playbook.yml

@@ -34,6 +34,7 @@
     - firewall_base
     - container_runtime
     - adguard
+    - trilium
     - caddy
   
 - name: Workstation Setup

roles/adguard/tasks/main.yml

@@ -34,6 +34,7 @@
     src: AdGuardHome.yaml.j2
     dest: "{{ stack_root }}/adguard/conf/AdGuardHome.yaml"
     mode: '0600'
+    force: "{{ adguard_overwrite_config | default(false) | bool }}"
 
 - name: Deploy AdGuard Quadlet
   template:

roles/caddy/templates/Caddyfile.j2

@@ -1,7 +1,7 @@
 # Adguard
 {{ adguard_domain }} {
     tls internal
-    reverse_proxy {{ adguad_upstream }}
+    reverse_proxy {{ adguard_upstream }}
 }
 
 # QBittorrent
@@ -33,3 +33,9 @@
     tls internal
     reverse_proxy {{ bazarr_upstream }}
 }
+
+#Trilium
+{{ trilium_domain }} {
+    tls internal
+    reverse_proxy {{ trilium_upstream }}
+}

roles/caddy/templates/caddy.container.j2

@@ -8,7 +8,7 @@ After=homelab-network.service
 [Container]
 Image=docker.io/caddy:latest
 ContainerName=caddy
-Network=homelab
+Network=homelab.network
 
 Volume={{ caddy_dir }}/Caddyfile:/etc/caddy/Caddyfile
 Volume={{ caddy_dir }}/data:/data

roles/trilium/tasks/firewall.yml

@@ -0,0 +1,9 @@
+---
+# trilium/tasks/firewall.yml
+- name: Open Trilium firewall ports
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: true
+    state: enabled
+    immediate: true
+  loop: "{{ trilium_firewall_rules }}"

roles/trilium/tasks/main.yml

@@ -0,0 +1,51 @@
+---
+# trilium/tasks/main.yml
+- import_tasks: firewall.yml
+
+- name: Create stack and config directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ container_user }}"
+    group: "{{ container_group }}"
+    mode: "0755"
+    recurse: yes
+  loop: "{{ trilium_base_directories }}"
+
+- name: Directory SELinux requirement
+  ansible.builtin.set_fact:
+    selinux_container_paths: "{{ trilium_base_directories }}"
+
+- import_role:
+    name: selinux_containers
+    tasks_from: labels
+
+- name: Deploy Trilium Quadlet
+  template:
+    src: trilium.container.j2
+    dest: "{{ container_config_dir }}/trilium.container"
+    owner: "{{ container_user }}"
+    group: "{{ container_group }}"
+    mode: "0644"
+
+- name: Force systemd reload
+  become: true
+  become_user: "{{ container_user }}"
+  environment:
+    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
+  command: systemctl --user daemon-reload
+
+- name: Wait for quadlet generation
+  pause:
+    seconds: 1
+
+- name: Start and enable Trilium service
+  become: true
+  become_user: "{{ container_user }}"
+  environment:
+    XDG_RUNTIME_DIR: "{{ container_runtime_dir }}"
+  systemd:
+    name: trilium.service
+    scope: user
+    state: started
+    enabled: true

roles/trilium/templates/trilium.container.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=Trilium Notes
+After=network-online.target homelab-network.service
+Requires=homelab-network.service
+
+[Container]
+ContainerName=trilium
+Image=docker.io/triliumnext/notes:latest
+Volume={{ trilium_data_dir }}:/home/node/trilium-data:Z
+Network=homelab.network
+NetworkAlias=trilium
+IP={{ trilium_ip }}
+Environment=TZ={{ timezone }}
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target