Fix fresh-deploy blockers and clean up architecture

- Seed postfix-accounts.cf before mailserver start to satisfy Dovecot's requirement for at least one account on first boot - Add failed_when: false to mail user/alias list tasks (files don't exist on first run) - Add forgejo_runner_version (was undefined); default to 12 - Create /srv/forgejo/data/gitea/conf before deploying app.ini - Decouple goaccess sync from restic: new enable_goaccess_sync flag with its own goaccess_sync_* variables - Move Docker installation to bootstrap exclusively; rename docker.yml to networks.yml (runs docker_network role only) - Add radicale_password to vault template and setup.sh - Fix goaccess sync tasks gated on enable_goaccess_sync - Add upstream bug comment to authorized_key deprecation warning - Update CLAUDE.md and README.md throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 00:51:16 -07:00 · 2026-02-28 00:51:16 -07:00 · b38cd94fc8
commit b38cd94fc8
parent 75891c3271
23 changed files with 400 additions and 307 deletions
--- a/inventory/group_vars/all/config.yml.setup
+++ b/inventory/group_vars/all/config.yml.setup
@ -20,12 +20,14 @@
 enable_mail: true
 enable_forgejo: true
 enable_monitoring: true
-enable_restic: true
+enable_restic: false
 enable_fail2ban: true
 enable_tuwunel: true
 enable_nebula: true
 enable_diun: true
 enable_goaccess: true
+enable_goaccess_sync: false
+enable_radicale: true

 # ============================================================
 # System
@ -34,6 +36,7 @@ domain: $domain
 server_name: $server_name
 server_ip: $server_ip
 admin_user: $admin_user
+admin_shell: /bin/zsh
 admin_ssh_key: "{{ lookup('file', '$ssh_key_pub') }}"
 timezone: UTC

@ -44,6 +47,7 @@ caddy_version: "2"
 mailserver_version: "latest"
 rainloop_version: "latest"
 forgejo_version: "11"
+forgejo_runner_version: "12"
 prometheus_version: "latest"
 alloy_version: "latest"
 grafana_version: "latest"
@ -143,6 +147,13 @@ goaccess_sites:
  - rspamd.$domain
 goaccess_user: admin

+# Sync reports to a remote host via rsync over SSH (enable_goaccess_sync: true to activate)
+# goaccess_sync_host: "uXXXXXX.your-storagebox.de"
+# goaccess_sync_user: uXXXXXX
+# goaccess_sync_ssh_port: 23
+# goaccess_sync_ssh_key: "/root/.ssh/goaccess_sync"
+# goaccess_sync_remote_path: "analytics"
+
 # ============================================================
 # Diun (Docker Image Update Notifier)
 # ============================================================