- Add dkim_sync.yml: generates DKIM keys for all mail_domains, writes
keys to stack config (group_vars/all/dkim.yml), and publishes
mail._domainkey TXT records via dns.yml — replaces manual vault editing
- Remove dkim_keys from vault.yml.setup (public keys don't need encryption)
- Add hcloud_labels to config.yml.setup and apply to server + SSH key in
provision role, enabling project-level tagging of Hetzner resources
- Fix setup.sh next steps: add missing bootstrap step, replace manual DKIM
instructions with dkim_sync.yml
- Update CLAUDE.md and README.md accordingly
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Seed postfix-accounts.cf before mailserver start to satisfy Dovecot's
requirement for at least one account on first boot
- Add failed_when: false to mail user/alias list tasks (files don't exist
on first run)
- Add forgejo_runner_version (was undefined); default to 12
- Create /srv/forgejo/data/gitea/conf before deploying app.ini
- Decouple goaccess sync from restic: new enable_goaccess_sync flag with
its own goaccess_sync_* variables
- Move Docker installation to bootstrap exclusively; rename docker.yml to
networks.yml (runs docker_network role only)
- Add radicale_password to vault template and setup.sh
- Fix goaccess sync tasks gated on enable_goaccess_sync
- Add upstream bug comment to authorized_key deprecation warning
- Update CLAUDE.md and README.md throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
