From c44fa40be433fb8ad04463efa6e85294f2a680fc Mon Sep 17 00:00:00 2001
From: drew <drew.wells007@icloud.com>
Date: Sun, 24 May 2026 12:12:36 -0400
Subject: [PATCH] Implement Trilium

---
 playbook.yml                                 |  1 +
 roles/adguard/tasks/main.yml                 |  1 +
 roles/caddy/templates/Caddyfile.j2           | 10 +++-
 roles/caddy/templates/caddy.container.j2     |  2 +-
 roles/trilium/tasks/firewall.yml             |  9 ++++
 roles/trilium/tasks/main.yml                 | 51 ++++++++++++++++++++
 roles/trilium/templates/trilium.container.j2 | 19 ++++++++
 7 files changed, 90 insertions(+), 3 deletions(-)
 create mode 100644 roles/trilium/tasks/firewall.yml
 create mode 100644 roles/trilium/tasks/main.yml
 create mode 100644 roles/trilium/templates/trilium.container.j2

diff --git a/playbook.yml b/playbook.yml
index 01d3d2b..68a3b37 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -34,6 +34,7 @@
     - firewall_base
     - container_runtime
     - adguard
+    - trilium
     - caddy
   
 - name: Workstation Setup
diff --git a/roles/adguard/tasks/main.yml b/roles/adguard/tasks/main.yml
index bccde31..f0920dd 100644
--- a/roles/adguard/tasks/main.yml
+++ b/roles/adguard/tasks/main.yml
@@ -34,6 +34,7 @@
     src: AdGuardHome.yaml.j2
     dest: "{{ stack_root }}/adguard/conf/AdGuardHome.yaml"
     mode: '0600'
+    force: "{{ adguard_overwrite_config | default(false) | bool }}"
 
 - name: Deploy AdGuard Quadlet
   template:
diff --git a/roles/caddy/templates/Caddyfile.j2 b/roles/caddy/templates/Caddyfile.j2
index 8a2b592..499fabf 100644
--- a/roles/caddy/templates/Caddyfile.j2
+++ b/roles/caddy/templates/Caddyfile.j2
@@ -1,7 +1,7 @@
 # Adguard
 {{ adguard_domain }} {
     tls internal
-    reverse_proxy {{ adguad_upstream }}
+    reverse_proxy {{ adguard_upstream }}
 }
 
 # QBittorrent
@@ -32,4 +32,10 @@
 {{ bazarr_domain }} {
     tls internal
     reverse_proxy {{ bazarr_upstream }}
-}
\ No newline at end of file
+}
+
+#Trilium
+{{ trilium_domain }} {
+    tls internal
+    reverse_proxy {{ trilium_upstream }}
+}
diff --git a/roles/caddy/templates/caddy.container.j2 b/roles/caddy/templates/caddy.container.j2
index b252ea3..b9c899a 100644
--- a/roles/caddy/templates/caddy.container.j2
+++ b/roles/caddy/templates/caddy.container.j2
@@ -8,7 +8,7 @@ After=homelab-network.service
 [Container]
 Image=docker.io/caddy:latest
 ContainerName=caddy
-Network=homelab
+Network=homelab.network
 
 Volume={{ caddy_dir }}/Caddyfile:/etc/caddy/Caddyfile
 Volume={{ caddy_dir }}/data:/data
diff --git a/roles/trilium/tasks/firewall.yml b/roles/trilium/tasks/firewall.yml
new file mode 100644
index 0000000..48b8a78
--- /dev/null
+++ b/roles/trilium/tasks/firewall.yml
@@ -0,0 +1,9 @@
+---
+# trilium/tasks/firewall.yml
+- name: Open Trilium firewall ports
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: true
+    state: enabled
+    immediate: true
+  loop: "{{ trilium_firewall_rules }}"
\ No newline at end of file
diff --git a/roles/trilium/tasks/main.yml b/roles/trilium/tasks/main.yml
new file mode 100644
index 0000000..f1e1b81
--- /dev/null
+++ b/roles/trilium/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+# trilium/tasks/main.yml
+- import_tasks: firewall.yml
+
+- name: Create stack and config directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ container_user }}"
+    group: "{{ container_group }}"
+    mode: "0755"
+    recurse: yes
+  loop: "{{ trilium_base_directories }}"
+
+- name: Directory SELinux requirement
+  ansible.builtin.set_fact:
+    selinux_container_paths: "{{ trilium_base_directories }}"
+
+- import_role:
+    name: selinux_containers
+    tasks_from: labels
+
+- name: Deploy Trilium Quadlet
+  template:
+    src: trilium.container.j2
+    dest: "{{ container_config_dir }}/trilium.container"
+    owner: "{{ container_user }}"
+    group: "{{ container_group }}"
+    mode: "0644"
+
+- name: Force systemd reload
+  become: true
+  become_user: "{{ container_user }}"
+  environment:
+    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
+  command: systemctl --user daemon-reload
+
+- name: Wait for quadlet generation
+  pause:
+    seconds: 1
+
+- name: Start and enable Trilium service
+  become: true
+  become_user: "{{ container_user }}"
+  environment:
+    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
+  systemd:
+    name: trilium.service
+    scope: user
+    state: started
+    enabled: true
\ No newline at end of file
diff --git a/roles/trilium/templates/trilium.container.j2 b/roles/trilium/templates/trilium.container.j2
new file mode 100644
index 0000000..02af78f
--- /dev/null
+++ b/roles/trilium/templates/trilium.container.j2
@@ -0,0 +1,19 @@
+[Unit]
+Description=Trilium Notes
+After=network-online.target homelab-network.service
+Requires=homelab-network.service
+
+[Container]
+ContainerName=trilium
+Image=docker.io/triliumnext/notes:latest
+Volume={{ trilium_data_dir }}:/home/node/trilium-data:Z
+Network=homelab.network
+NetworkAlias=trilium
+IP={{ trilium_ip }}
+Environment=TZ={{ timezone }}
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target
\ No newline at end of file