_scripts_location }}"  ################################ # Web ################################ -tautulli_web_subdomain: "{{ tautulli_name }}"-tautulli_web_domain: "{{ user.domain }}"-tautulli_web_port: "8181"-tautulli_web_url: "{{ 'https://' + (lookup('vars', tautulli_name + '_web_subdomain', default=tautulli_web_subdomain) + '.' + lookup('vars', tautulli_name + '_web_domain', default=tautulli_web_domain)-                   if (lookup('vars', tautulli_name + '_web_subdomain', default=tautulli_web_subdomain) | length > 0)-                   else lookup('vars', tautulli_name + '_web_domain', default=tautulli_web_domain)) }}"+tautulli_role_web_subdomain: "{{ tautulli_name }}"+tautulli_role_web_domain: "{{ user.domain }}"+tautulli_role_web_port: "8181"+tautulli_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='tautulli') + '.' + lookup('role_var', '_web_domain', role='tautulli')+                        if (lookup('role_var', '_web_subdomain', role='tautulli') | length > 0)+                        else lookup('role_var', '_web_domain', role='tautulli')) }}"  ################################ # DNS ################################ -tautulli_dns_record: "{{ lookup('vars', tautulli_name + '_web_subdomain', default=tautulli_web_subdomain) }}"-tautulli_dns_zone: "{{ lookup('vars', tautulli_name + '_web_domain', default=tautulli_web_domain) }}"-tautulli_dns_proxy: "{{ dns.proxied }}"+tautulli_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='tautulli') }}"+tautulli_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='tautulli') }}"+tautulli_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -tautulli_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-tautulli_traefik_middleware_default: "{{ traefik_default_middleware-                                         + (',themepark-' + lookup('vars', tautulli_name + '_name', default=tautulli_name)-                                           if (tautulli_themepark_enabled and global_themepark_plugin_enabled)-                                           else '') }}"-tautulli_traefik_middleware_custom: ""-tautulli_traefik_certresolver: "{{ traefik_default_certresolver }}"-tautulli_traefik_enabled: true-tautulli_traefik_api_enabled: true-tautulli_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/newsletter`) || PathPrefix(`/image`) || PathPrefix(`/pms_image_proxy`)"-tautulli_traefik_gzip_enabled: false+tautulli_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+tautulli_role_traefik_middleware_default: "{{ traefik_default_middleware+                                              + (',themepark-' + tautulli_name+                                                if (lookup('role_var', '_themepark_enabled', role='tautulli') and global_themepark_plugin_enabled)+                                                else '') }}"+tautulli_role_traefik_middleware_custom: ""+tautulli_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+tautulli_role_traefik_enabled: true+tautulli_role_traefik_api_enabled: true+tautulli_role_traefik_api_endpoint: "PathPrefix(`/api`) || PathPrefix(`/newsletter`) || PathPrefix(`/image`) || PathPrefix(`/pms_image_proxy`)"+tautulli_role_traefik_gzip_enabled: false  ################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-tautulli_themepark_enabled: false-tautulli_themepark_app: "tautulli"-tautulli_themepark_theme: "{{ global_themepark_theme }}"-tautulli_themepark_domain: "{{ global_themepark_domain }}"-tautulli_themepark_addons: []+tautulli_role_themepark_enabled: false+tautulli_role_themepark_app: "tautulli"+tautulli_role_themepark_theme: "{{ global_themepark_theme }}"+tautulli_role_themepark_domain: "{{ global_themepark_domain }}"+tautulli_role_themepark_addons: []  ################################ # Docker ################################  # Container-tautulli_docker_container: "{{ tautulli_name }}"+tautulli_role_docker_container: "{{ tautulli_name }}"  # Image-tautulli_docker_image_pull: true-tautulli_docker_image_repo: "ghcr.io/hotio/tautulli"-tautulli_docker_image_tag: "release"-tautulli_docker_image: "{{ lookup('vars', tautulli_name + '_docker_image_repo', default=tautulli_docker_image_repo)-                           + ':' + lookup('vars', tautulli_name + '_docker_image_tag', default=tautulli_docker_image_tag) }}"--# Ports-tautulli_docker_ports_defaults: []-tautulli_docker_ports_custom: []-tautulli_docker_ports: "{{ lookup('vars', tautulli_name + '_docker_ports_defaults', default=tautulli_docker_ports_defaults)-                           + lookup('vars', tautulli_name + '_docker_ports_custom', default=tautulli_docker_ports_custom) }}"+tautulli_role_docker_image_pull: true+tautulli_role_docker_image_repo: "ghcr.io/hotio/tautulli"+tautulli_role_docker_image_tag: "release"+tautulli_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='tautulli') }}:{{ lookup('role_var', '_docker_image_tag', role='tautulli') }}"  # Envs-tautulli_docker_envs_default:+tautulli_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-tautulli_docker_envs_custom: {}-tautulli_docker_envs: "{{ lookup('vars', tautulli_name + '_docker_envs_default', default=tautulli_docker_envs_default)-                          | combine(lookup('vars', tautulli_name + '_docker_envs_custom', default=tautulli_docker_envs_custom)) }}"--# Commands-tautulli_docker_commands_default: []-tautulli_docker_commands_custom: []-tautulli_docker_commands: "{{ lookup('vars', tautulli_name + '_docker_commands_default', default=tautulli_docker_commands_default)-                              + lookup('vars', tautulli_name + '_docker_commands_custom', default=tautulli_docker_commands_custom) }}"+tautulli_role_docker_envs_custom: {}+tautulli_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='tautulli')+                               | combine(lookup('role_var', '_docker_envs_custom', role='tautulli')) }}"  # Volumes-tautulli_docker_volumes_default:-  - "{{ tautulli_paths_location }}:/config"+tautulli_role_docker_volumes_default:+  - "{{ tautulli_role_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-tautulli_docker_volumes_custom: []-tautulli_docker_volumes: "{{ lookup('vars', tautulli_name + '_docker_volumes_default', default=tautulli_docker_volumes_default)-                             + lookup('vars', tautulli_name + '_docker_volumes_custom', default=tautulli_docker_volumes_custom) }}"--# Devices-tautulli_docker_devices_default: []-tautulli_docker_devices_custom: []-tautulli_docker_devices: "{{ lookup('vars', tautulli_name + '_docker_devices_default', default=tautulli_docker_devices_default)-                             + lookup('vars', tautulli_name + '_docker_devices_custom', default=tautulli_docker_devices_custom) }}"--# Hosts-tautulli_docker_hosts_default: {}-tautulli_docker_hosts_custom: {}-tautulli_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', tautulli_name + '_docker_hosts_default', default=tautulli_docker_hosts_default))-                           | combine(lookup('vars', tautulli_name + '_docker_hosts_custom', default=tautulli_docker_hosts_custom)) }}"+tautulli_role_docker_volumes_custom: []+tautulli_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='tautulli')+                                  + lookup('role_var', '_docker_volumes_custom', role='tautulli') }}"  # Labels-tautulli_docker_labels_default: {}-tautulli_docker_labels_custom: {}-tautulli_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', tautulli_name + '_docker_labels_default', default=tautulli_docker_labels_default))-                            | combine((traefik_themepark_labels-                                      if (tautulli_themepark_enabled and global_themepark_plugin_enabled)-                                      else {}),-                                      lookup('vars', tautulli_name + '_docker_labels_custom', default=tautulli_docker_labels_custom)) }}"+tautulli_role_docker_labels_default: {}+tautulli_role_docker_labels_custom: {}+tautulli_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='tautulli')+                                 | combine((traefik_themepark_labels+                                           if (lookup('role_var', '_themepark_enabled', role='tautulli') and global_themepark_plugin_enabled)+                                           else {}),+                                           lookup('role_var', '_docker_labels_custom', role='tautulli')) }}"  # Hostname-tautulli_docker_hostname: "{{ tautulli_name }}"--# Network Mode-tautulli_docker_network_mode_default: "{{ docker_networks_name_common }}"-tautulli_docker_network_mode: "{{ lookup('vars', tautulli_name + '_docker_network_mode_default', default=tautulli_docker_network_mode_default) }}"+tautulli_role_docker_hostname: "{{ tautulli_name }}"  # Networks-tautulli_docker_networks_alias: "{{ tautulli_name }}"-tautulli_docker_networks_default: []-tautulli_docker_networks_custom: []-tautulli_docker_networks: "{{ docker_networks_common-                              + lookup('vars', tautulli_name + '_docker_networks_default', default=tautulli_docker_networks_default)-                              + lookup('vars', tautulli_name + '_docker_networks_custom', default=tautulli_docker_networks_custom) }}"--# Capabilities-tautulli_docker_capabilities_default: []-tautulli_docker_capabilities_custom: []-tautulli_docker_capabilities: "{{ lookup('vars', tautulli_name + '_docker_capabilities_default', default=tautulli_docker_capabilities_default)-                                  + lookup('vars', tautulli_name + '_docker_capabilities_custom', default=tautulli_docker_capabilities_custom) }}"--# Security Opts-tautulli_docker_security_opts_default: []-tautulli_docker_security_opts_custom: []-tautulli_docker_security_opts: "{{ lookup('vars', tautulli_name + '_docker_security_opts_default', default=tautulli_docker_security_opts_default)-                                   + lookup('vars', tautulli_name + '_docker_security_opts_custom', default=tautulli_docker_security_opts_custom) }}"+tautulli_role_docker_networks_alias: "{{ tautulli_name }}"+tautulli_role_docker_networks_default: []+tautulli_role_docker_networks_custom: []+tautulli_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='tautulli')+                                   + lookup('role_var', '_docker_networks_custom', role='tautulli') }}"  # Restart Policy-tautulli_docker_restart_policy: unless-stopped+tautulli_role_docker_restart_policy: unless-stopped  # State-tautulli_docker_state: started+tautulli_role_docker_state: started

modified

roles/tautulli/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/traefik/defaults/main.yml

@@ -18,36 +18,13 @@ ################################  traefik_trusted_ips: ""-traefik_cloudflare_ips:-  - 173.245.48.0/20-  - 103.21.244.0/22-  - 103.22.200.0/22-  - 103.31.4.0/22-  - 141.101.64.0/18-  - 108.162.192.0/18-  - 190.93.240.0/20-  - 188.114.96.0/20-  - 197.234.240.0/22-  - 198.41.128.0/17-  - 162.158.0.0/15-  - 104.16.0.0/13-  - 104.24.0.0/14-  - 172.64.0.0/13-  - 131.0.72.0/22-  - 2400:cb00::/32-  - 2606:4700::/32-  - 2803:f800::/32-  - 2405:b500::/32-  - 2405:8100::/32-  - 2a06:98c0::/29-  - 2c0f:f248::/32 traefik_plugin_cloudflarewarp_enabled: true traefik_file_watch: "true" traefik_x_robots: "none,noarchive,nosnippet,notranslate,noimageindex" # HTTP3 can cause issues with some apps traefik_http3: false traefik_tailscale_enabled: false-# traefik_tailscale_bind_ip: "" # Set to override the WANIP port binding when server is not connected directly to the Internet.+# traefik_tailscale_bind_ip: "" # Set to override the WAN IP port binding when server is not connected directly to the Internet. # traefik_tailscale_bind_ipv6: "" # Same but IPv6 traefik_entrypoint_web_port: "80" traefik_entrypoint_web_readtimeout: "600"@@ -75,13 +52,13 @@ #     type: both traefik_dns_resolvers: "1.1.1.1:53,1.0.0.1:53" traefik_disable_propagation_check: false-traefik_enable_http_validation: "{{ traefik_http or traefik.cert.http_validation }}"+traefik_enable_http_validation: "{{ traefik_http or (traefik.cert.http_validation | bool) }}" traefik_enable_zerossl: true # Path is internal to the container, so a host path of /opt/traefik/ban.html becomes /etc/traefik/ban.html traefik_crowdsec_ban_filepath: "/etc/traefik/ban.html"-# Entrypoint HTTP Settings+# Entrypoint Path Sanitization Settings traefik_sanitize_path: true-# Encoded characters settings (applied to all entrypoints)+# Entrypoint Encoded characters settings (applied to all entrypoints) traefik_encoded_allow_slash: true traefik_encoded_allow_backslash: true traefik_encoded_allow_null: true@@ -116,64 +93,75 @@   - "{{ item.value.port }}:{{ item.value.port }}/udp"  traefik_entrypoint_http_settings_template:+  - "--entrypoints.{{ item.key }}.http.sanitizePath={{ traefik_sanitize_path | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedSlash={{ traefik_encoded_allow_slash | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedBackSlash={{ traefik_encoded_allow_backslash | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedNullCharacter={{ traefik_encoded_allow_null | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedSemicolon={{ traefik_encoded_allow_semicolon | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedPercent={{ traefik_encoded_allow_percent | string | lower }}"+  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedQuestionMark={{ traefik_encoded_allow_question_mark | string | lower }}"   - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedHash={{ traefik_encoded_allow_hash | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedQuestionMark={{ traefik_encoded_allow_question_mark | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedPercent={{ traefik_encoded_allow_percent | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedSemicolon={{ traefik_encoded_allow_semicolon | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedNullCharacter={{ traefik_encoded_allow_null | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedBackSlash={{ traefik_encoded_allow_backslash | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.encodedCharacters.allowEncodedSlash={{ traefik_encoded_allow_slash | string | lower }}"-  - "--entrypoints.{{ item.key }}.http.sanitizePath={{ traefik_sanitize_path | string | lower }}"++traefik_trusted_ips_template: "{{ traefik_trusted_ips+                               if (traefik_trusted_ips | length > 0)+                               else '' }}"++################################+# Lookups+################################++traefik_zerossl_file_ini: "{{ server_appdata_path }}/saltbox/zerossl.ini"  ################################ # Booleans ################################ -traefik_authelia_enabled: "{{ 'authelia' in traefik_default_sso_middleware }}"-traefik_authentik_enabled: "{{ 'authentik' in traefik_default_sso_middleware }}"+traefik_role_authelia_enabled: "{{ 'authelia' in traefik_default_sso_middleware }}"+traefik_role_authentik_enabled: "{{ 'authentik' in traefik_default_sso_middleware }}"+traefik_role_metrics_enabled: "{{ traefik.metrics | bool }}"  ################################ # Paths ################################ -traefik_paths_folder: "{{ traefik_name }}"-traefik_paths_location: "{{ server_appdata_path }}/{{ traefik_paths_folder }}"-traefik_paths_acme_config_location: "{{ traefik_paths_location }}/acme.json"-traefik_paths_folders_list:-  - "{{ traefik_paths_location }}"+traefik_role_paths_folder: "{{ traefik_name }}"+traefik_role_paths_location: "{{ server_appdata_path }}/{{ traefik_role_paths_folder }}"+traefik_role_paths_acme_config_location: "{{ traefik_role_paths_location }}/acme.json"+traefik_role_paths_folders_list:+  - "{{ traefik_role_paths_location }}"  ################################ # Web ################################ -traefik_web_subdomain: "{{ traefik.subdomains.dash }}"-traefik_web_domain: "{{ user.domain }}"-traefik_metrics_subdomain: "{{ traefik.subdomains.metrics }}"-traefik_metrics_domain: "{{ user.domain }}"+traefik_role_web_subdomain: "{{ traefik.subdomains.dash }}"+traefik_role_web_domain: "{{ user.domain }}"+traefik_role_metrics_subdomain: "{{ traefik.subdomains.metrics }}"+traefik_role_metrics_domain: "{{ user.domain }}"  ################################ # Logging ################################ -traefik_log_level: "ERROR"-traefik_log_file: true-traefik_log_max_size: "10"-traefik_log_max_backups: "3"-traefik_log_max_age: "3"-traefik_log_compress: "true"-traefik_access_log: true-traefik_access_buffer: 100+traefik_role_log_level: "ERROR"+traefik_role_log_file: true+traefik_role_log_max_size: "10"+traefik_role_log_max_backups: "3"+traefik_role_log_max_age: "3"+traefik_role_log_compress: "true"+traefik_role_access_log: true+traefik_role_access_buffer: 100  ################################ # DNS ################################ -traefik_dns_record: "{{ traefik_web_subdomain }}"-traefik_dns_zone: "{{ traefik_web_domain }}"-traefik_dns_proxy: "{{ dns.proxied }}"-traefik_metrics_dns_record: "{{ traefik_metrics_subdomain }}"-traefik_metrics_dns_zone: "{{ traefik_metrics_domain }}"-traefik_metrics_dns_proxy: "{{ dns.proxied }}"+traefik_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='traefik') }}"+traefik_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='traefik') }}"+traefik_role_dns_proxy: "{{ dns_proxied }}"+traefik_role_metrics_dns_record: "{{ lookup('role_var', '_metrics_subdomain', role='traefik') }}"+traefik_role_metrics_dns_zone: "{{ lookup('role_var', '_metrics_domain', role='traefik') }}"+traefik_role_metrics_dns_proxy: "{{ dns_proxied }}"  ################################ # DNS Provider@@ -244,51 +232,52 @@ ################################  # Container-traefik_docker_container: "{{ traefik_name }}"+traefik_role_docker_container: "{{ traefik_name }}"  # Image-traefik_docker_image_pull: true-traefik_docker_image_tag: "v3.6"-traefik_docker_image: "traefik:{{ traefik_docker_image_tag }}"+traefik_role_docker_image_pull: true+traefik_role_docker_image_repo: "traefik"+traefik_role_docker_image_tag: "v3.6"+traefik_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='traefik') }}:{{ lookup('role_var', '_docker_image_tag', role='traefik') }}"  # Ports-traefik_docker_ports_defaults:+traefik_role_docker_ports_default:   - "{{ traefik_entrypoint_web_port }}:{{ traefik_entrypoint_web_port }}/tcp"   - "{{ traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/tcp"   - "{{ traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/udp"-traefik_docker_ports_tailscale_ipv4_defaults:+traefik_role_docker_ports_tailscale_ipv4_default:   - "{{ lookup('vars', 'traefik_tailscale_bind_ip', default=ip_address_public) + ':' + traefik_entrypoint_web_port }}:{{ traefik_entrypoint_web_port }}/tcp"   - "{{ lookup('vars', 'traefik_tailscale_bind_ip', default=ip_address_public) + ':' + traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/tcp"   - "{{ lookup('vars', 'traefik_tailscale_bind_ip', default=ip_address_public) + ':' + traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/udp"   - "{{ tailscale_ipv4 + ':' + traefik_entrypoint_web_port }}:81/tcp"   - "{{ tailscale_ipv4 + ':' + traefik_entrypoint_websecure_port }}:444/tcp"   - "{{ tailscale_ipv4 + ':' + traefik_entrypoint_websecure_port }}:444/udp"-traefik_docker_ports_tailscale_ipv6_defaults:+traefik_role_docker_ports_tailscale_ipv6_default:   - "{{ '[' + lookup('vars', 'traefik_tailscale_bind_ipv6', default=ipv6_address_public) + ']:' + traefik_entrypoint_web_port }}:{{ traefik_entrypoint_web_port }}/tcp"   - "{{ '[' + lookup('vars', 'traefik_tailscale_bind_ipv6', default=ipv6_address_public) + ']:' + traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/tcp"   - "{{ '[' + lookup('vars', 'traefik_tailscale_bind_ipv6', default=ipv6_address_public) + ']:' + traefik_entrypoint_websecure_port }}:{{ traefik_entrypoint_websecure_port }}/udp"   - "{{ '[' + tailscale_ipv6 + ']:' + traefik_entrypoint_web_port }}:81/tcp"   - "{{ '[' + tailscale_ipv6 + ']:' + traefik_entrypoint_websecure_port }}:444/tcp"   - "{{ '[' + tailscale_ipv6 + ']:' + traefik_entrypoint_websecure_port }}:444/udp"-traefik_docker_ports_custom: []-traefik_docker_ports: "{{ (traefik_docker_ports_defaults-                          if not traefik_tailscale_enabled-                          else traefik_docker_ports_tailscale_ipv4_defaults-                               + (traefik_docker_ports_tailscale_ipv6_defaults-                                 if dns.ipv6-                                 else []))-                          + traefik_docker_ports_custom }}"+traefik_role_docker_ports_custom: []+traefik_role_docker_ports: "{{ (lookup('role_var', '_docker_ports_default', role='traefik')+                               if not traefik_tailscale_enabled+                               else lookup('role_var', '_docker_ports_tailscale_ipv4_default', role='traefik')+                                    + (lookup('role_var', '_docker_ports_tailscale_ipv6_default', role='traefik')+                                      if dns_ipv6_enabled+                                      else []))+                               + lookup('role_var', '_docker_ports_custom', role='traefik') }}"  # Envs-traefik_docker_envs_default:+traefik_role_docker_envs_default:   TZ: "{{ tz }}"-traefik_docker_envs_custom: {}-traefik_docker_envs: "{{ traefik_docker_envs_default-                         | combine(lookup('vars', 'traefik_dns_provider_' + traefik_challenge_provider, default={}))-                         | combine(traefik_docker_envs_custom) }}"+traefik_role_docker_envs_custom: {}+traefik_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='traefik')+                              | combine(lookup('vars', 'traefik_dns_provider_' + traefik_challenge_provider, default={}))+                              | combine(lookup('role_var', '_docker_envs_custom', role='traefik')) }}"  # Commands-traefik_docker_commands_default:+traefik_role_docker_commands_default:   - "--global.sendanonymoususage=false"   - "--providers.file.directory=/etc/traefik"   - "--providers.file.watch={{ traefik_file_watch }}"@@ -304,8 +293,8 @@   - "--entrypoints.internal.http.encodedCharacters.allowEncodedQuestionMark={{ traefik_encoded_allow_question_mark | string | lower }}"   - "--entrypoints.internal.http.encodedCharacters.allowEncodedHash={{ traefik_encoded_allow_hash | string | lower }}"   - "--entrypoints.web.address=:{{ traefik_entrypoint_web_port }}"-  - "{{ '--entrypoints.web.forwardedheaders.trustedIPs=' + (traefik_cloudflare_ips | join(',')) + (',' + traefik_trusted_ips if (traefik_trusted_ips | length > 0) else '') }}"-  - "{{ '--entrypoints.web.proxyprotocol.trustedIPs=' + (traefik_cloudflare_ips | join(',')) + (',' + traefik_trusted_ips if (traefik_trusted_ips | length > 0) else '') }}"+  - "{{ ('--entrypoints.web.forwardedheaders.trustedIPs=' + traefik_trusted_ips_template) if (traefik_trusted_ips_template | length > 0) else omit }}"+  - "{{ ('--entrypoints.web.proxyprotocol.trustedIPs=' + traefik_trusted_ips_template) if (traefik_trusted_ips_template | length > 0) else omit }}"   - "--entrypoints.web.transport.respondingTimeouts.readTimeout={{ traefik_entrypoint_web_readtimeout }}"   - "--entrypoints.web.transport.respondingTimeouts.writeTimeout={{ traefik_entrypoint_web_writetimeout }}"   - "--entrypoints.web.transport.respondingTimeouts.idleTimeout={{ traefik_entrypoint_web_idletimeout }}"@@ -319,8 +308,8 @@   - "--entrypoints.web.http.encodedCharacters.allowEncodedQuestionMark={{ traefik_encoded_allow_question_mark | string | lower }}"   - "--entrypoints.web.http.encodedCharacters.allowEncodedHash={{ traefik_encoded_allow_hash | string | lower }}"   - "--entrypoints.websecure.address=:{{ traefik_entrypoint_websecure_port }}"-  - "{{ '--entrypoints.websecure.forwardedheaders.trustedIPs=' + (traefik_cloudflare_ips | join(',')) + (',' + traefik_trusted_ips if (traefik_trusted_ips | length > 0) else '') }}"-  - "{{ '--entrypoints.websecure.proxyprotocol.trustedIPs=' + (traefik_cloudflare_ips | join(',')) + (',' + traefik_trusted_ips if (traefik_trusted_ips | length > 0) else '') }}"+  - "{{ ('--entrypoints.websecure.forwardedheaders.trustedIPs=' + traefik_trusted_ips_template) if (traefik_trusted_ips_template | length > 0) else omit }}"+  - "{{ ('--entrypoints.websecure.proxyprotocol.trustedIPs=' + traefik_trusted_ips_template) if (traefik_trusted_ips_template | length > 0) else omit }}"   - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout={{ traefik_entrypoint_websecure_readtimeout }}"   - "--entrypoints.websecure.transport.respondingTimeouts.writeTimeout={{ traefik_entrypoint_websecure_writetimeout }}"   - "--entrypoints.websecure.transport.respondingTimeouts.idleTimeout={{ traefik_entrypoint_websecure_idletimeout }}"@@ -336,26 +325,26 @@   - "--entrypoints.websecure.http.tls.certResolver={{ traefik_default_certresolver }}"   - "--api.dashboard=true"   - "--api=true"-  - "--log.level={{ traefik_log_level }}"-  - "{{ '--log.filepath=/etc/traefik/traefik.log' if traefik_log_file else omit }}"-  - "{{ '--log.maxsize=' + traefik_log_max_size if traefik_log_file else omit }}"-  - "{{ '--log.maxbackups=' + traefik_log_max_backups if traefik_log_file else omit }}"-  - "{{ '--log.maxage=' + traefik_log_max_age if traefik_log_file else omit }}"-  - "{{ '--log.compress=' + traefik_log_compress if traefik_log_file else omit }}"-  - "{{ '--log.nocolor=true' if traefik_log_file else omit }}"-  - "--accesslog={{ traefik_access_log }}"+  - "--log.level={{ lookup('role_var', '_log_level', role='traefik') }}"+  - "{{ ('--log.filepath=/etc/traefik/traefik.log') if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "{{ ('--log.maxsize=' + lookup('role_var', '_log_max_size', role='traefik')) if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "{{ ('--log.maxbackups=' + lookup('role_var', '_log_max_backups', role='traefik')) if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "{{ ('--log.maxage=' + lookup('role_var', '_log_max_age', role='traefik')) if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "{{ ('--log.compress=' + lookup('role_var', '_log_compress', role='traefik')) if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "{{ '--log.nocolor=true' if lookup('role_var', '_log_file', role='traefik') else omit }}"+  - "--accesslog={{ lookup('role_var', '_access_log', role='traefik') }}"   - "--accesslog.fields.names.StartUTC=drop"   - "--accesslog.fields.headers.names.User-Agent=keep"   - "--accesslog.fields.headers.names.Content-Type=keep"   - "--accesslog.filepath=/etc/traefik/access.log"-  - "--accesslog.bufferingsize={{ traefik_access_buffer }}"+  - "--accesslog.bufferingsize={{ lookup('role_var', '_access_buffer', role='traefik') }}"   - "--certificatesresolvers.cfdns.acme.dnschallenge.provider={{ traefik_challenge_provider }}"-  - "{{ '--certificatesresolvers.cfdns.acme.dnschallenge.resolvers=' + traefik_dns_resolvers if (traefik_dns_resolvers | length > 0) else omit }}"+  - "{{ ('--certificatesresolvers.cfdns.acme.dnschallenge.resolvers=' + traefik_dns_resolvers) if (traefik_dns_resolvers | length > 0) else omit }}"   - "--certificatesresolvers.cfdns.acme.email={{ user.email }}"   - "--certificatesresolvers.cfdns.acme.storage=/etc/traefik/acme.json"   - "{{ '--certificatesresolvers.cfdns.acme.dnschallenge.propagation.delayBeforeChecks=60s' if traefik_disable_propagation_check else omit }}"   - "{{ '--certificatesresolvers.cfdns.acme.dnschallenge.propagation.disableChecks=true' if traefik_disable_propagation_check else omit }}"-traefik_docker_commands_zerossl_acme:+traefik_role_docker_commands_zerossl_acme:   - "--certificatesresolvers.zerossl.acme.dnschallenge.provider={{ traefik_challenge_provider }}"   - "{{ '--certificatesresolvers.zerossl.acme.dnschallenge.resolvers=' + traefik_dns_resolvers if (traefik_dns_resolvers | length > 0) else omit }}"   - "--certificatesresolvers.zerossl.acme.email={{ user.email }}"@@ -365,20 +354,20 @@   - "--certificatesresolvers.zerossl.acme.storage=/etc/traefik/acme.json"   - "{{ '--certificatesresolvers.zerossl.acme.dnschallenge.propagation.delayBeforeChecks=60s' if traefik_disable_propagation_check else omit }}"   - "{{ '--certificatesresolvers.zerossl.acme.dnschallenge.propagation.disableChecks=true' if traefik_disable_propagation_check else omit }}"-traefik_docker_commands_http_validation_acme:+traefik_role_docker_commands_http_validation_acme:   - "--certificatesresolvers.httpresolver.acme.httpchallenge.entrypoint=web"   - "--certificatesresolvers.httpresolver.acme.email={{ user.email }}"   - "--certificatesresolvers.httpresolver.acme.storage=/etc/traefik/acme.json"-traefik_docker_commands_http_validation_acme_zerossl:+traefik_role_docker_commands_http_validation_acme_zerossl:   - "--certificatesresolvers.zerosslhttp.acme.httpchallenge.entrypoint=web"   - "--certificatesresolvers.zerosslhttp.acme.email={{ user.email }}"   - "--certificatesresolvers.zerosslhttp.acme.caserver=https://acme.zerossl.com/v2/DV90"   - "--certificatesresolvers.zerosslhttp.acme.eab.kid={{ traefik_zerossl_kid | default('') }}"   - "--certificatesresolvers.zerosslhttp.acme.eab.hmacencoded={{ traefik_zerossl_hmacencoded | default('') }}"   - "--certificatesresolvers.zerosslhttp.acme.storage=/etc/traefik/acme.json"-traefik_docker_commands_google_acme:+traefik_role_docker_commands_google_acme:   - "--certificatesresolvers.google.acme.dnschallenge.provider={{ traefik_challenge_provider }}"-  - "{{ '--certificatesresolvers.google.acme.dnschallenge.resolvers=' + traefik_dns_resolvers if (traefik_dns_resolvers | length > 0) else omit }}"+  - "{{ ('--certificatesresolvers.google.acme.dnschallenge.resolvers=' + traefik_dns_resolvers) if (traefik_dns_resolvers | length > 0) else omit }}"   - "--certificatesresolvers.google.acme.email={{ user.email }}"   - "--certificatesresolvers.google.acme.caserver=https://dv.acme-v02.api.pki.goog/directory"   - "--certificatesresolvers.google.acme.eab.kid={{ traefik_google_kid | default('') }}"@@ -386,28 +375,28 @@   - "--certificatesresolvers.google.acme.storage=/etc/traefik/acme.json"   - "{{ '--certificatesresolvers.google.acme.dnschallenge.propagation.delayBeforeChecks=60s' if traefik_disable_propagation_check else omit }}"   - "{{ '--certificatesresolvers.google.acme.dnschallenge.propagation.disableChecks=true' if traefik_disable_propagation_check else omit }}"-traefik_docker_commands_google_acme_http:+traefik_role_docker_commands_google_acme_http:   - "--certificatesresolvers.googlehttp.acme.httpchallenge.entrypoint=web"   - "--certificatesresolvers.googlehttp.acme.email={{ user.email }}"   - "--certificatesresolvers.googlehttp.acme.caserver=https://dv.acme-v02.api.pki.goog/directory"   - "--certificatesresolvers.googlehttp.acme.eab.kid={{ traefik_google_kid | default('') }}"   - "--certificatesresolvers.googlehttp.acme.eab.hmacencoded={{ traefik_google_hmacencoded | default('') }}"   - "--certificatesresolvers.googlehttp.acme.storage=/etc/traefik/acme.json"-traefik_docker_commands_metrics:+traefik_role_docker_commands_metrics:   - "--metrics.prometheus=true"   - "--metrics.prometheus.addentrypointslabels=true"   - "--metrics.prometheus.addrouterslabels=true"   - "--metrics.prometheus.addserviceslabels=true"   - "--metrics.prometheus.manualrouting=true"-traefik_docker_commands_cloudflarewarp_plugin:-  - "--experimental.plugins.cloudflarewarp.modulename=github.com/BetterCorp/cloudflarewarp"-  - "--experimental.plugins.cloudflarewarp.version=v1.3.3"-traefik_docker_commands_themepark_plugin:+traefik_role_docker_commands_cloudflarewarp_plugin:+  - "--experimental.plugins.cloudflarewarp.modulename=github.com/saltyorg/cloudflarewarp"+  - "--experimental.plugins.cloudflarewarp.version=v1.0.0"+traefik_role_docker_commands_themepark_plugin:   - "--experimental.plugins.themepark.modulename=github.com/packruler/traefik-themepark"   - "--experimental.plugins.themepark.version=v1.4.2"-traefik_docker_commands_http3:+traefik_role_docker_commands_http3:   - "--entrypoints.websecure.http3.advertisedport={{ traefik_entrypoint_websecure_port }}"-traefik_docker_commands_tailscale:+traefik_role_docker_commands_tailscale:   - "--entrypoints.tailscale-web.address=:81"   - "--entrypoints.tailscale-web.http.sanitizePath={{ traefik_sanitize_path | string | lower }}"   - "--entrypoints.tailscale-web.http.encodedCharacters.allowEncodedSlash={{ traefik_encoded_allow_slash | string | lower }}"@@ -426,81 +415,74 @@   - "--entrypoints.tailscale-websecure.http.encodedCharacters.allowEncodedPercent={{ traefik_encoded_allow_percent | string | lower }}"   - "--entrypoints.tailscale-websecure.http.encodedCharacters.allowEncodedQuestionMark={{ traefik_encoded_allow_question_mark | string | lower }}"   - "--entrypoints.tailscale-websecure.http.encodedCharacters.allowEncodedHash={{ traefik_encoded_allow_hash | string | lower }}"-traefik_docker_commands_crowdsec:+traefik_role_docker_commands_crowdsec:   - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"   - "--experimental.plugins.bouncer.version=v1.4.4"-traefik_docker_commands_custom: []-traefik_docker_commands: "{{ traefik_docker_commands_default-                             + traefik_docker_commands_custom-                             + (traefik_docker_commands_metrics-                               if traefik.metrics-                               else [])-                             + (traefik_docker_commands_cloudflarewarp_plugin-                               if traefik_plugin_cloudflarewarp_enabled and cloudflare_is_enabled-                               else [])-                             + (traefik_docker_commands_themepark_plugin-                               if global_themepark_plugin_enabled-                               else [])-                             + (traefik_docker_commands_zerossl_acme-                               if (traefik_enable_zerossl)-                               else [])-                             + (traefik_docker_commands_http_validation_acme_zerossl-                               if (traefik_enable_http_validation and traefik_enable_zerossl)-                               else [])-                             + (traefik_docker_commands_http_validation_acme-                               if (traefik_enable_http_validation)-                               else [])-                             + (traefik_docker_commands_google_acme-                               if (traefik_google_kid is defined) and (traefik_google_hmacencoded is defined)-                               else [])-                             + (traefik_docker_commands_google_acme_http-                               if (traefik_google_kid is defined) and (traefik_google_hmacencoded is defined) and (traefik_enable_http_validation)-                               else [])-                             + (traefik_docker_commands_http3-                               if traefik_http3-                               else [])-                             + (traefik_docker_commands_tailscale-                               if traefik_tailscale_enabled-                               else [])-                             + (traefik_docker_commands_crowdsec-                               if crowdsec_is_enabled-                               else [])-                             + custom_entrypoints }}"+traefik_role_docker_commands_custom: []+traefik_role_docker_commands: "{{ lookup('role_var', '_docker_commands_default', role='traefik')+                                  + lookup('role_var', '_docker_commands_custom', role='traefik')+                                  + (lookup('role_var', '_docker_commands_metrics', role='traefik')+                                    if (lookup('role_var', '_metrics_enabled', role='traefik'))+                                    else [])+                                  + (lookup('role_var', '_docker_commands_cloudflarewarp_plugin', role='traefik')+                                    if traefik_plugin_cloudflarewarp_enabled and cloudflare_is_enabled+                                    else [])+                                  + (lookup('role_var', '_docker_commands_themepark_plugin', role='traefik')+                                    if global_themepark_plugin_enabled+                                    else [])+                                  + (lookup('role_var', '_docker_commands_zerossl_acme', role='traefik')+                                    if (traefik_enable_zerossl)+                                    else [])+                                  + (lookup('role_var', '_docker_commands_http_validation_acme_zerossl', role='traefik')+                                    if (traefik_enable_http_validation and traefik_enable_zerossl)+                                    else [])+                                  + (lookup('role_var', '_docker_commands_http_validation_acme', role='traefik')+                                    if (traefik_enable_http_validation)+                                    else [])+                                  + (lookup('role_var', '_docker_commands_google_acme', role='traefik')+                                    if (traefik_google_kid is defined) and (traefik_google_hmacencoded is defined)+                                    else [])+                                  + (lookup('role_var', '_docker_commands_google_acme_http', role='traefik')+                                    if (traefik_google_kid is defined) and (traefik_google_hmacencoded is defined) and (traefik_enable_http_validation)+                                    else [])+                                  + (lookup('role_var', '_docker_commands_http3', role='traefik')+                                    if traefik_http3+                                    else [])+                                  + (lookup('role_var', '_docker_commands_tailscale', role='traefik')+                                    if traefik_tailscale_enabled+                                    else [])+                                  + (lookup('role_var', '_docker_commands_crowdsec', role='traefik')+                                    if crowdsec_is_enabled+                                    else [])+                                  + custom_entrypoints }}"  # Volumes-traefik_docker_volumes_default:-  - "/var/run/docker.sock:/var/run/docker.sock:ro"-  - "{{ traefik_paths_location }}:/etc/traefik"-traefik_docker_volumes_custom: []-traefik_docker_volumes: "{{ traefik_docker_volumes_default-                            + traefik_docker_volumes_custom }}"--# Devices-traefik_docker_devices_default: []-traefik_docker_devices_custom: []-traefik_docker_devices: "{{ traefik_docker_devices_default-                            + traefik_docker_devices_custom }}"+traefik_role_docker_volumes_default:+  - "/var/run/docker.sock:/var/run/docker.sock"+  - "{{ traefik_role_paths_location }}:/etc/traefik"+traefik_role_docker_volumes_custom: []+traefik_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='traefik')+                                 + lookup('role_var', '_docker_volumes_custom', role='traefik') }}"  # Hosts-traefik_docker_hosts_default:+traefik_role_docker_hosts_default:   host.docker.internal: "172.19.0.1"-traefik_docker_hosts_custom: {}-traefik_docker_hosts: "{{ docker_hosts_common-                          | combine(traefik_docker_hosts_default)-                          | combine(traefik_docker_hosts_custom) }}"+traefik_role_docker_hosts_custom: {}+traefik_role_docker_hosts: "{{ lookup('role_var', '_docker_hosts_default', role='traefik')+                               | combine(lookup('role_var', '_docker_hosts_custom', role='traefik')) }}"  # Labels-traefik_docker_labels_default:-  com.github.saltbox.saltbox_managed: "true"+traefik_role_docker_labels_use_common: false+traefik_role_docker_labels_default:   traefik.enable: "true"   traefik.http.routers.traefik-internal.rule: "Host(`{{ traefik_name }}`)"   traefik.http.routers.traefik-internal.entrypoints: "internal"   traefik.http.routers.traefik-internal.service: "api@internal"-  traefik.http.routers.traefik-http.rule: "Host(`{{ traefik_web_subdomain }}.{{ traefik_web_domain }}`)"+  traefik.http.routers.traefik-http.rule: "Host(`{{ lookup('role_var', '_web_subdomain', role='traefik') }}.{{ lookup('role_var', '_web_domain', role='traefik') }}`)"   traefik.http.routers.traefik-http.entrypoints: "{{ traefik_entrypoint_web }}"   traefik.http.routers.traefik-http.middlewares: "{{ traefik_default_middleware_http }}"   traefik.http.routers.traefik-http.priority: "20"-  traefik.http.routers.traefik.rule: "Host(`{{ traefik_web_subdomain }}.{{ traefik_web_domain }}`)"+  traefik.http.routers.traefik.rule: "Host(`{{ lookup('role_var', '_web_subdomain', role='traefik') }}.{{ lookup('role_var', '_web_domain', role='traefik') }}`)"   traefik.http.routers.traefik.entrypoints: "{{ traefik_entrypoint_websecure }}"   traefik.http.routers.traefik.tls: "true"   traefik.http.routers.traefik.tls.options: "securetls@file"@@ -512,40 +494,40 @@   traefik.http.middlewares.autodetect.contenttype: "true"   traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: "https"   traefik.http.middlewares.redirect-to-https.redirectscheme.permanent: "true"-  traefik.http.middlewares.authelia.forwardauth.address: "{{ 'http://authelia:9091/api/verify?rd=' + authelia_web_url + '/'+  traefik.http.middlewares.authelia.forwardauth.address: "{{ 'http://' + authelia_name + ':9091/api/verify?rd=' + lookup('role_var', '_web_url', role='authelia') + '/'                                                           if authelia_is_master-                                                          else authelia_web_url + '/api/verify?rd=' + authelia_web_url + '/' }}"+                                                          else lookup('role_var', '_web_url', role='authelia') + '/api/verify?rd=' + lookup('role_var', '_web_url', role='authelia') + '/' }}"   traefik.http.middlewares.authelia.forwardauth.trustForwardHeader: "true"-  traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: "Remote-User, Remote-Groups, Remote-Name, Remote-Email"-  traefik.http.middlewares.authelia-basic.forwardauth.address: "{{ 'http://authelia:9091/api/verify?auth=basic&rd=' + authelia_web_url + '/'+  traefik.http.middlewares.authelia.forwardauth.authResponseHeaders: "{{ lookup('role_var', '_response_headers', role='authelia') | join(',') }}"+  traefik.http.middlewares.authelia-basic.forwardauth.address: "{{ 'http://' + authelia_name + ':9091/api/verify?auth=basic&rd=' + lookup('role_var', '_web_url', role='authelia') + '/'                                                                 if authelia_is_master-                                                                else authelia_web_url + '/api/verify?auth=basic&rd=' + authelia_web_url + '/' }}"+                                                                else lookup('role_var', '_web_url', role='authelia') + '/api/verify?auth=basic&rd=' + lookup('role_var', '_web_url', role='authelia') + '/' }}"   traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader: "true"-  traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders: "Remote-User, Remote-Groups, Remote-Name, Remote-Email"+  traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders: "{{ lookup('role_var', '_response_headers', role='authelia') | join(',') }}"   traefik.http.middlewares.authentik.forwardauth.address: "{{ 'http://' + authentik_name + ':9000/outpost.goauthentik.io/auth/traefik'                                                            if authentik_is_master-                                                           else authentik_web_url + '/outpost.goauthentik.io/auth/traefik' }}"+                                                           else lookup('role_var', '_web_url', role='authentik') + '/outpost.goauthentik.io/auth/traefik' }}"   traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"-  traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"--traefik_docker_labels_cloudflare:+  traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "{{ lookup('role_var', '_response_headers', role='authentik') | join(',') }}"++traefik_role_docker_labels_cloudflare:   traefik.http.middlewares.cloudflarewarp.plugin.cloudflarewarp.disableDefault: "false" -traefik_docker_labels_dns_validation:+traefik_role_docker_labels_dns_validation:   traefik.http.routers.traefik.tls.certresolver: "{{ traefik_default_certresolver }}"   traefik.http.routers.traefik.tls.domains[0].main: "{{ user.domain }}"   traefik.http.routers.traefik.tls.domains[0].sans: "{{ '*.' + user.domain }}" -traefik_docker_labels_http_validation:+traefik_role_docker_labels_http_validation:   traefik.http.routers.traefik.tls.certresolver: "{{ traefik_default_certresolver }}" -traefik_docker_labels_metrics:-  traefik.http.routers.metrics-http.rule: "Host(`{{ traefik_metrics_subdomain }}.{{ traefik_metrics_domain }}`) && Path(`/prometheus`)"+traefik_role_docker_labels_metrics:+  traefik.http.routers.metrics-http.rule: "Host(`{{ lookup('role_var', '_metrics_subdomain', role='traefik') }}.{{ lookup('role_var', '_metrics_domain', role='traefik') }}`) && Path(`/prometheus`)"   traefik.http.routers.metrics-http.service: prometheus@internal   traefik.http.routers.metrics-http.entrypoints: "{{ traefik_entrypoint_web }}"   traefik.http.routers.metrics-http.middlewares: "traefik-auth,{{ traefik_default_middleware_http_api }}"   traefik.http.routers.metrics-http.priority: "20"-  traefik.http.routers.metrics.rule: "Host(`{{ traefik_metrics_subdomain }}.{{ traefik_metrics_domain }}`) && Path(`/prometheus`)"+  traefik.http.routers.metrics.rule: "Host(`{{ lookup('role_var', '_metrics_subdomain', role='traefik') }}.{{ lookup('role_var', '_metrics_domain', role='traefik') }}`) && Path(`/prometheus`)"   traefik.http.routers.metrics.service: prometheus@internal   traefik.http.routers.metrics.entrypoints: "{{ traefik_entrypoint_websecure }}"   traefik.http.routers.metrics.tls: "true"@@ -553,56 +535,44 @@   traefik.http.routers.metrics.middlewares: "traefik-auth,{{ traefik_default_middleware_api }}"   traefik.http.routers.metrics.priority: "20" -traefik_docker_labels_crowdsec:+traefik_role_docker_labels_crowdsec:   traefik.http.middlewares.crowdsec.plugin.bouncer.enabled: "true"   traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapikey: "{{ traefik_crowdsec_bouncer_key | default('') }}"   traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapischeme: "http"   traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapihost: "172.19.0.1:{{ traefik_crowdsec_port }}"-  traefik.http.middlewares.crowdsec.plugin.bouncer.forwardedheaderstrustedips: "{{ (traefik_cloudflare_ips | join(',')) + (',' + traefik_trusted_ips if (traefik_trusted_ips | length > 0) else '') }}"+  traefik.http.middlewares.crowdsec.plugin.bouncer.forwardedheaderstrustedips: "{{ traefik_trusted_ips_template if (traefik_trusted_ips_template | length > 0) else omit }}"   traefik.http.middlewares.crowdsec.plugin.bouncer.banhtmlfilepath: "{{ traefik_crowdsec_ban_filepath }}" -traefik_docker_labels_custom: {}--traefik_docker_labels: "{{ traefik_docker_labels_default-                           | combine(traefik_docker_labels_custom)-                           | combine((traefik_docker_labels_http_validation-                                     if traefik_http-                                     else traefik_docker_labels_dns_validation))-                           | combine((traefik_docker_labels_metrics-                                     if traefik.metrics-                                     else {}))-                           | combine((traefik_docker_labels_cloudflare-                                     if traefik_plugin_cloudflarewarp_enabled and cloudflare_is_enabled-                                     else {}))-                           | combine((traefik_docker_labels_crowdsec-                                     if crowdsec_is_enabled-                                     else {})) }}"+traefik_role_docker_labels_custom: {}+traefik_role_docker_labels: "{{ docker_labels_saltbox+                                | combine(lookup('role_var', '_docker_labels_default', role='traefik'))+                                | combine(lookup('role_var', '_docker_labels_custom', role='traefik'))+                                | combine((lookup('role_var', '_docker_labels_http_validation', role='traefik')+                                          if traefik_http+                                          else lookup('role_var', '_docker_labels_dns_validation', role='traefik')))+                                | combine((lookup('role_var', '_docker_labels_metrics', role='traefik')+                                          if lookup('role_var', '_metrics_enabled', role='traefik')+                                          else {}))+                                | combine((lookup('role_var', '_docker_labels_cloudflare', role='traefik')+                                          if traefik_plugin_cloudflarewarp_enabled and cloudflare_is_enabled+                                          else {}))+                                | combine((lookup('role_var', '_docker_labels_crowdsec', role='traefik')+                                          if crowdsec_is_enabled+                                          else {})) }}"  # Hostname-traefik_docker_hostname: "{{ traefik_name }}"+traefik_role_docker_hostname: "{{ traefik_name }}"  # Networks-traefik_docker_networks_alias: "{{ traefik_name }}"-traefik_docker_networks_default: []-traefik_docker_networks_custom: []-traefik_docker_networks: "{{ docker_networks_common-                             + traefik_docker_networks_default-                             + traefik_docker_networks_custom }}"--# Capabilities-traefik_docker_capabilities_default: []-traefik_docker_capabilities_custom: []-traefik_docker_capabilities: "{{ traefik_docker_capabilities_default-                                 + traefik_docker_capabilities_custom }}"--# Security Opts-traefik_docker_security_opts_default: []-traefik_docker_security_opts_custom: []-traefik_docker_security_opts: "{{ traefik_docker_security_opts_default-                                  + traefik_docker_security_opts_custom }}"+traefik_role_docker_networks_alias: "{{ traefik_name }}"+traefik_role_docker_networks_default: []+traefik_role_docker_networks_custom: []+traefik_role_docker_networks: "{{ docker_networks_common+                                  + lookup('role_var', '_docker_networks_default', role='traefik')+                                  + lookup('role_var', '_docker_networks_custom', role='traefik') }}"  # Restart Policy-traefik_docker_restart_policy: unless-stopped+traefik_role_docker_restart_policy: unless-stopped  # State-traefik_docker_state: started+traefik_role_docker_state: started

modified

roles/traefik/tasks/main.yml

@@ -7,31 +7,53 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Add DNS record-  ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"-  vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+- name: Check Authelia master health endpoint+  ansible.builtin.uri:+    url: "{{ lookup('role_var', '_web_url', role='authelia') }}/api/health"+    method: GET+    status_code: 200+  register: authelia_master_health+  until: authelia_master_health.status == 200+  retries: 10+  delay: 6+  when: lookup('role_var', '_authelia_enabled', role='traefik') and (not authelia_is_master)++- name: Check Authentik master health endpoint+  ansible.builtin.uri:+    url: "{{ lookup('role_var', '_web_url', role='authentik') }}/-/health/ready/"+    method: GET+    status_code: 200+  register: authentik_master_health+  until: authentik_master_health.status == 200+  retries: 10+  delay: 6+  when: lookup('role_var', '_authentik_enabled', role='traefik') and (not authentik_is_master)  - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_metrics_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_metrics_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_metrics_dns_proxy') }}"-  when: traefik.metrics+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"++- name: Add DNS record+  ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"+  vars:+    dns_record: "{{ lookup('role_var', '_metrics_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_metrics_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_metrics_dns_proxy') }}"+  when: lookup('role_var', '_metrics_enabled', role='traefik')  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml" -- name: Remove existing Docker container+- name: Remove existing Error Pages Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:     var_prefix: "error_pages"   when: not traefik_error_pages_enabled -- name: Remove existing Docker container+- name: Remove existing Authelia Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"   vars:     var_prefix: "authelia"@@ -41,20 +63,19 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Traefik ZeroSSL Tasks-  ansible.builtin.import_tasks: "subtasks/zerossl.yml"+  ansible.builtin.include_tasks: "subtasks/zerossl.yml"   when: traefik_enable_zerossl and (not continuous_integration)  - name: Traefik Config Tasks-  ansible.builtin.import_tasks: "subtasks/config.yml"-  when: (not continuous_integration)+  ansible.builtin.include_tasks: "subtasks/config.yml"  - name: Traefik Crowdsec Tasks-  ansible.builtin.import_tasks: "subtasks/crowdsec.yml"+  ansible.builtin.include_tasks: "subtasks/crowdsec.yml"   when: crowdsec_is_enabled  - name: Remove Certificates   ansible.builtin.file:-    path: "{{ traefik_paths_location }}/acme.json"+    path: "{{ lookup('role_var', '_paths_location', role='traefik') }}/acme.json"     state: absent   when: ('traefik-reset-certs' in ansible_run_tags) @@ -63,13 +84,13 @@  - name: Wait for 'acme.json' to be created   ansible.builtin.wait_for:-    path: "{{ traefik_paths_acme_config_location }}"+    path: "{{ lookup('role_var', '_paths_acme_config_location', role='traefik') }}"     state: present   when: (not continuous_integration) -- name: Chown '{{ traefik_paths_location }}'+- name: Chown '{{ lookup('role_var', '_paths_location', role='traefik') }}'   ansible.builtin.file:-    path: "{{ traefik_paths_location }}"+    path: "{{ lookup('role_var', '_paths_location', role='traefik') }}"     state: directory     recurse: true     owner: "{{ user.name }}"@@ -77,9 +98,9 @@     mode: "0775"   when: (not continuous_integration) -- name: Chown '{{ traefik_paths_acme_config_location }}'+- name: Chown '{{ lookup('role_var', '_paths_acme_config_location', role='traefik') }}'   ansible.builtin.file:-    path: "{{ traefik_paths_acme_config_location }}"+    path: "{{ lookup('role_var', '_paths_acme_config_location', role='traefik') }}"     state: file     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -89,12 +110,12 @@ - name: "Import Authelia Role"   ansible.builtin.include_role:     name: authelia-  when: traefik_authelia_enabled and authelia_is_master+  when: lookup('role_var', '_authelia_enabled', role='traefik') and authelia_is_master  - name: "Import Authentik Role"   ansible.builtin.include_role:     name: authentik-  when: traefik_authentik_enabled and authentik_is_master+  when: lookup('role_var', '_authentik_enabled', role='traefik') and authentik_is_master  - name: "Import Error Pages Role"   ansible.builtin.include_role:

modified

roles/traefik/tasks/subtasks/config.yml

@@ -10,7 +10,7 @@ - name: "Import 'dynamic.yml'"   ansible.builtin.template:     src: dynamic.yml.j2-    dest: "{{ traefik_paths_location }}/dynamic.yml"+    dest: "{{ traefik_role_paths_location }}/dynamic.yml"     force: true     owner: "{{ user.name }}"     group: "{{ user.name }}"@@ -18,17 +18,18 @@  - name: Remove 'themepark.yml'   ansible.builtin.file:-    path: "{{ traefik_paths_location }}/themepark.yml"+    path: "{{ traefik_role_paths_location }}/themepark.yml"     state: absent  - name: Create auth file   community.general.htpasswd:-    path: /opt/traefik/auth+    path: "{{ server_appdata_path }}/traefik/auth"     name: "{{ user.name }}"     password: "{{ user.pass }}"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"+  no_log: true  - name: Initialize 'custom_entrypoints' variable   ansible.builtin.set_fact:@@ -44,9 +45,9 @@ - name: Set 'custom_entrypoints' variable   ansible.builtin.set_fact:     custom_entrypoints: "{{ custom_entrypoints-                           + (traefik_entrypoint_tls_template if item.value.tls else traefik_entrypoint_template)-                           + (traefik_entrypoint_http3_template if (item.value.tls and traefik_http3) else [])-                           + traefik_entrypoint_http_settings_template }}"+                            + (traefik_entrypoint_tls_template if item.value.tls else traefik_entrypoint_template)+                            + (traefik_entrypoint_http3_template if (item.value.tls and traefik_http3) else [])+                            + traefik_entrypoint_http_settings_template }}"   loop: "{{ traefik_entrypoint_custom | dict2items }}"   when: (traefik_entrypoint_custom | length > 0) @@ -56,9 +57,9 @@   loop: "{{ traefik_entrypoint_custom | dict2items }}"   when: (traefik_entrypoint_custom | length > 0) -- name: Set 'traefik_docker_ports_defaults' variable+- name: Set 'traefik_role_docker_ports_default' variable   ansible.builtin.set_fact:-    traefik_docker_ports_defaults: "{{ (traefik_docker_ports_defaults + custom_entrypoints_ports) | unique }}"+    traefik_role_docker_ports_default: "{{ (traefik_role_docker_ports_default + custom_entrypoints_ports) | unique }}"   when: (traefik_entrypoint_custom | length > 0)  - name: Tailscale block

modified

roles/traefik/tasks/subtasks/crowdsec.yml

@@ -38,7 +38,7 @@   ansible.builtin.copy:     src: "ban.html"     force: true-    dest: "{{ traefik_paths_location }}/ban.html"+    dest: "{{ traefik_role_paths_location }}/ban.html"     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0664"

modified

roles/traefik/tasks/subtasks/zerossl.yml

@@ -13,7 +13,7 @@  - name: "ZeroSSL | Check if PIN exists"   ansible.builtin.stat:-    path: "/opt/saltbox/zerossl.ini"+    path: "{{ traefik_zerossl_file_ini }}"   register: zerossl_ini  - name: "ZeroSSL | Existing Credentials Block"@@ -21,8 +21,8 @@   block:     - name: "ZeroSSL | Set ZeroSSL variables"       ansible.builtin.set_fact:-        traefik_zerossl_kid: "{{ lookup('ini', 'kid section=zerossl file=/opt/saltbox/zerossl.ini') }}"-        traefik_zerossl_hmacencoded: "{{ lookup('ini', 'hmacencoded section=zerossl file=/opt/saltbox/zerossl.ini') }}"+        traefik_zerossl_kid: "{{ lookup('ini', 'kid section=zerossl file=' + traefik_zerossl_file_ini) }}"+        traefik_zerossl_hmacencoded: "{{ lookup('ini', 'hmacencoded section=zerossl file=' + traefik_zerossl_file_ini) }}"  - name: "ZeroSSL | New Credentials Block"   when: not zerossl_ini.stat.exists@@ -56,16 +56,16 @@      - name: "ZeroSSL | Create directories"       ansible.builtin.file:-        path: "/opt/saltbox"+        path: "{{ server_appdata_path }}/saltbox"         state: directory         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0775"       when: (zerossl.status == 200) and zerossl.json.success -    - name: "ZeroSSL | Add kid to '/opt/saltbox/zerossl.ini'"+    - name: "ZeroSSL | Add kid to '{{ traefik_zerossl_file_ini }}'"       community.general.ini_file:-        path: /opt/saltbox/zerossl.ini+        path: "{{ traefik_zerossl_file_ini }}"         section: "zerossl"         option: kid         value: "{{ traefik_zerossl_kid }}"@@ -74,9 +74,9 @@         mode: "0664"       when: (zerossl.status == 200) and zerossl.json.success -    - name: "ZeroSSL | Add hmacencoded to '/opt/saltbox/zerossl.ini'"+    - name: "ZeroSSL | Add hmacencoded to '{{ traefik_zerossl_file_ini }}'"       community.general.ini_file:-        path: /opt/saltbox/zerossl.ini+        path: "{{ traefik_zerossl_file_ini }}"         section: "zerossl"         option: hmacencoded         value: "{{ traefik_zerossl_hmacencoded }}"

modified

roles/traefik_template/defaults/main.yml

@@ -19,12 +19,13 @@  traefik_template_name: "{{ service_name.user_input | lower }}" -traefik_template_web_subdomain: "{{ service_name.user_input | lower }}"-traefik_template_web_domain: "{{ user.domain }}"-traefik_template_web_port: "{{ service_port.user_input }}"+traefik_template_role_web_subdomain: "{{ service_name.user_input | lower }}"+traefik_template_role_web_domain: "{{ user.domain }}"+traefik_template_role_web_port: "{{ service_port.user_input }}" -traefik_template_traefik_enabled: "true"-traefik_template_traefik_sso_middleware: "{{ traefik_default_sso_middleware if (service_sso_enabled.user_input | bool) else '' }}"-traefik_template_traefik_middleware_default: "{{ traefik_default_middleware }}"-traefik_template_traefik_api_enabled: "{{ (service_api_enabled.user_input | default(false) | bool) | default(false) }}"-traefik_template_traefik_api_endpoint: "PathPrefix(`/api`)"+traefik_template_role_traefik_enabled: "true"+traefik_template_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware if (service_sso_enabled.user_input | bool) else '' }}"+traefik_template_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+traefik_template_role_traefik_api_enabled: "{{ (service_api_enabled.user_input | default(false) | bool) | default(false) }}"+traefik_template_role_traefik_api_endpoint: "PathPrefix(`/api`)"+traefik_template_role_docker_network_mode: "{{ service_gluetun_container.user_input if ((service_gluetun_enabled.user_input | lower) | bool) else docker_networks_name_common }}"

modified

roles/traefik_template/tasks/main.yml

@@ -25,7 +25,7 @@ - name: Validate boolean input   ansible.builtin.fail:     msg: "You must enter a boolean value (yes/no)"-  when: service_sso_enabled.user_input | lower not in ['true', 'false', 'yes', 'no']+  when: (service_sso_enabled.user_input | lower) not in ['true', 'false', 'yes', 'no']  - name: API Router   when: (service_sso_enabled.user_input | bool)@@ -38,45 +38,32 @@     - name: Validate boolean input       ansible.builtin.fail:         msg: "You must enter a boolean value (yes/no)"-      when: service_api_enabled.user_input | lower not in ['true', 'false', 'yes', 'no']+      when: (service_api_enabled.user_input | lower) not in ['true', 'false', 'yes', 'no'] -- name: Remove keys with omit values or empty values from docker_labels_common-  ansible.builtin.set_fact:-    docker_labels_common: "{{ docker_labels_common | dict2items |-                              rejectattr('value', 'equalto', '') |-                              rejectattr('value', 'search', '__omit_place_holder__') |-                              items2dict }}"+- name: Prompt for user input+  ansible.builtin.pause:+    prompt: "Do you want the container to use gluetun? (yes/no)"+  register: service_gluetun_enabled++- name: Validate boolean input+  ansible.builtin.fail:+    msg: "You must enter a boolean value (yes/no)"+  when: (service_gluetun_enabled.user_input | lower) not in ['true', 'false', 'yes', 'no']++- name: Prompt for user input+  ansible.builtin.pause:+    prompt: "Please enter the name of the gluetun container you want to use"+  register: service_gluetun_container+  when: (service_gluetun_enabled.user_input | bool)  - name: Generate Docker Compose template-  ansible.builtin.copy:+  ansible.builtin.template:+    src: docker-compose.yml.j2     dest: "{{ traefik_template_file }}"-    content: |-      services:-        {{ traefik_template_name }}:-          container_name: {{ traefik_template_name }}-          environment: # Change this as needed for your image-            PUID: "{{ uid }}"-            PGID: "{{ gid }}"-            TZ: "{{ tz }}"-          hostname: {{ traefik_template_name }}-          image: your_image:your_tag-          labels:-      {% for key, value in docker_labels_common.items() %}-            {{ key }}: {{ value }}-      {% endfor %}-          networks:-            - saltbox-          restart: unless-stopped-          volumes: # Change this as needed for your image-            - /opt/{{ traefik_template_name }}:/config-            - /etc/localtime:/etc/localtime:ro--      networks:-        saltbox:-          external: true     owner: "{{ user.name }}"     group: "{{ user.name }}"     mode: "0644"+    force: true  - name: Print output information   ansible.builtin.debug:

modified

roles/transfer/defaults/main.yml

@@ -17,135 +17,86 @@ # Paths ################################ -transfer_uploads_location: "/tmp"+transfer_role_uploads_location: "/tmp"  ################################ # Web ################################ -transfer_web_subdomain: "{{ transfer_name }}"-transfer_web_domain: "{{ user.domain }}"-transfer_web_port: "8080"-transfer_web_user: "{{ user.name }}"-transfer_web_pass: "{{ user.pass }}"-transfer_web_url: "{{ 'https://' + (transfer_web_subdomain + '.' + transfer_web_domain-                   if (transfer_web_subdomain | length > 0)-                   else transfer_web_domain) }}"+transfer_role_web_subdomain: "{{ transfer_name }}"+transfer_role_web_domain: "{{ user.domain }}"+transfer_role_web_port: "8080"+transfer_role_web_user: "{{ user.name }}"+transfer_role_web_pass: "{{ user.pass }}"+transfer_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='transfer') + '.' + lookup('role_var', '_web_domain', role='transfer')+                        if (lookup('role_var', '_web_subdomain', role='transfer') | length > 0)+                        else lookup('role_var', '_web_domain', role='transfer')) }}"  ################################ # DNS ################################ -transfer_dns_record: "{{ transfer_web_subdomain }}"-transfer_dns_zone: "{{ transfer_web_domain }}"-transfer_dns_proxy: "{{ dns.proxied }}"+transfer_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='transfer') }}"+transfer_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='transfer') }}"+transfer_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -transfer_traefik_sso_middleware: ""-transfer_traefik_middleware_default: "{{ traefik_default_middleware }}"-transfer_traefik_middleware_custom: ""-transfer_traefik_certresolver: "{{ traefik_default_certresolver }}"-transfer_traefik_enabled: true-transfer_traefik_api_enabled: false-transfer_traefik_api_endpoint: ""+transfer_role_traefik_sso_middleware: ""+transfer_role_traefik_middleware_default: "{{ traefik_default_middleware }}"+transfer_role_traefik_middleware_custom: ""+transfer_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+transfer_role_traefik_enabled: true+transfer_role_traefik_api_enabled: false+transfer_role_traefik_api_endpoint: ""  ################################ # Docker ################################  # Container-transfer_docker_container: "{{ transfer_name }}"+transfer_role_docker_container: "{{ transfer_name }}"  # Image-transfer_docker_image_pull: true-transfer_docker_image_tag: "latest"-transfer_docker_image: "dutchcoders/transfer.sh:{{ transfer_docker_image_tag }}"--# Ports-transfer_docker_ports_defaults: []-transfer_docker_ports_custom: []-transfer_docker_ports: "{{ transfer_docker_ports_defaults-                           + transfer_docker_ports_custom }}"+transfer_role_docker_image_pull: true+transfer_role_docker_image_repo: "dutchcoders/transfer.sh"+transfer_role_docker_image_tag: "latest"+transfer_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='transfer') }}:{{ lookup('role_var', '_docker_image_tag', role='transfer') }}"  # Envs-transfer_docker_envs_default:+transfer_role_docker_envs_default:   TZ: "{{ tz }}"-  BASEDIR: "{{ transfer_uploads_location }}"+  BASEDIR: "{{ lookup('role_var', '_uploads_location', role='transfer') }}"   PROVIDER: "local"-  HTTP_AUTH_USER: "{{ transfer_web_user }}"-  HTTP_AUTH_PASS: "{{ transfer_web_pass }}"-transfer_docker_envs_custom: {}-transfer_docker_envs: "{{ transfer_docker_envs_default-                          | combine(transfer_docker_envs_custom) }}"--# Commands-transfer_docker_commands_default: []-transfer_docker_commands_custom: []-transfer_docker_commands: "{{ transfer_docker_commands_default-                              + transfer_docker_commands_custom }}"--# Volumes-transfer_docker_volumes_default: []-transfer_docker_volumes_custom: []-transfer_docker_volumes: "{{ transfer_docker_volumes_default-                             + transfer_docker_volumes_custom }}"+  HTTP_AUTH_USER: "{{ lookup('role_var', '_web_user', role='transfer') }}"+  HTTP_AUTH_PASS: "{{ lookup('role_var', '_web_pass', role='transfer') }}"+transfer_role_docker_envs_custom: {}+transfer_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='transfer')+                               | combine(lookup('role_var', '_docker_envs_custom', role='transfer')) }}"  # Mounts-transfer_docker_mounts_default:+transfer_role_docker_mounts_default:   - target: /tmp     type: tmpfs-transfer_docker_mounts_custom: []-transfer_docker_mounts: "{{ transfer_docker_mounts_default-                            + transfer_docker_mounts_custom }}"--# Devices-transfer_docker_devices_default: []-transfer_docker_devices_custom: []-transfer_docker_devices: "{{ transfer_docker_devices_default-                              + transfer_docker_devices_custom }}"--# Hosts-transfer_docker_hosts_default: {}-transfer_docker_hosts_custom: {}-transfer_docker_hosts: "{{ docker_hosts_common-                           | combine(transfer_docker_hosts_default)-                           | combine(transfer_docker_hosts_custom) }}"--# Labels-transfer_docker_labels_default: {}-transfer_docker_labels_custom: {}-transfer_docker_labels: "{{ docker_labels_common-                            | combine(transfer_docker_labels_default)-                            | combine(transfer_docker_labels_custom) }}"+transfer_role_docker_mounts_custom: []+transfer_role_docker_mounts: "{{ lookup('role_var', '_docker_mounts_default', role='transfer')+                                 + lookup('role_var', '_docker_mounts_custom', role='transfer') }}"  # Hostname-transfer_docker_hostname: "{{ transfer_name }}"+transfer_role_docker_hostname: "{{ transfer_name }}"  # Networks-transfer_docker_networks_alias: "{{ transfer_name }}"-transfer_docker_networks_default: []-transfer_docker_networks_custom: []-transfer_docker_networks: "{{ docker_networks_common-                              + transfer_docker_networks_default-                              + transfer_docker_networks_custom }}"--# Capabilities-transfer_docker_capabilities_default: []-transfer_docker_capabilities_custom: []-transfer_docker_capabilities: "{{ transfer_docker_capabilities_default-                                  + transfer_docker_capabilities_custom }}"--# Security Opts-transfer_docker_security_opts_default: []-transfer_docker_security_opts_custom: []-transfer_docker_security_opts: "{{ transfer_docker_security_opts_default-                                   + transfer_docker_security_opts_custom }}"+transfer_role_docker_networks_alias: "{{ transfer_name }}"+transfer_role_docker_networks_default: []+transfer_role_docker_networks_custom: []+transfer_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='transfer')+                                   + lookup('role_var', '_docker_networks_custom', role='transfer') }}"  # Restart Policy-transfer_docker_restart_policy: unless-stopped+transfer_role_docker_restart_policy: unless-stopped  # State-transfer_docker_state: started+transfer_role_docker_state: started

modified

roles/transfer/tasks/main.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"

modified

roles/unionfs/defaults/main.yml

@@ -11,7 +11,7 @@ # Global ################################ -local_mount_branch: "/mnt/local=RW:"+local_mount_branch: "{{ server_local_folder_path }}=RW:"  custom_mount_branch: "" # Format: "/mnt/remote/someremote=NC" @@ -31,11 +31,11 @@  mergerfs_releases_download_url: https://github.com/trapexit/mergerfs/releases/download -mergerfs_release_distribution: "{{ ansible_distribution_release | lower }}"+mergerfs_release_distribution: "{{ ansible_facts['distribution_release'] | lower }}"  mergerfs_release_lookup_command: |   curl -s {{ mergerfs_releases_url }} \-    | jq -r ".assets[] | select(.name | test(\"{{ ansible_distribution | lower }}-{{ mergerfs_release_distribution }}_amd64\")) \+    | jq -r ".assets[] | select(.name | test(\"{{ ansible_facts['distribution'] | lower }}-{{ mergerfs_release_distribution }}_amd64\")) \     | .browser_download_url"  mergerfs_download_backup_version: 2.40.2@@ -44,7 +44,7 @@   {{ mergerfs_releases_download_url }}/\   {{ mergerfs_download_backup_version }}/\   mergerfs_{{ mergerfs_download_backup_version }}.\-  {{ ansible_distribution | lower }}-\+  {{ ansible_facts['distribution'] | lower }}-\   {{ mergerfs_release_distribution }}_amd64.deb"  mergerfs_mount_branches: "{{ local_mount_branch }}{{ _remotes_list }}"

modified

roles/unionfs/tasks/main.yml

@@ -7,23 +7,15 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----# Variables- - name: Variables Task-  ansible.builtin.import_tasks: "subtasks/variables.yml"--# Stop Docker Containers+  ansible.builtin.include_tasks: "subtasks/variables.yml"  - name: Docker Containers Stop Tasks-  ansible.builtin.import_tasks: "subtasks/docker/containers_stop.yml"+  ansible.builtin.include_tasks: "subtasks/docker/containers_stop.yml"   when: (not containers_list is defined) -# Existing Setup- - name: Legacy Task-  ansible.builtin.import_tasks: "subtasks/legacy.yml"--# Mount Mergerfs+  ansible.builtin.include_tasks: "subtasks/legacy.yml"  - name: MergerFS Tasks   ansible.builtin.include_tasks: "subtasks/mergerfs.yml"@@ -32,12 +24,10 @@   when: ('mounts' in ansible_run_tags)   block:     - name: Docker Daemon Tasks-      ansible.builtin.import_tasks: "subtasks/docker/daemon.yml"--    # Start Docker Containers+      ansible.builtin.include_tasks: "subtasks/docker/daemon.yml"      - name: Docker Containers Start Tasks-      ansible.builtin.import_tasks: "subtasks/docker/containers_start.yml"+      ansible.builtin.include_tasks: "subtasks/docker/containers_start.yml"       when: (containers_list is defined)      - name: Docker Containers Start Tasks (no running containers)

modified

roles/unionfs/tasks/subtasks/docker/containers_start.yml

@@ -7,31 +7,31 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: "Docker | Containers Start | Initialize Gluetun variable"+- name: "UnionFS | Docker | Containers Start | Initialize Gluetun variable"   ansible.builtin.set_fact:     docker_containers_gluetun: [] -- name: "Docker | Containers Start | Identify any Gluetun containers"+- name: "UnionFS | Docker | Containers Start | Identify any Gluetun containers"   ansible.builtin.set_fact:     docker_containers_gluetun: "{{ docker_containers_gluetun + [item] }}"   loop: "{{ containers_list.split() }}"   when: item in (gluetun_instances | default(['gluetun'])) -- name: "Docker | Containers Start | Re-start all previously running Gluetun containers"+- name: "UnionFS | Docker | Containers Start | Re-start all previously running Gluetun containers"   ansible.builtin.shell: "docker start {{ docker_containers_gluetun | join(' ') }}"   when: (docker_containers_gluetun | length > 0)   ignore_errors: true -- name: "Docker | Containers Start | Wait for {{ docker_network_container_health_delay }} seconds"+- name: "UnionFS | Docker | Containers Start | Wait for {{ docker_network_container_health_delay }} seconds"   ansible.builtin.wait_for:     timeout: "{{ docker_network_container_health_delay }}" -- name: "Docker | Containers Start | Start Saltbox Docker containers"+- name: "UnionFS | Docker | Containers Start | Start Saltbox Docker containers"   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/start_saltbox_docker_containers.yml"   when: (remote_docker_controller_service_running is defined and remote_docker_controller_service_running)         or (unionfs_docker_controller_service_running is defined and unionfs_docker_controller_service_running) -- name: "Docker | Containers Start | Start all previously running Docker containers"+- name: "UnionFS | Docker | Containers Start | Start all previously running Docker containers"   ansible.builtin.shell: "docker start {{ containers_list }}"   ignore_errors: true   when: (containers_list | trim | length > 0)

modified

roles/unionfs/tasks/subtasks/docker/containers_stop.yml

@@ -17,8 +17,8 @@  - name: "UnionFS | Docker | Container Stop | Get Docker service state"   ansible.builtin.set_fact:-    unionfs_docker_service_running: "{{ (services['docker.service'] is defined) and (services['docker.service']['state'] == 'running') }}"-    unionfs_docker_controller_service_running: "{{ (services['saltbox_managed_docker_controller.service'] is defined) and (services['saltbox_managed_docker_controller.service']['state'] == 'running') }}"+    unionfs_docker_service_running: "{{ (ansible_facts['services']['docker.service'] is defined) and (ansible_facts['services']['docker.service']['state'] == 'running') }}"+    unionfs_docker_controller_service_running: "{{ (ansible_facts['services']['saltbox_managed_docker_controller.service'] is defined) and (ansible_facts['services']['saltbox_managed_docker_controller.service']['state'] == 'running') }}"   when: unionfs_docker_binary.stat.exists  - name: "UnionFS | Docker | Container Stop | Tasks for when Docker exists and is running"

modified

roles/unionfs/tasks/subtasks/mergerfs.yml

@@ -7,7 +7,7 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: "Check if '{{ mergerfs_service_name }}' exists"+- name: "MergerFS | Check if '{{ mergerfs_service_name }}' exists"   ansible.builtin.stat:     path: "/etc/systemd/system/{{ mergerfs_service_name }}"   register: saltbox_managed_mergerfs_status@@ -67,8 +67,8 @@   ansible.builtin.systemd_service:     daemon_reload: true -- name: Mount Path Tasks-  ansible.builtin.import_tasks: "mount_path.yml"+- name: "MergerFS | Mount Path Tasks"+  ansible.builtin.include_tasks: "mount_path.yml"  - name: "MergerFS | Start '{{ mergerfs_service_name }}'"   ansible.builtin.systemd_service:

modified

roles/unionfs/tasks/subtasks/mount_path.yml

@@ -45,7 +45,7 @@           when: mnt_unionfs_stat2.stat.exists          - name: "Mount Path | Backup non-empty '/mnt/unionfs' path"-          ansible.builtin.shell: "mv /mnt/unionfs /mnt/unionfs_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_date_time['epoch'] | int) }}"+          ansible.builtin.shell: "mv /mnt/unionfs /mnt/unionfs_{{ '%Y-%m-%d_%H.%M.%S' | strftime(ansible_facts['date_time']['epoch'] | int) }}"           ignore_errors: true           when: mnt_unionfs_stat2.stat.exists and (mnt_unionfs_files.matched | int > 0)

modified

roles/unpackerr/defaults/main.yml

@@ -17,98 +17,55 @@ # Paths ################################ -unpackerr_paths_folder: "{{ unpackerr_name }}"-unpackerr_paths_location: "{{ server_appdata_path }}/{{ unpackerr_paths_folder }}"-unpackerr_config_location: "{{ unpackerr_paths_location }}/unpackerr.conf"-unpackerr_paths_folders_list:-  - "{{ unpackerr_paths_location }}"+unpackerr_role_paths_folder: "{{ unpackerr_name }}"+unpackerr_role_paths_location: "{{ server_appdata_path }}/{{ unpackerr_role_paths_folder }}"+unpackerr_role_paths_config_location: "{{ unpackerr_role_paths_location }}/unpackerr.conf"+unpackerr_role_paths_folders_list:+  - "{{ unpackerr_role_paths_location }}"  ################################ # Docker ################################  # Container-unpackerr_docker_container: "{{ unpackerr_name }}"+unpackerr_role_docker_container: "{{ unpackerr_name }}"  # Image-unpackerr_docker_image_pull: true-unpackerr_docker_image_tag: "latest"-unpackerr_docker_image: "ghcr.io/hotio/unpackerr:{{ unpackerr_docker_image_tag }}"--# Ports-unpackerr_docker_ports_defaults: []-unpackerr_docker_ports_custom: []-unpackerr_docker_ports: "{{ unpackerr_docker_ports_defaults-                            + unpackerr_docker_ports_custom }}"+unpackerr_role_docker_image_pull: true+unpackerr_role_docker_image_repo: "ghcr.io/hotio/unpackerr"+unpackerr_role_docker_image_tag: "latest"+unpackerr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='unpackerr') }}:{{ lookup('role_var', '_docker_image_tag', role='unpackerr') }}"  # Envs-unpackerr_docker_envs_default:+unpackerr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   TZ: "{{ tz }}"   UMASK: "002"-unpackerr_docker_envs_custom: {}-unpackerr_docker_envs: "{{ unpackerr_docker_envs_default-                           | combine(unpackerr_docker_envs_custom) }}"--# Commands-unpackerr_docker_commands_default: []-unpackerr_docker_commands_custom: []-unpackerr_docker_commands: "{{ unpackerr_docker_commands_default-                               + unpackerr_docker_commands_custom }}"+unpackerr_role_docker_envs_custom: {}+unpackerr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='unpackerr')+                                | combine(lookup('role_var', '_docker_envs_custom', role='unpackerr')) }}"  # Volumes-unpackerr_docker_volumes_default:-  - "{{ unpackerr_paths_location }}:/config"-unpackerr_docker_volumes_custom: []-unpackerr_docker_volumes: "{{ unpackerr_docker_volumes_default-                              + unpackerr_docker_volumes_custom }}"--# Devices-unpackerr_docker_devices_default: []-unpackerr_docker_devices_custom: []-unpackerr_docker_devices: "{{ unpackerr_docker_devices_default-                              + unpackerr_docker_devices_custom }}"--# Hosts-unpackerr_docker_hosts_default: {}-unpackerr_docker_hosts_custom: {}-unpackerr_docker_hosts: "{{ docker_hosts_common-                            | combine(unpackerr_docker_hosts_default)-                            | combine(unpackerr_docker_hosts_custom) }}"--# Labels-unpackerr_docker_labels_default: {}-unpackerr_docker_labels_custom: {}-unpackerr_docker_labels: "{{ docker_labels_common-                             | combine(unpackerr_docker_labels_default)-                             | combine(unpackerr_docker_labels_custom) }}"+unpackerr_role_docker_volumes_default:+  - "{{ lookup('role_var', '_paths_location', role='unpackerr') }}:/config"+unpackerr_role_docker_volumes_custom: []+unpackerr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='unpackerr')+                                   + lookup('role_var', '_docker_volumes_custom', role='unpackerr') }}"  # Hostname-unpackerr_docker_hostname: "{{ unpackerr_name }}"+unpackerr_role_docker_hostname: "{{ unpackerr_name }}"  # Networks-unpackerr_docker_networks_alias: "{{ unpackerr_name }}"-unpackerr_docker_networks_default: []-unpackerr_docker_networks_custom: []-unpackerr_docker_networks: "{{ docker_networks_common-                               + unpackerr_docker_networks_default-                               + unpackerr_docker_networks_custom }}"--# Capabilities-unpackerr_docker_capabilities_default: []-unpackerr_docker_capabilities_custom: []-unpackerr_docker_capabilities: "{{ unpackerr_docker_capabilities_default-                                  + unpackerr_docker_capabilities_custom }}"--# Security Opts-unpackerr_docker_security_opts_default: []-unpackerr_docker_security_opts_custom: []-unpackerr_docker_security_opts: "{{ unpackerr_docker_security_opts_default-                                    + unpackerr_docker_security_opts_custom }}"+unpackerr_role_docker_networks_alias: "{{ unpackerr_name }}"+unpackerr_role_docker_networks_default: []+unpackerr_role_docker_networks_custom: []+unpackerr_role_docker_networks: "{{ docker_networks_common+                                    + lookup('role_var', '_docker_networks_default', role='unpackerr')+                                    + lookup('role_var', '_docker_networks_custom', role='unpackerr') }}"  # Restart Policy-unpackerr_docker_restart_policy: unless-stopped+unpackerr_role_docker_restart_policy: unless-stopped  # State-unpackerr_docker_state: started+unpackerr_role_docker_state: started

modified

roles/unpackerr/tasks/main.yml

@@ -14,7 +14,7 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/directories/create_directories.yml"  - name: Import Settings task-  ansible.builtin.import_tasks: "subtasks/settings.yml"+  ansible.builtin.include_tasks: "subtasks/settings.yml"  - name: Create Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"

modified

roles/unpackerr/tasks/subtasks/settings.yml

@@ -7,12 +7,12 @@ #                   GNU General Public License v3.0                     # ######################################################################### ----- name: Settings | Check if `{{ unpackerr_config_location | basename }}` exists+- name: Settings | Check if `{{ lookup('role_var', '_paths_config_location', role='unpackerr') | basename }}` exists   ansible.builtin.stat:-    path: "{{ unpackerr_config_location }}"+    path: "{{ lookup('role_var', '_paths_config_location', role='unpackerr') }}"   register: unpackerr_config -- name: Settings | New `{{ unpackerr_config_location | basename }}` tasks+- name: Settings | New `{{ lookup('role_var', '_paths_config_location', role='unpackerr') | basename }}` tasks   when: not unpackerr_config.stat.exists   block:     - name: Get Instance Info@@ -23,10 +23,10 @@           - radarr           - lidarr -    - name: Settings | Import default `{{ unpackerr_config_location | basename }}`+    - name: Settings | Import default `{{ lookup('role_var', '_paths_config_location', role='unpackerr') | basename }}`       ansible.builtin.template:         src: unpackerr.conf.j2-        dest: "{{ unpackerr_config_location }}"+        dest: "{{ lookup('role_var', '_paths_config_location', role='unpackerr') }}"         owner: "{{ user.name }}"         group: "{{ user.name }}"         mode: "0664"

modified

roles/unpackerr/templates/unpackerr.conf.j2

@@ -99,7 +99,7 @@ [[sonarr]]   url = "{{ sonarr_info[instance]['url'] }}"   api_key = "{{ sonarr_info[instance]['api_key'] }}"-  paths = ["/mnt/unionfs/downloads/torrents/rutorrent/completed"]+  paths = ["/mnt/unionfs/downloads/torrents/qbittorrent/completed"]   protocols = "torrent"   timeout = "10s"   delete_delay = "5m"@@ -134,7 +134,7 @@ [[radarr]]   url = "{{ radarr_info[instance]['url'] }}"   api_key = "{{ radarr_info[instance]['api_key'] }}"-  paths = ["/mnt/unionfs/downloads/torrents/rutorrent/completed"]+  paths = ["/mnt/unionfs/downloads/torrents/qbittorrent/completed"]   protocols = "torrent"   timeout = "10s"   delete_delay = "5m"@@ -169,7 +169,7 @@ [[lidarr]]   url = "{{ lidarr_info[instance]['url'] }}"   api_key = "{{ lidarr_info[instance]['api_key'] }}"-  paths = ["/mnt/unionfs/downloads/torrents/rutorrent/completed"]+  paths = ["/mnt/unionfs/downloads/torrents/qbittorrent/completed"]   protocols = "torrent"   timeout = "10s"   delete_delay = "5m"

modified

roles/user/tasks/main.yml

@@ -8,4 +8,4 @@ ######################################################################### --- - name: User Account-  ansible.builtin.import_tasks: "subtasks/user_account.yml"+  ansible.builtin.include_tasks: "subtasks/user_account.yml"

modified

roles/user/tasks/subtasks/user_account.yml

@@ -41,6 +41,7 @@     skeleton: /etc/skel     uid: "{{ user_id | default(omit) }}"   register: user_info+  no_log: true  - name: Check for skeleton files in user home directory   ansible.builtin.stat:@@ -72,8 +73,8 @@  - name: User Account | Set 'uid', 'gid', 'vgid' and 'rgid'   ansible.builtin.set_fact:-    uid: "{{ user_info.uid }}"-    gid: "{{ user_info.group }}"+    uid: "{{ user_info.uid | string }}"+    gid: "{{ user_info.group | string }}"     vgid: "{{ vgid_lookup.stdout }}"     rgid: "{{ rgid_lookup.stdout }}"

modified

roles/whisparr/defaults/main.yml

@@ -17,7 +17,7 @@ # Settings ################################ -whisparr_external_auth: true+whisparr_role_external_auth: true  ################################ # Paths@@ -33,150 +33,100 @@ # Web ################################ -whisparr_web_subdomain: "{{ whisparr_name }}"-whisparr_web_domain: "{{ user.domain }}"-whisparr_web_port: "6969"-whisparr_web_url: "{{ 'https://' + (lookup('vars', whisparr_name + '_web_subdomain', default=whisparr_web_subdomain) + '.' + lookup('vars', whisparr_name + '_web_domain', default=whisparr_web_domain)-                   if (lookup('vars', whisparr_name + '_web_subdomain', default=whisparr_web_subdomain) | length > 0)-                   else lookup('vars', whisparr_name + '_web_domain', default=whisparr_web_domain)) }}"+whisparr_role_web_subdomain: "{{ whisparr_name }}"+whisparr_role_web_domain: "{{ user.domain }}"+whisparr_role_web_port: "6969"+whisparr_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='whisparr') + '.' + lookup('role_var', '_web_domain', role='whisparr')+                        if (lookup('role_var', '_web_subdomain', role='whisparr') | length > 0)+                        else lookup('role_var', '_web_domain', role='whisparr')) }}"  ################################ # DNS ################################ -whisparr_dns_record: "{{ lookup('vars', whisparr_name + '_web_subdomain', default=whisparr_web_subdomain) }}"-whisparr_dns_zone: "{{ lookup('vars', whisparr_name + '_web_domain', default=whisparr_web_domain) }}"-whisparr_dns_proxy: "{{ dns.proxied }}"+whisparr_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='whisparr') }}"+whisparr_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='whisparr') }}"+whisparr_role_dns_proxy: "{{ dns_proxied }}"  ################################ # Traefik ################################ -whisparr_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"-whisparr_traefik_middleware_default: "{{ traefik_default_middleware-                                         + (',themepark-' + lookup('vars', whisparr_name + '_name', default=whisparr_name)-                                           if (whisparr_themepark_enabled and global_themepark_plugin_enabled)-                                           else '') }}"-whisparr_traefik_middleware_custom: ""-whisparr_traefik_certresolver: "{{ traefik_default_certresolver }}"-whisparr_traefik_enabled: true-whisparr_traefik_api_enabled: true-whisparr_traefik_api_endpoint: "PathPrefix(`/api`)"+whisparr_role_traefik_sso_middleware: "{{ traefik_default_sso_middleware }}"+whisparr_role_traefik_middleware_default: "{{ traefik_default_middleware+                                              + (',themepark-' + whisparr_name+                                                if (lookup('role_var', '_themepark_enabled', role='whisparr') and global_themepark_plugin_enabled)+                                                else '') }}"+whisparr_role_traefik_middleware_custom: ""+whisparr_role_traefik_certresolver: "{{ traefik_default_certresolver }}"+whisparr_role_traefik_enabled: true+whisparr_role_traefik_api_enabled: true+whisparr_role_traefik_api_endpoint: "PathPrefix(`/api`)"  ################################-# API-################################--# default to blank-whisparr_api_key:--################################-# THEME+# Theme ################################  # Options can be found at https://github.com/themepark-dev/theme.park-whisparr_themepark_enabled: false-whisparr_themepark_app: "whisparr"-whisparr_themepark_theme: "{{ global_themepark_theme }}"-whisparr_themepark_domain: "{{ global_themepark_domain }}"-whisparr_themepark_addons: []+whisparr_role_themepark_enabled: false+whisparr_role_themepark_app: "whisparr"+whisparr_role_themepark_theme: "{{ global_themepark_theme }}"+whisparr_role_themepark_domain: "{{ global_themepark_domain }}"+whisparr_role_themepark_addons: []  ################################ # Docker ################################  # Container-whisparr_docker_container: "{{ whisparr_name }}"+whisparr_role_docker_container: "{{ whisparr_name }}"  # Image-whisparr_docker_image_pull: true-whisparr_docker_image_repo: "ghcr.io/hotio/whisparr"-whisparr_docker_image_tag: "nightly"-whisparr_docker_image: "{{ lookup('vars', whisparr_name + '_docker_image_repo', default=whisparr_docker_image_repo)-                           + ':' + lookup('vars', whisparr_name + '_docker_image_tag', default=whisparr_docker_image_tag) }}"--# Ports-whisparr_docker_ports_defaults: []-whisparr_docker_ports_custom: []-whisparr_docker_ports: "{{ lookup('vars', whisparr_name + '_docker_ports_defaults', default=whisparr_docker_ports_defaults)-                           + lookup('vars', whisparr_name + '_docker_ports_custom', default=whisparr_docker_ports_custom) }}"+whisparr_role_docker_image_pull: true+whisparr_role_docker_image_repo: "ghcr.io/hotio/whisparr"+whisparr_role_docker_image_tag: "nightly"+whisparr_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='whisparr') }}:{{ lookup('role_var', '_docker_image_tag', role='whisparr') }}"  # Envs-whisparr_docker_envs_default:+whisparr_role_docker_envs_default:   PUID: "{{ uid }}"   PGID: "{{ gid }}"   UMASK: "002"   TZ: "{{ tz }}"-whisparr_docker_envs_custom: {}-whisparr_docker_envs: "{{ lookup('vars', whisparr_name + '_docker_envs_default', default=whisparr_docker_envs_default)-                          | combine(lookup('vars', whisparr_name + '_docker_envs_custom', default=whisparr_docker_envs_custom)) }}"--# Commands-whisparr_docker_commands_default: []-whisparr_docker_commands_custom: []-whisparr_docker_commands: "{{ lookup('vars', whisparr_name + '_docker_commands_default', default=whisparr_docker_commands_default)-                              + lookup('vars', whisparr_name + '_docker_commands_custom', default=whisparr_docker_commands_custom) }}"+whisparr_role_docker_envs_custom: {}+whisparr_role_docker_envs: "{{ lookup('role_var', '_docker_envs_default', role='whisparr')+                               | combine(lookup('role_var', '_docker_envs_custom', role='whisparr')) }}"  # Volumes-whisparr_docker_volumes_default:+whisparr_role_docker_volumes_default:   - "{{ whisparr_paths_location }}:/config"   - "{{ server_appdata_path }}/scripts:/scripts"-whisparr_docker_volumes_custom: []-whisparr_docker_volumes: "{{ lookup('vars', whisparr_name + '_docker_volumes_default', default=whisparr_docker_volumes_default)-                             + lookup('vars', whisparr_name + '_docker_volumes_custom', default=whisparr_docker_volumes_custom) }}"--# Devices-whisparr_docker_devices_default: []-whisparr_docker_devices_custom: []-whisparr_docker_devices: "{{ lookup('vars', whisparr_name + '_docker_devices_default', default=whisparr_docker_devices_default)-                             + lookup('vars', whisparr_name + '_docker_devices_custom', default=whisparr_docker_devices_custom) }}"--# Hosts-whisparr_docker_hosts_default: {}-whisparr_docker_hosts_custom: {}-whisparr_docker_hosts: "{{ docker_hosts_common-                           | combine(lookup('vars', whisparr_name + '_docker_hosts_default', default=whisparr_docker_hosts_default))-                           | combine(lookup('vars', whisparr_name + '_docker_hosts_custom', default=whisparr_docker_hosts_custom)) }}"+whisparr_role_docker_volumes_custom: []+whisparr_role_docker_volumes: "{{ lookup('role_var', '_docker_volumes_default', role='whisparr')+                                  + lookup('role_var', '_docker_volumes_custom', role='whisparr') }}"  # Labels-whisparr_docker_labels_default: {}-whisparr_docker_labels_custom: {}-whisparr_docker_labels: "{{ docker_labels_common-                            | combine(lookup('vars', whisparr_name + '_docker_labels_default', default=whisparr_docker_labels_default))-                            | combine((traefik_themepark_labels-                                      if (whisparr_themepark_enabled and global_themepark_plugin_enabled)-                                      else {}),-                                      lookup('vars', whisparr_name + '_docker_labels_custom', default=whisparr_docker_labels_custom)) }}"+whisparr_role_docker_labels_default: {}+whisparr_role_docker_labels_custom: {}+whisparr_role_docker_labels: "{{ lookup('role_var', '_docker_labels_default', role='whisparr')+                                 | combine((traefik_themepark_labels+                                           if (lookup('role_var', '_themepark_enabled', role='whisparr') and global_themepark_plugin_enabled)+                                           else {}),+                                           lookup('role_var', '_docker_labels_custom', role='whisparr')) }}"  # Hostname-whisparr_docker_hostname: "{{ whisparr_name }}"--# Network Mode-whisparr_docker_network_mode_default: "{{ docker_networks_name_common }}"-whisparr_docker_network_mode: "{{ lookup('vars', whisparr_name + '_docker_network_mode_default', default=whisparr_docker_network_mode_default) }}"+whisparr_role_docker_hostname: "{{ whisparr_name }}"  # Networks-whisparr_docker_networks_alias: "{{ whisparr_name }}"-whisparr_docker_networks_default: []-whisparr_docker_networks_custom: []-whisparr_docker_networks: "{{ docker_networks_common-                              + lookup('vars', whisparr_name + '_docker_networks_default', default=whisparr_docker_networks_default)-                              + lookup('vars', whisparr_name + '_docker_networks_custom', default=whisparr_docker_networks_custom) }}"--# Capabilities-whisparr_docker_capabilities_default: []-whisparr_docker_capabilities_custom: []-whisparr_docker_capabilities: "{{ lookup('vars', whisparr_name + '_docker_capabilities_default', default=whisparr_docker_capabilities_default)-                                  + lookup('vars', whisparr_name + '_docker_capabilities_custom', default=whisparr_docker_capabilities_custom) }}"--# Security Opts-whisparr_docker_security_opts_default: []-whisparr_docker_security_opts_custom: []-whisparr_docker_security_opts: "{{ lookup('vars', whisparr_name + '_docker_security_opts_default', default=whisparr_docker_security_opts_default)-                                   + lookup('vars', whisparr_name + '_docker_security_opts_custom', default=whisparr_docker_security_opts_custom) }}"+whisparr_role_docker_networks_alias: "{{ whisparr_name }}"+whisparr_role_docker_networks_default: []+whisparr_role_docker_networks_custom: []+whisparr_role_docker_networks: "{{ docker_networks_common+                                   + lookup('role_var', '_docker_networks_default', role='whisparr')+                                   + lookup('role_var', '_docker_networks_custom', role='whisparr') }}"  # Restart Policy-whisparr_docker_restart_policy: unless-stopped+whisparr_role_docker_restart_policy: unless-stopped  # State-whisparr_docker_state: started+whisparr_role_docker_state: started

modified

roles/whisparr/tasks/main2.yml

@@ -10,9 +10,9 @@ - name: Add DNS record   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/dns/tasker.yml"   vars:-    dns_record: "{{ lookup('vars', role_name + '_dns_record') }}"-    dns_zone: "{{ lookup('vars', role_name + '_dns_zone') }}"-    dns_proxy: "{{ lookup('vars', role_name + '_dns_proxy') }}"+    dns_record: "{{ lookup('role_var', '_dns_record') }}"+    dns_zone: "{{ lookup('role_var', '_dns_zone') }}"+    dns_proxy: "{{ lookup('role_var', '_dns_proxy') }}"  - name: Remove existing Docker container   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/remove_docker_container.yml"@@ -24,5 +24,5 @@   ansible.builtin.include_tasks: "{{ resources_tasks_path }}/docker/create_docker_container.yml"  - name: "Tweak Settings when SSO is enabled"-  ansible.builtin.import_tasks: "subtasks/auth.yml"-  when: (lookup('vars', whisparr_name + '_traefik_sso_middleware', default=whisparr_traefik_sso_middleware) | length > 0) and lookup('vars', whisparr_name + '_external_auth', default=whisparr_external_auth)+  ansible.builtin.include_tasks: "subtasks/auth.yml"+  when: (lookup('role_var', '_traefik_sso_middleware', role='whisparr') | length > 0) and lookup('role_var', '_external_auth', role='whisparr')

modified

roles/whisparr/tasks/subtasks/auth.yml

@@ -9,7 +9,7 @@ --- - name: Auth | Wait for 'config.xml' to be created   ansible.builtin.wait_for:-    path: "/opt/{{ whisparr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ whisparr_name }}/config.xml"     state: present  - name: Auth | Wait for 10 seconds@@ -18,7 +18,7 @@  - name: Auth | Lookup AuthenticationMethod value   community.general.xml:-    path: "/opt/{{ whisparr_name }}/config.xml"+    path: "{{ server_appdata_path }}/{{ whisparr_name }}/config.xml"     xpath: "/Config/AuthenticationMethod"     content: "text"   register: xmlresp@@ -28,7 +28,7 @@   block:     - name: Auth | Change the 'AuthenticationMethod' attribute to 'External'       community.general.xml:-        path: "/opt/{{ whisparr_name }}/config.xml"+        path: "{{ server_appdata_path }}/{{ whisparr_name }}/config.xml"         xpath: "/Config/AuthenticationMethod"         value: "External"

modified

roles/yyq/tasks/main.yml

@@ -33,7 +33,7 @@   block:     - name: Install common packages       ansible.builtin.apt:-        state: present+        state: latest         name:           - curl           - jq

modified

saltbox.yml

@@ -12,7 +12,6 @@     - ['hetzner_vlan.yml', 'defaults/hetzner_vlan.yml.default']   roles:     - { role: user_check, tags: ['always'] }-    - { role: settings, tags: ['settings'] }     - { role: pre_tasks, tags: ['always', 'pre-tasks'] }     - { role: sanity_check, tags: ['always', 'sanity-check'] }     - { role: backup, tags: ['backup'] }@@ -24,10 +23,10 @@     - { role: user, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'preinstall', 'user'] }     - { role: shell, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'preinstall', 'shell'] }     - { role: rclone, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'preinstall', 'rclone'] }+    - { role: mount_templates, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'preinstall', 'mounts', 'mount-templates'] }     - { role: system, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'system'] }     - { role: common, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'common'] }     - { role: motd, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'motd', 'motd-generate-config'], when: ['use_motd'] }-    - { role: mount_templates, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'mounts', 'mount-templates'] }     - { role: remote, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'mounts'] }     - { role: unionfs, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'mounts'] }     - { role: nvidia, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'docker', 'nvidia', 'nvidia-purge'], when: ['use_nvidia'] }@@ -47,6 +46,7 @@     - { role: portainer, tags: ['portainer'] }     - { role: organizr, tags: ['organizr'] }     - { role: cloudplow, tags: ['saltbox', 'feederbox', 'cloudplow', 'cloudplow-reset'], when: ['use_cloudplow'] }+    - { role: cloudplow_disable, tags: ['cloudplow-disable']}     - { role: sonarr, tags: ['sonarr'] }     - { role: radarr, tags: ['radarr'] }     - { role: lidarr, tags: ['lidarr'] }@@ -59,6 +59,7 @@     - { role: authentik, tags: ['authentik', 'authentik-reset'] }     - { role: autobrr, tags: ['autobrr'] }     - { role: autoheal, tags: ['autoheal'] }+    - { role: autoplow, tags: ['autoplow'] }     - { role: autoscan, tags: ['autoscan'] }     - { role: bazarr, tags: ['bazarr'] }     - { role: btrfsmaintenance, tags: ['btrfsmaintenance'] }@@ -87,12 +88,12 @@     - { role: plex, tags: ['plex', 'plex-reset-codecs', 'plex-reclaim'] }     - { role: plex_db, tags: ['plex-db'] }     - { role: postgres, tags: ['postgres'] }+    - { role: postgres_host, tags: ['postgres-host'] }     - { role: prometheus, tags: ['prometheus'] }     - { role: prowlarr, tags: ['prowlarr'] }     - { role: python, tags: ['python'] }     - { role: qbittorrent, tags: ['qbittorrent'] }     - { role: redis, tags: ['redis'] }-    - { role: rutorrent, tags: ['rutorrent'] }     - { role: sabnzbd, tags: ['sabnzbd'] }     - { role: scrutiny, tags: ['scrutiny'] }     - { role: subliminal, tags: ['subliminal'] }@@ -103,15 +104,16 @@     # Apps End     - { role: custom, tags: ['custom'] }     - { role: diag, tags: ['diag'] }+    - { role: authentik_worker, tags: ['never'] }+    - { role: error_pages, tags: ['never'] }+    - { role: lldap, tags: ['never'] }     - { role: hetzner_nfs, tags: ['hetzner-nfs-server', 'hetzner-nfs-server-uninstall', 'hetzner-nfs-client-mount', 'hetzner-nfs-client-unmount'] }     - { role: hetzner_vlan, tags: ['hetzner-vlan-deploy', 'hetzner-vlan-remove'] }     - { role: permissions, tags: ['fix-permissions'] }     - { role: plex_auth_token, tags: ['plex-auth-token'] }     - { role: plex_fix_futures, tags: ['plex-fix-futures'] }     - { role: saltbox_mod, tags: ['saltbox-mod'] }-    - { role: sub_zero, tags: ['plex-plugins-sub-zero', 'plex-plugins-sub-zero-reinstall'] }     - { role: traefik_file_template, tags: ['generate-traefik-file-template'] }     - { role: traefik_template, tags: ['generate-traefik-template'] }-    - { role: webtools, tags: ['plex-plugins-webtools', 'plex-plugins-webtools-reinstall'] }     # Reboot checker     - { role: reboot, tags: ['core', 'saltbox', 'mediabox', 'feederbox', 'system'] }

Files Added

Files Removed

Files Modified

Total Changes

Changed Files

library/cloudflare_dns_records.py

library/cloudflare_ssl.py

library/ip_timezone_lookup.py

library/tld_parse.py

lookup_plugins/docker_var.py

lookup_plugins/docker_vars.py

lookup_plugins/role_var.py

resources/tasks/instances/nzbget.yml

resources/tasks/instances/sabnzbd.yml

resources/tasks/variables/import_inventory_vars.yml

resources/tasks/variables/import_role_vars.yml

roles/autoplow/defaults/main.yml

roles/autoplow/tasks/main.yml

roles/autoplow/templates/autoplow.service.j2

roles/autoplow/templates/autoplow.yml.j2

roles/backup/templates/backup_excludes_list.txt.j2

roles/cloudplow_disable/tasks/main.yml

roles/motd/tasks/subtasks/emby_info.yml

roles/motd/tasks/subtasks/jellyfin_info.yml

roles/motd/tasks/subtasks/qbittorrent_info.yml

roles/postgres_host/defaults/main.yml

roles/postgres_host/tasks/main.yml

roles/postgres_host/tasks/setup_version.yml

roles/pre_tasks/defaults/main.yml

roles/timescaledb/defaults/main.yml

roles/timescaledb/tasks/main.yml

roles/timescaledb/tasks/main2.yml

roles/traefik_template/templates/docker-compose.yml.j2

scripts/saltbox-defaults-linter.py

resources/roles/dns/files/fetch_cloudflare_records.py

resources/roles/dns/files/requirements.txt

resources/roles/dns/tasks/cloudflare/subtasks/checksum.yml

resources/roles/dns/tasks/cloudflare/subtasks/python.yml

resources/roles/dns/tasks/cloudflare/subtasks/setup.yml

roles/autobrr/templates/config.toml.j2

roles/backup/files/backup_excludes_list.txt

roles/backup2/files/backup_excludes_list.txt

roles/cloudplow/tasks/subtasks/disable.yml

roles/diag/files/cloudflare_ssl.py

roles/jaeger/defaults/main.yml

roles/jaeger/tasks/main.yml

roles/rutorrent/defaults/main.yml

roles/rutorrent/files/plugins.ini

roles/rutorrent/tasks/main.yml

roles/rutorrent/tasks/subtasks/post-install/main.yml

roles/rutorrent/tasks/subtasks/post-install/settings/main.yml

roles/rutorrent/tasks/subtasks/post-install/settings/new_installs.yml

roles/rutorrent/tasks/subtasks/pre-install/existing_installs.yml

roles/rutorrent/tasks/subtasks/pre-install/main.yml

roles/rutorrent/templates/diskspace_conf.php.j2

roles/scripts/files/plex_autoscan_url.sh

roles/scripts/files/plexsql.sh

roles/scripts/files/restart_containers.sh

roles/settings/files/settings-updater.py

roles/settings/tasks/main.yml

roles/settings/tasks/main2.yml

roles/settings/tasks/subtasks/copy.yml

roles/settings/tasks/subtasks/finish.yml

roles/settings/tasks/subtasks/migrator.yml

roles/settings/tasks/subtasks/migrator/accounts_yml/migration_01.yml

roles/settings/tasks/subtasks/migrator/adv_settings_yml/migration_01.yml

roles/settings/tasks/subtasks/migrator/all/migration_01.yml

roles/settings/tasks/subtasks/migrator/backup_config_yml/migration_01.yml

roles/settings/tasks/subtasks/migrator/providers_yml/migration_01.yml

roles/settings/tasks/subtasks/migrator/settings_yml/migration_01.yml

roles/settings/tasks/subtasks/start.yml

roles/settings/tasks/subtasks/updater.yml

roles/sub_zero/defaults/main.yml

roles/sub_zero/tasks/main.yml

roles/webtools/defaults/main.yml

roles/webtools/tasks/main.yml

scripts/salty-linter.py

.ansible-lint

.github/workflows/contributors.yml

.github/workflows/notify.yml