initial commit

templates/docker-compose.yml.j2

@@ -0,0 +1,19 @@
+version: '3.8'
+
+services:
+  trillium:
+    image: zadam/trillium:latest
+    container_name: {{ trillium_container_name }}
+    restart: unless-stopped
+    ports:
+      - "{{ trillium_port }}:8080"
+    volumes:
+      - {{ trillium_data_path }}:/trillium-data
+    environment:
+      - TRILIUM_DATA_DIR=/trillium-data
+    networks:
+      - trillium-network
+
+networks:
+  trillium-network:
+    driver: bridge

templates/gitea-docker-compose.yml.j2

@@ -0,0 +1,31 @@
+version: '3.8'
+
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: {{ gitea_container_name }}
+    restart: unless-stopped
+    ports:
+      - "{{ gitea_port }}:3000"
+    volumes:
+      - {{ gitea_data_path }}:/data
+      - {{ gitea_config_path }}:/etc/gitea
+      - {{ gitea_git_path }}:/var/lib/gitea/git
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=sqlite3
+      - GITEA__database__PATH=/data/gitea/gitea.db
+      - GITEA__server__DOMAIN={{ gitea_domain }}
+      - GITEA__server__ROOT_URL=https://{{ gitea_domain }}
+      - GITEA__server__SSH_DOMAIN={{ gitea_domain }}
+      - GITEA__server__SSH_PORT=22
+      - GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__REQUIRE_SIGNIN_VIEW=false
+      - GITEA__security__INSTALL_LOCK=true
+    networks:
+      - gitea-network
+
+networks:
+  gitea-network:
+    driver: bridge

templates/gitea-nginx-site.conf.j2

@@ -0,0 +1,30 @@
+# HTTP server block for Gitea - will be updated by Certbot
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ gitea_domain }};
+
+    # Allow Let's Encrypt challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Proxy to Gitea
+    location / {
+        proxy_pass http://localhost:{{ gitea_port }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # WebSocket support for Gitea
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}

templates/gitea.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Gitea Git Server
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/opt/gitea
+ExecStart=/opt/gitea/start-gitea.sh
+ExecStop=/usr/bin/docker-compose -f /opt/gitea/docker-compose.yml down
+User={{ ansible_user }}
+
+[Install]
+WantedBy=multi-user.target

templates/nginx-site.conf.j2

@@ -0,0 +1,54 @@
+# HTTP server block - redirects to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ trillium_domain }};
+
+    # Allow Let's Encrypt challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    # Redirect all other HTTP traffic to HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS server block
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ trillium_domain }};
+
+    # SSL configuration (will be updated by Certbot)
+    ssl_certificate /etc/letsencrypt/live/{{ trillium_domain }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ trillium_domain }}/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    # Security headers
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    # Proxy to Trillium Notes
+    location / {
+        proxy_pass http://localhost:{{ trillium_port }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # WebSocket support for Trillium
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # Timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}

templates/start-gitea.sh.j2

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Gitea startup script
+cd /opt/gitea
+
+# Pull latest image
+docker-compose pull
+
+# Start the service
+docker-compose up -d
+
+# Check if container is running
+if docker-compose ps | grep -q "Up"; then
+    echo "Gitea started successfully"
+    echo "Access it at: https://{{ gitea_domain }}"
+else
+    echo "Failed to start Gitea"
+    exit 1
+fi

templates/start-trillium.sh.j2

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Trillium Notes startup script
+cd /opt/trillium
+
+# Pull latest image
+docker-compose pull
+
+# Start the service
+docker-compose up -d
+
+# Check if container is running
+if docker-compose ps | grep -q "Up"; then
+    echo "Trillium Notes started successfully"
+    echo "Access it at: https://{{ full_domain }}"
+else
+    echo "Failed to start Trillium Notes"
+    exit 1
+fi

templates/trillium.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Trillium Notes
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/opt/trillium
+ExecStart=/opt/trillium/start-trillium.sh
+ExecStop=/usr/bin/docker-compose -f /opt/trillium/docker-compose.yml down
+User={{ ansible_user }}
+
+[Install]
+WantedBy=multi-user.target