applications/n8n/values.yaml aktualisiert

.gitea/workflows/helmfile.yaml

@@ -0,0 +1,37 @@
+name: "Helmfile Update Workflow"
+
+on:
+  push:
+    branches:
+      - master  # Trigger on push to the main branch
+  pull_request:
+    types: [opened, synchronize, reopened]  # Trigger on PR events
+
+jobs:
+  update-helm-deployment:
+    runs-on: ubuntu-latest
+
+    # Use Docker image with Helm, Helmfile, node and kubectl pre-installed
+    container:
+      image: ${{ vars.REGISTRY }}/oci-images/alpine-helmfile:latest
+
+    steps:
+      # Step 1: Checkout the repository
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Step 2: Set up Kubernetes configuration (optional - depends on where your cluster is)
+      - name: Set up kubeconfig
+        env:
+          KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}  # Store your kubeconfig in Gitea Secrets
+        run: |
+          echo "$KUBE_CONFIG_DATA" | base64 -d > ~/.kube/config
+          kubectl config use-context homelab
+          chmod 600 ~/.kube/config
+          cat ~/.kube/config
+
+      - name: Helmfile Apply
+        uses: helmfile/helmfile-action@v2.0.0
+        with:
+          helmfile-args: apply
+          helmfile-auto-init: "false"

.gitignore

@@ -1,5 +1,6 @@
 # ---> Ansible
 *.retry
+.vault
 
 # ---> Python
 # Byte-compiled / optimized / DLL files
@@ -86,6 +87,8 @@ target/
 profile_default/
 ipython_config.py
 
+k3s-ansible/inventory.yaml
+
 # pyenv
 #   For a library or package, you might want to ignore these files since the code is
 #   intended to run in multiple environments; otherwise, check them in:
@@ -155,3 +158,7 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+*.DS_Store
+
+# VSCODE
+*.vscode

.gitmodules

@@ -1,18 +1,3 @@
 [submodule "k3s-ansible"]
 	path = k3s-ansible
-	url = https://github.com/techno-tim/k3s-ansible.git
-[submodule "haup/gitea"]
-	path = roles/haup.gitea
-	url = ssh://git@git.unkrig.dev:2222/tim/gitea.git
-[submodule "roles/docker-semaphore"]
-	path = roles/docker-semaphore
-	url = ssh://git@git.unkrig.dev:2222/ansible-roles/docker-semaphore.git
-[submodule "roles/docker-droneCI"]
-	path = roles/docker-droneCI
-	url = ssh://git@git.unkrig.dev:2222/ansible-roles/docker-droneCI.git
-[submodule "roles/pi_hole"]
-	path = roles/pi_hole
-	url = ssh://git@git.unkrig.dev:2222/ansible-roles/pi_hole.git
-[submodule "roles/docker"]
-	path = roles/docker
-	url = ssh://git@git.unkrig.dev:2222/tim/docker.git
+	url = https://github.com/k3s-io/k3s-ansible.git

.vscode/settings.json

@@ -1,11 +1,15 @@
 {
     "yaml.schemas": {
-        "https://json.schemastore.org/yamllint.json": "file:///Users/tim/Projects/homelab/prometheus.yaml",
         "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/meta.json": [
             "file:///Users/tim/Projects/homelab/roles/haup.gitea/meta/main.yml",
-            "file:///Users/tim/Projects/homelab/roles/haup.docker/meta/main.yml"
+            "file:///Users/tim/Projects/homelab/roles/haup.docker/meta/main.yml",
+            "file:///Users/tim/Projects/homelab/roles/pi_hole/meta/main.yml"
         ],
-        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///Users/tim/Projects/homelab/roles/haup.docker/tasks/main.yml"
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": "file:///Users/tim/Projects/homelab/roles/haup.docker/tasks/main.yml",
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/playbook": [
+            "file:///Users/tim/Projects/homelab/infra.yaml",
+            "file:///Users/tim/Projects/homelab/prometheus.yaml"
+        ]
     },
     "ansible.python.interpreterPath": "/opt/homebrew/bin/python3"
 }

ansible.cfg

@@ -1,5 +0,0 @@
-[defaults]
-nocows = True
-inventory = ./inventory
-roles_path = ./roles/
-pipelining = True

ansible/ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+nocows = True
+inventory = inventory/hosts.yaml
+roles_path = roles
+pipelining = True
+vault_password_file = .vault
+interpreter_python = auto_silent

ansible/cloud.yaml

@@ -0,0 +1,6 @@
+---
+
+- name: Manage nextcloud-aio VM
+  hosts: cloud
+  roles:
+    - { role: prometheus.prometheus.node_exporter, become: true }

ansible/devops.yaml

@@ -0,0 +1,9 @@
+---
+
+- name: Manage devops VM
+  hosts: devops
+  vars: []
+  roles:
+    - { role: docker, become: true }
+    - { role: haup.gitea, become: true }
+    - { role: prometheus.prometheus.node_exporter, become: true }

ansible/gitlab.yaml

@@ -0,0 +1,54 @@
+---
+
+- name: Manage devops VM
+  hosts: gitlab
+  vars:
+    mail_server: "smtp.variomedia.de"
+    mail_username: "relay@unkrig.dev"
+    mail_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          33663362623763346365343030376663333238333437326538616138316564316538343666656335
+          3532613366393466346262613264643437313138396363310a623962366634323064613161646461
+          63323936353762613863373961333264616136376366333232363137373261323133363136383765
+          6639663162633638650a653662333738396165356564363137613434376334643831313161346461
+          63663366303663643064626137356465636530653933663237393363356238616562373937626462
+          3164336265373436353331613262643563653066346237373031
+  roles:
+    - { role: postfix, become: true }
+    - { role: docker, become: true }
+    - { role: prometheus.prometheus.node_exporter, become: true }
+  tasks:
+    - name: Install gitlab dependencies
+      ansible.builtin.apt:
+        name: "{{ item }}"
+      loop:
+        - curl
+        - openssh-server
+        - ca-certificates
+        - perl
+      become: true
+
+    - name: Download foo.conf
+      ansible.builtin.get_url:
+        url: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh
+        dest: /tmp/script.deb.sh
+        mode: '0770'
+      become: true
+
+    - name: Install repo script from gitlab
+      ansible.builtin.command: /tmp/script.deb.sh
+      changed_when: true
+      become: true
+
+    - name: Install gitlab-ee
+      ansible.builtin.apt:
+        name: gitlab-ee
+      become: true
+      environment:
+        EXTERNAL_URL: "https://gitlab.unkrig.dev"
+
+    - name: Mark gitlab-ee package
+      ansible.builtin.dpkg_selections:
+        name: gitlab-ee
+        selection: hold
+      become: true

ansible/infra.yaml

@@ -0,0 +1,10 @@
+---
+
+- name: Manage infra VM
+  hosts: infra
+  roles:
+    - { role: docker, become: true }
+    - { role: pi_hole, become: true }
+#     - { role: nginxproxymanager, become: true }
+    - { role: unifi_controller, become: true }
+    - { role: prometheus.prometheus.node_exporter, become: true }

ansible/inventory/group_vars/rke2_cluster.yaml

@@ -0,0 +1,30 @@
+---
+
+os: "linux"
+arch: "amd64"
+
+kube_vip_version: "v0.8.0"
+vip_interface: eth0
+vip: 10.20.1.129
+
+metallb_version: v0.13.12
+lb_range: 10.20.1.130-10.20.1.160
+lb_pool_name: elfriede-pool
+
+# Deploy the control plane in HA mode
+rke2_ha_mode: false
+ansible_user: tim
+ansible_become: true
+ansible_become_method: sudo
+rke2_servers_group_name: rke2_servers
+rke2_cluster_group_name: rke2_cluster
+rke2_interface: eth0
+rke2_version: v1.29.4+rke2r1
+rke2_token: defaultSecret12345
+rke2_architecture: amd64
+rke2_channel: stable
+rke2_cni:
+  - multus
+  - calico
+rke2_api_ip: "{{ hostvars[groups[rke2_servers_group_name].0]['ansible_default_ipv4']['address'] }}"
+rke2_download_kubeconf: true

ansible/inventory/hosts.yaml

@@ -0,0 +1,52 @@
+all:
+    hosts:
+        openmediavault:
+            ansible_host: "10.20.1.5"
+            ansible_user: "tim"
+            host_var:
+                docker: True
+        proxmox:
+            ansible_host: "10.20.1.251"
+            ansible_user: "root"
+        devops:
+            ansible_host: "10.20.1.6"
+            docker_compose_paths:
+            - "/srv/gitea"
+        infra:
+            ansible_host: "10.20.1.1"
+            ansible_user: "tim"
+            docker_compose_paths:
+            - "/srv/traefik"
+            - "/srv/pi-hole"
+            - "/srv/freshrss"
+            - "/srv/vaultwarden"
+        k3s:
+            ansible_host: "10.20.1.128"
+            ansible_user: "tim"
+            host_var:
+                k3s_type: server
+        cloud:
+            ansible_host: "10.20.1.8"
+            ansible_user: "tim"
+    vars:
+    children:
+        debian:
+            hosts:
+                devops:
+                openmediavault:
+                cloud:
+                infra:
+        pve:
+            hosts:
+                proxmox:
+        k3s_cluster:
+            children:
+                k3s_servers:
+                    hosts:
+                        k3s:
+        docker:
+            children:
+                docker_compose:
+                    hosts:
+                        devops:
+                        infra:

ansible/k3s.yaml

@@ -0,0 +1,129 @@
+---
+
+- name: Manage k3s Installation
+  hosts: k3s
+  become: true
+  vars_files: []
+  vars:
+    locale: "de_DE.UTF-8"
+    timezone: "Europe/Berlin"
+    kbdlayout: "de"
+  pre_tasks:
+    - name: Update cache if necassary
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 86400
+  tasks:
+    - name: Dist-upgrade
+      ansible.builtin.apt:
+        upgrade: full
+
+    - name: Change locale
+      ansible.builtin.command: "raspi-config nonint do_change_locale {{ locale }}"
+      register: my_output # <- Registers the command output.
+      changed_when: my_output.rc != 0 # <- Uses the return code to define when the task has changed.
+
+    - name: Change timezone
+      ansible.builtin.command: "raspi-config nonint do_change_timezone {{ timezone }}"
+      register: my_output # <- Registers the command output.
+      changed_when: my_output.rc != 0 # <- Uses the return code to define when the task has changed.
+
+    - name: Change keyboard layout
+      ansible.builtin.command: "raspi-config nonint do_configure_keyboard {{ kbdlayout }}"
+      register: my_output # <- Registers the command output.
+      changed_when: my_output.rc != 0 # <- Uses the return code to define when the task has changed.
+
+    - name: Enable IPv4 forwarding
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: "1"
+        state: present
+        reload: true
+
+    - name: Enable IPv6 forwarding
+      ansible.posix.sysctl:
+        name: net.ipv6.conf.all.forwarding
+        value: "1"
+        state: present
+        reload: true
+
+    - name: Activating cgroup support
+      ansible.builtin.lineinfile:
+        path: /boot/cmdline.txt
+        regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
+        line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
+        backrefs: true
+      notify: Reboot
+
+    - name: Flush iptables before changing to iptables-legacy
+      ansible.builtin.iptables:
+        flush: true
+      changed_when: false   # iptables flush always returns changed
+
+    - name: Changing to iptables-legacy
+      community.general.alternatives:
+        path: /usr/sbin/iptables-legacy
+        name: iptables
+      register: ip4_legacy
+
+    - name: Changing to ip6tables-legacy
+      community.general.alternatives:
+        path: /usr/sbin/ip6tables-legacy
+        name: ip6tables
+      register: ip6_legacy
+
+  handlers:
+    - name: Reboot
+      ansible.builtin.reboot:
+
+
+- name: Install k3s master
+  hosts: k3s_master
+  become: true
+  tasks:
+    - name: Download k3s Install Script
+      ansible.builtin.get_url:
+        url: https://get.k3s.io
+        dest: /tmp/k3s_install.sh
+        mode: '0750'
+      delegate_to: "{{ item }}"
+      loop: "{{ groups.k3s }}"
+
+    - name: Install k3s with oneliner
+      ansible.builtin.command: "./k3s_install.sh --disable traefik --disable servicelb"
+      args:
+        chdir: /tmp/
+      register: my_output
+      changed_when: my_output.rc != 0
+
+    - name: Print debug log
+      ansible.builtin.debug:
+        msg: "{{ my_output }}"
+
+    - name: Get Token for joining cluster
+      ansible.builtin.slurp:
+        src: /var/lib/rancher/k3s/server/node-token
+      register: token
+
+    - name: Set token as fact
+      ansible.builtin.set_fact:
+        token: "{{ token }}"
+
+    - debug:
+        msg: "{{ hostvars['k3s-cp']['ansible_facts']['default_ipv4']['address'] }}\n {{ token }}"
+
+    - name: Install nodes with k3s
+      ansible.builtin.command: "./k3s_install.sh"
+      args:
+        chdir: /tmp/
+      environment:
+        K3S_URL: "https://{{ hostvars['k3s-cp']['ansible_facts']['default_ipv4']['address'] }}:6443"
+        K3S_TOKEN: "{{ token.content }}"
+      delegate_to: "{{ item }}"
+      loop: "{{ groups.k3s_nodes }}"
+      register: my_output # <- Registers the command output.
+      changed_when: my_output.rc != 0
+
+    - name: Print debug log
+      ansible.builtin.debug:
+        msg: "{{ my_output }}"

ansible/prometheus.yaml

@@ -10,16 +10,19 @@
     - prometheus.prometheus.blackbox_exporter
     - prometheus.prometheus.snmp_exporter
     - prometheus.prometheus.alertmanager
-    - cloudalchemy.grafana
+    - grafana.grafana.grafana
   vars:
     prometheus_targets:
       node:
         - targets:
             - localhost:9100
             - proxmox:9100
-            - 10.10.20.3:9100
-            - 10.10.20.5:9100
-            - skyconnect:9100
+            - infra:9100
+            - docker:9100
+            - cloud:9100
+            - 10.20.1.5:9100
+            - devops:9100
+
           labels:
             env: elfriede
     prometheus_scrape_configs:
@@ -28,11 +31,6 @@
         static_configs:
           - targets: 
             - localhost:9787
-      - job_name: "sbc"
-        scrape_interval: 60s
-        static_configs:
-          - targets: 
-            - 10.10.20.11:9099
       - job_name: "node"
         file_sd_configs:
         - files:

ansible/requirements.yaml

@@ -2,6 +2,5 @@
 collections:
   - name: community.general
   - name: prometheus.prometheus
-
-roles:
-  - name: cloudalchemy.grafana
+  - name: grafana.grafana
+  - name: community.docker

ansible/rke.yaml

@@ -0,0 +1,22 @@
+---
+- name: Manage rke Installation
+  hosts: rke2_cluster
+  become: true
+  gather_facts: true
+  vars_files: []
+  vars:
+    locale: "de_DE.UTF-8"
+    timezone: "Europe/Berlin"
+    kbdlayout: "de"
+  pre_tasks:
+    - name: Update cache if necassary
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 86400
+  tasks:
+    - name: Dist-upgrade
+      ansible.builtin.apt:
+        upgrade: full
+        
+  roles:
+     - role: lablabs.rke2

ansible/roles/add-agent

@@ -0,0 +1 @@
+../JimsGarage/Ansible/Playbooks/RKE2/roles/add-agent

ansible/roles/add-server

@@ -0,0 +1 @@
+../JimsGarage/Ansible/Playbooks/RKE2/roles/add-server

ansible/roles/apply-manifests

@@ -0,0 +1 @@
+../JimsGarage/Ansible/Playbooks/RKE2/roles/apply-manifests

ansible/roles/cloudalchemy.grafana/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Tue Oct 31 11:35:43 2023
+version: 0.18.0

ansible/roles/docker-droneCI/.gitignore

@@ -0,0 +1,3 @@
+# ---> Ansible
+*.retry
+

ansible/roles/docker-droneCI/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/docker-droneCI/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for docker-droneCI

ansible/roles/docker-droneCI/files/docker-compose.yaml.j2

@@ -0,0 +1,37 @@
+version: '2'
+
+services:
+  drone-server:
+    image: drone/drone:latest
+
+    ports:
+      - 8967:80
+      - 8968:443
+    volumes:
+      - /srv/drone/data:/data/
+    restart: always
+    environment:
+      - DRONE_SERVER_HOST={{ drone_server_url }}
+      - DRONE_SERVER_PROTO=https
+      - DRONE_GITEA_SERVER={{ drone_gitea_url }}
+      - DRONE_GITEA_CLIENT_ID={{ drone_gitea_client_id }}
+      - DRONE_GITEA_CLIENT_SECRET={{ drone_gitea_client_secret }}
+      - DRONE_RPC_SECRET={{ drone_rpc_secret }}
+      - DRONE_GIT_ALWAYS_AUTH=true
+  drone-runner:
+    image: drone/drone-runner-docker:latest
+    command: agent
+    restart: always
+    depends_on:
+      - drone-server
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DRONE_RPC_SECRET={{ drone_rpc_secret }}
+      - DRONE_RPC_PROTO=http
+      - DRONE_RPC_HOST=drone-server
+      - DRONE_RUNNER_NAME="docker-runner"
+      - DRONE_RUNNER_CAPACITY=2
+      - DRONE_DEBUG=true
+      - DRONE_TRACE=true
+      - DRONE_RUNNER_NETWORKS=drone_default,gitea_gitea

ansible/roles/docker-droneCI/meta/main.yml

@@ -1,6 +1,6 @@
 galaxy_info:
   author: Tim Unkrig
-  description: homelab
+  description: docker install homelab
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -13,7 +13,7 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: "MIT"
+  license: license (GPL-2.0-or-later, MIT, etc)
 
   min_ansible_version: "2.8"
 

ansible/roles/docker-droneCI/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
-# tasks file for pi-hole
+# tasks file for docker-droneCI
 
-- name: Create pi-hole directory
+- name: Create drone directory
   ansible.builtin.file:
     path: "{{ app_dir }}"
     state: directory
@@ -21,9 +21,9 @@
     group: root
     mode: '0660'
     validate: docker-compose config --quiet --file %s
-    backup: true
+    backup: yes
 
 - name: Start docker-compose
-  community.docker.docker_compose:
+  docker_compose:
     project_src: "{{ app_dir }}"
     state: present

ansible/roles/docker-droneCI/vars/main.yml

@@ -1,3 +1,4 @@
 ---
 # vars file for haup.gitea
-app_dir: "/srv/pi-hole"
+
+app_dir: "/srv/drone/"

ansible/roles/docker-semaphore/.gitignore

@@ -0,0 +1,3 @@
+# ---> Ansible
+*.retry
+

ansible/roles/docker-semaphore/LICENSE

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2023 ansible-roles
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

ansible/roles/docker-semaphore/README.md

@@ -0,0 +1,2 @@
+# docker-semaphore
+

ansible/roles/docker/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for haup.gitea

ansible/roles/docker/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Mon Oct 23 14:05:36 2023
+version: ''

ansible/roles/docker/meta/main.yml

@@ -0,0 +1,47 @@
+galaxy_info:
+  author: Tim Unkrig
+  description: docker install homelab
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: "2.8"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+  - name: Debian
+    versions:
+    - "bookworm"
+  - name: Ubuntu
+    versions:
+    - "jammy"
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+# tasks file for haup.docker
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install docker.io
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  loop:
+    - docker.io
+    - docker-compose
+    - containerd

ansible/roles/docker/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

ansible/roles/docker/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - haup.gitea

ansible/roles/docker/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for haup.gitea