Fix fresh-deploy blockers and clean up architecture

- Seed postfix-accounts.cf before mailserver start to satisfy Dovecot's requirement for at least one account on first boot - Add failed_when: false to mail user/alias list tasks (files don't exist on first run) - Add forgejo_runner_version (was undefined); default to 12 - Create /srv/forgejo/data/gitea/conf before deploying app.ini - Decouple goaccess sync from restic: new enable_goaccess_sync flag with its own goaccess_sync_* variables - Move Docker installation to bootstrap exclusively; rename docker.yml to networks.yml (runs docker_network role only) - Add radicale_password to vault template and setup.sh - Fix goaccess sync tasks gated on enable_goaccess_sync - Add upstream bug comment to authorized_key deprecation warning - Update CLAUDE.md and README.md throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 00:51:16 -07:00 · 2026-02-28 00:51:16 -07:00 · b38cd94fc8
commit b38cd94fc8
parent 75891c3271
23 changed files with 400 additions and 307 deletions
--- a/roles/goaccess/tasks/main.yml
+++ b/roles/goaccess/tasks/main.yml
@ -59,6 +59,7 @@
    owner: root
    group: root
    mode: "0755"
+  when: enable_goaccess_sync | default(false)

 - name: Deploy sync systemd service
  ansible.builtin.template:
@ -68,6 +69,7 @@
    group: root
    mode: "0644"
  notify: Reload systemd
+  when: enable_goaccess_sync | default(false)

 - name: Deploy sync systemd timer
  ansible.builtin.template:
@ -77,15 +79,20 @@
    group: root
    mode: "0644"
  notify: Reload systemd
+  when: enable_goaccess_sync | default(false)

 - name: Flush handlers to reload systemd
  ansible.builtin.meta: flush_handlers

- name: Enable and start GoAccess timers
+- name: Enable and start GoAccess report timer
  ansible.builtin.systemd:
-    name: "{{ item }}"
+    name: goaccess-report.timer
    enabled: true
    state: started
-  loop:
-    - goaccess-report.timer
-    - goaccess-sync.timer
+
+- name: Enable and start GoAccess sync timer
+  ansible.builtin.systemd:
+    name: goaccess-sync.timer
+    enabled: true
+    state: started
+  when: enable_goaccess_sync | default(false)
--- a/roles/goaccess/templates/goaccess-sync.sh.j2
+++ b/roles/goaccess/templates/goaccess-sync.sh.j2
@ -2,6 +2,6 @@
 set -euo pipefail

 rsync -az --delete \
-  -e "ssh -i {{ restic_ssh_key }} -p {{ restic_ssh_port }} -o StrictHostKeyChecking=no -o BatchMode=yes" \
+  -e "ssh -i {{ goaccess_sync_ssh_key }} -p {{ goaccess_sync_ssh_port }} -o StrictHostKeyChecking=no -o BatchMode=yes" \
  /srv/goaccess/reports/ \
-  {{ restic_user }}@{{ restic_host }}:analytics/
+  {{ goaccess_sync_user }}@{{ goaccess_sync_host }}:{{ goaccess_sync_remote_path }}/