Merge branch 'master' into 531-minecraft-server

2025-01-26 10:15:14 +00:00 · 2022-06-20 08:02:56 -06:00 · 2022-06-20 08:02:56 -06:00 · c4c9167597
commit c4c9167597
parent 86723eb845 c1d15b069c
30 changed files with 333 additions and 72 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2017-2021 David Stephens
+Copyright (c) 2017-2022 David Stephens

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -28,6 +28,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Duplicacy](https://duplicacy.com/) - A web UI for the Duplicacy cloud backup program, which provides lock-free deduplication backups to multiple providers
 * [Duplicati](https://www.duplicati.com/) - for backing up your stuff
 * [Emby](https://emby.media/) - Media streaming and management
+* [ESPHome](https://esphome.io/) - ESP8266/ESP32 programming and management for home automation
 * [Firefly III](https://firefly-iii.org/) - Free and open source personal finance manager
 * [Fresh RSS](https://freshrss.org/) - Self-hosted RSS feed aggregator like Leed or Kriss Feed
 * [get_iplayer](https://github.com/get-iplayer/get_iplayer) - download programmes from BBC iplayer
@ -70,9 +71,9 @@ If you have a spare domain name you can configure applications to be accessible
 * [pyLoad](https://pyload.net/) - A download manager with a friendly web-interface
 * [PyTivo](http://pytivo.org) - An HMO and GoBack server for TiVos.
 * [Radarr](https://radarr.video/) - for organising and downloading movies
+* [Route53 DDNS](https://crazymax.dev/ddns-route53/) - Automatically update AWS Route53 with your IP address
 * [RSS-Bridge](https://rss-bridge.github.io/rss-bridge/) - The RSS feed for websites missing it
 * [Sabnzbd](https://sabnzbd.org/) - A powerful usenet downloader that FreeNAS provides
-* [Serposcope](https://serposcope.serphacker.com/en/) - tracker to monitor website ranking
 * [Sickchill](https://sickchill.github.io/) - for managing TV episodes
 * [Sonarr](https://sonarr.tv/) - for downloading and managing TV episodes
 * [Speedtest-Tracker](https://github.com/henrywhitaker3/Speedtest-Tracker) - Continuously track your internet speed
@ -80,6 +81,7 @@ If you have a spare domain name you can configure applications to be accessible
 * [Tautulli](http://tautulli.com/) - Monitor Your Plex Media Server
 * [Telegraf](https://github.com/influxdata/telegraf) - Metrics collection agent
 * [The Lounge](https://thelounge.chat) - Web based always-on IRC client
+* [TiddlyWiki](https://tiddlywiki.com) - A unique non-linear notebook/wiki for capturing, organizing, and sharing complex information
 * [TimeMachine](https://github.com/awlx/samba-timemachine) - Samba-based mac backup server
 * [Traefik](https://traefik.io/) - Web proxy and SSL certificate manager
 * [Transmission](https://transmissionbt.com/) - BitTorrent client (with OpenVPN if you have a supported VPN provider)
--- a/docs/applications/cloudflare_ddns.md
+++ b/docs/applications/cloudflare_ddns.md
@ -10,8 +10,10 @@ host A record to point to your static IP, or enable this container to automatica

 Set `cloudflare_ddns_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.

+Set `cloudflare_token` to the one you grab from the Cloudflare UI (more below).
+
 ## Specific Configuration

-Make sure you set your domain (if different than the ansible-nas default) and access token details within your `inventories/<your_inventory>/nas.yml` file. If you need to create an API token, see https://joshuaavalon.github.io/docker-cloudflare/guide/cloudflare.html#authentication for instructions.
+Make sure you set your domain (if different than the ansible-nas default) and access token details within your `inventories/<your_inventory>/nas.yml` file. If you need to create an API token, see https://github.com/joshuaavalon/docker-cloudflare/#api-token for instructions.

 Cloudflare has deprecated global API key authentication. If you have an older ansible-nas configuration using a global API key, you can upgrade to the API token-based authentication by removing the `cloudflare_api_key` variable from your local `nas.yml` configuration file and setting the `cloudflare_token` variable appropriately.
--- a/docs/applications/esphome.md
+++ b/docs/applications/esphome.md
@ -0,0 +1,13 @@
+# EspHome
+
+Homepage: [esphome.io](https://esphome.io/)
+
+ESPHome is a system to control your ESP8266/ESP32 by simple yet powerful configuration files and control them remotely through Home Automation systems. 
+
+## Usage
+
+Set `esphome_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+You can make esphome externally available, but the program has no security so this is strongly not advised. 
+
+The EspHome web interface can be found at http://ansible_nas_host_or_ip:6052.
--- a/docs/applications/heimdall.md
+++ b/docs/applications/heimdall.md
@ -3,10 +3,14 @@

 Homepage: [https://heimdall.site/](https://heimdall.site/)

-Heimdall Application Dashboard is a dashboard for all your web applications. It doesn't need to be limited to applications though, you can add links to anything you like. There are no iframes here, no apps within apps, no abstraction of APIs. if you think something should work a certain way, it probably does.
+Heimdall Application Dashboard is a dashboard for all your web applications. It doesn't need to be limited to applications though, you can add links to anything you like. 

 ## Usage

 Set `heimdall_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.

 The Heimdall web interface can be found at http://ansible_nas_host_or_ip:10080.
+
+## Specific Configuration
+
+Heimdall defaults to port 10080 - some browsers block this port. Override `heimdall_port_http` to move it somewhere else.
--- a/docs/applications/paperless_ng.md
+++ b/docs/applications/paperless_ng.md
@ -8,7 +8,7 @@ Paperless-ng is a fork of the original project, adding a new interface and many

 ## Usage

-Set `paperless_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+Set `paperless_ng_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.

 The paperless-ng web interface can be found at http://ansible_nas_host_or_ip:16922.

--- a/docs/applications/route53_ddns.md
+++ b/docs/applications/route53_ddns.md
@ -0,0 +1,34 @@
+# AWS Route53 Dynamic DNS Updater
+
+ddns-route53: [https://crazymax.dev/ddns-route53/](https://crazymax.dev/ddns-route53/)
+
+AWS Route53: [https://aws.amazon.com/route53/](https://aws.amazon.com/route53/)
+
+If you want your Ansible-NAS accessible externally then you need a domain name. You will also need to set a wildcard host `A` record to point to your static IP, or enable this container to automatically update AWS Route53 with your dynamic IP address.
+
+## Usage
+
+Set `route53_ddns_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+Set required AWS access credentials from the AWS Console. (See below.)
+
+## Specific Configuration
+
+Make sure you set your domain (if different than the `ansible-nas` default) and access details within your `inventories/<your_inventory>/nas.yml` file.
+
+To set up Route53 to work with the service, please review the [Prerequisites](https://crazymax.dev/ddns-route53/usage/prerequisites/) page. In short, you will need to set up a Route53 [Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html), an [IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html), and an [IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) with API credentials.
+
+### AWS Access Credentials
+
+| Parameter          | Description       | Status    |
+|--------------------|-------------------|-----------|
+| route53_key_id     | AWS access key ID | mandatory |
+| route53_secret_key | AWS secret key    | mandatory |
+
+### Networking
+
+| Parameter              | Description                    | Status    |
+|------------------------|--------------------------------|-----------|
+| route53_hosted_zone_id | Route53 hosted zone ID         | mandatory |
+| route53_ttl            | Time-to-live for the DNS entry |           |
+| route53_host           | Wildcard domain to update      |           |
--- a/docs/applications/tiddlywiki.md
+++ b/docs/applications/tiddlywiki.md
@ -0,0 +1,34 @@
+# TiddlyWiki
+
+Homepage: [https://www.tiddlywiki.com/](https://www.tiddlywiki.com/)
+
+TiddlyWiki is a unique non-linear notebook for capturing, organizing, and sharing complex information. Use it to keep your to-do list, to plan an essay or novel, or to organise your wedding. Record every thought that crosses your brain, or build a flexible and responsive website. Unlike conventional online services, TiddlyWiki lets you choose where to keep your data, guaranteeing that in the decades to come you will still be able to use the notes you take today.
+
+## Usage
+
+Set `tiddlywiki_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+If you want to access TiddlyWiki externally, set `tiddlywiki_available_externally: "true"` in your `inventories/<your_inventory>/nas.yml` file.
+
+The TiddlyWiki web interface can be found at http://ansible_nas_host_or_ip:8092.
+
+## Specific Configuration
+
+The TiddlyWiki role has several configuration parameters. All parameters are optional.
+
+### Data and Networking
+
+| Parameter                 | Description                   |
+|---------------------------|-------------------------------|
+| tiddlywiki_data_directory | Host location to store data   |
+| tiddlywiki_port           | Host port for internal access |
+| tiddlywiki_hostname       | Subdomain for external access |
+
+### Server Configuration
+
+| Parameter              | Description              |
+|------------------------|--------------------------|
+| tiddlywiki_username    | Basic Auth username      |
+| tiddlywiki_password    | Basic Auth password      |
+| tiddlywiki_node_memory | NodeJS memory allocation |
+| tiddlywiki_debug_level | Service debugging        |
--- a/docs/configuration/application_ports.md
+++ b/docs/configuration/application_ports.md
@ -23,6 +23,7 @@ By default, applications can be found on the ports listed below.
 | Emby             | 8096    | Bridge  | HTTP           |
 | Emby             | 8096    | Bridge  | HTTP           |
 | Emby             | 8920    | Bridge  | HTTPS          |
+| EspHome          | 6052    | Bridge  | HTTP           |
 | Firefly III      | 8066    | Bridge  | HTTP           |
 | Fresh RSS        | 8089    | Bridge  | HTTP           |
 | get_iplayer      | 8182    | Bridge  | HTTP           |
@ -86,6 +87,7 @@ By default, applications can be found on the ports listed below.
 | Syncthing P2P    | 22000   | Host    |                |
 | Tautulli         | 8185    | Bridge  | HTTP           |
 | The Lounge       | 9000    | Bridge  | HTTP           |
+| TiddlyWiki       | 8092    | Bridge  | HTTP           |
 | Time Machine     | 10445   | Bridge  | SMB            |
 | Traefik          | 8083    | Host    | HTTP Admin     |
 | Transmission     | 9091    | Bridge  | HTTP w/VPN     |
--- a/docs/configuration/external_access.md
+++ b/docs/configuration/external_access.md
@ -23,8 +23,7 @@ Simply set `traefik_enabled: true` in your `all.yml`. By default it listens on p

 Set `ansible_nas_domain` to the domain name you want to use for your Ansible-NAS. You'll need somewhere to host the DNS for that domain - Cloudflare is a good free solution. Once you have an account and Cloudflare is hosting the DNS for your domain, create a wildcard DNS entry (`*.myawesomedomain.com`) and set it to your current IP address.

-You then need to enable the Cloudflare Dynamic DNS container (`cloudflare_ddns_enabled: true`) so the wildcard DNS entry for your
-domain name is updated if/when your ISP issues you a new IP address.
+You then need to enable and configure the Cloudflare Dynamic DNS container (`cloudflare_ddns_enabled: true`) so the wildcard DNS entry for your domain name is updated if/when your ISP issues you a new IP address.

 ## Router Configuration

@ -34,4 +33,4 @@ How to do this is entirely dependent on your router (and out of scope of these d

 ## Enable Specific Applications

-Every application has a `<application_name>_available_externally` setting in the Advanced Settings section of `all.yml`. Setting this to `true` will configure Traefik to route `<application>.yourdomain.com` to the application, making it available externally.
+Every application has a `<application_name>_available_externally` setting in its `defaults/main.yml`. Setting this to `true` (by overriding it in your nas.yml) will configure Traefik to route `<application>.yourdomain.com` to the application, making it available externally.
--- a/docs/index.md
+++ b/docs/index.md
@ -4,22 +4,6 @@ After getting burned by broken FreeNAS updates one too many times, I figured I
 could do a much better job myself using just a stock Ubuntu install, some clever
 Ansible config and a bunch of Docker containers. Ansible-NAS was born!

-## Features
-
-* An awesome dashboard to your home server (Heimdall)
-* Any number of Samba shares for you to store your stuff
-* A BitTorrent client
-* Various media management tools - Sonarr, Sickchill, CouchPotato, Radarr
-* Media streaming via Plex, Emby or MiniDLNA
-* Music streaming with Airsonic
-* A Dropbox replacement via Nextcloud
-* Various ways to see stats about your NAS - Glances, dashboards in Grafana
-* A backup tool - allows scheduled backups to Amazon S3, OneDrive, Dropbox etc
-* An IRC bouncer
-* Source control with Gitea
-* SSL secured external access to some applications via Traefik
-* A Docker host with Portainer management - run anything that's shipped as a Docker container
-
 ## Getting Started

 Head to [installation](installation.md) if you're ready to roll, or to
--- a/docs/installation.md
+++ b/docs/installation.md
@ -3,7 +3,17 @@ does. Run it against a VM and make sure you're happy. ***Do not*** blindly
 download code from the internet and trust that it's going to work as you expect.
 :skull: :skull: :skull:

-You can run Ansible-NAS from the computer you plan to use for your NAS, or from a remote controlling machine. The steps for deployment are exactly the same, just pay attention to editing the inventory file in step 7.
+## Read This First...
+
+Calling this page "installation" is a bit of a misnomer. Ansible-NAS isn't *installed* per-se, it is a bunch of automation that installs other software onto your server. Ansible-NAS relies heavily on Ansible's [variable prescedence](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) to do its job. Ansible-NAS
+defines its installable software with roles with (mostly) sane defaults, these can then be enabled and the settings overridden in your inventory `nas.yml` file.
+
+A basic level of understanding of Ansible is required, or you're going to have a confusing time setting up your NAS. If you're willing to learn then great, but please don't raise issues because this is the first time you've looked at Ansible and you don't understand 
+why it's doing what it's doing. I'd love to teach the world Ansible...but I have a day job.
+
+## Running Ansible-NAS
+
+You can run Ansible-NAS from the computer you plan to use for your NAS, or from a remote controlling machine. The steps for deployment are exactly the same, just pay attention to editing the inventory file in step 6.

 1. Enable the Ubuntu Universe repository:

--- a/docs/post_installation.md
+++ b/docs/post_installation.md
@ -1,29 +1,14 @@
-So you've installed Ansible-NAS. Now what?
+# Now what?

-The first thing to do is to configure [Heimdall](https://heimdall.site/) as the
-dashboard of your new NAS, because most of the applications included come with a
-web interface. Heimdall lets you create "apps" for them which appear as little
-icons on the screen.
+## Enabling More Applications

-To add applications to Heimdall, you'll need the IP address of your NAS.  If you
-don't know it for some reason, you will have to look up using the console with
-`ip a`. The entry "link/ether", usually the second one after the loopback
-device, will show the address. Another alternative is to make sure
-[Avahi](https://www.avahi.org/) is installed for zero-configuration networking
-(mDNS). This will allow you to `ssh` into your NAS and with the extension
-`.local` to your machines name, such as `ssh tardis.local`. Then you can use the
-`ip a` command again.
+Look through the `roles` directory in the Ansible-NAS source code for applications to enable.

-Next, you need the application's port, which you can look up in the [list of
-ports](configuration/application_ports.md). You can test the combination of address and port
-in your browser by typing them joined by a colon. For instance, for Glances on a
-machine with the IPv4 address 192.168.1.2, the full address would be
-`http://192.168.1.2:61208`. Once you are sure it works, use this address and 
-port combination when creating the Heimdall icon.
+If you see something you like, read its docs to find out what variable you need to set in your inventory `nas.yml`, and set it to true. 
+
+Run the playbook again, and you're done.
+
+## Configure Heimdall
+
+[Heimdall](https://heimdall.site/) is configured out of the box to give you a dashboard that pulls together all the applications you install with Ansible-NAS.

-[Glances](https://nicolargo.github.io/glances/) and
-[Portainer](https://www.portainer.io/) are probably the two applications you
-want to add to Heimdall first, so you can see what is happening on the NAS.
-Note that Portainer will ask for your admin password. After that, it depends on
-what you have installed - see the listing for individual applications for more
-information.
--- a/files/mosquitto/mosquitto.conf
+++ b/files/mosquitto/mosquitto.conf
@ -1,4 +1,3 @@
 persistence true
 persistence_location /mosquitto/data/
 log_dest file /mosquitto/log/mosquitto.log
-
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -290,14 +290,6 @@ wallabag_available_externally: "false"
 wallabag_data_directory: "{{ docker_home }}/wallabag"
 wallabag_port: "7780"

-###
-### Mosquitto
-###
-mosquitto_available_externally: "false"
-mosquitto_data_directory: "{{ docker_home }}/mosquitto"
-mosquitto_port_a: "1883"
-mosquitto_port_b: "9001"
-
 ###
 ### Calibre-web
 ###
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -22,7 +22,7 @@ repo_name: 'davestephens/ansible-nas'
 repo_url: 'https://github.com/davestephens/ansible-nas'

 # Copyright
-copyright: 'Copyright &copy; 2017 - 2020 David Stephens'
+copyright: 'Copyright &copy; 2017 - 2022 David Stephens'

 # Customization
 extra:
--- a/nas.yml
+++ b/nas.yml
@ -108,6 +108,11 @@
        - emby
      when: (emby_enabled | default(False))

+    - role: esphome
+      tags:
+        - esphome
+      when: (esphome_enabled | default(False))
+
    - role: firefly
      tags:
        - firefly
@ -183,6 +188,11 @@
        - miniflux
      when: (miniflux_enabled | default(False))

+    - role: mosquitto
+      tags:
+        - mosquitto
+      when: (mosquitto_enabled | default(False))
+
    - role: mylar
      tags:
        - mylar
@ -278,6 +288,11 @@
        - sabnzbd
      when: (sabnzbd_enabled | default(False))

+    - role: route53_ddns
+      tags:
+        - route53_ddns
+      when: (route53_ddns_enabled | default(False))
+
    - role: rssbridge
      tags:
        - rssbridge
@ -308,6 +323,11 @@
        - tautulli
      when: (tautulli_enabled | default(False))

+    - role: tiddlywiki
+      tags:
+        - tiddlywiki
+      when: (tiddlywiki_enabled | default(False))
+
    - role: transmission
      tags:
        - transmission
@ -364,10 +384,6 @@
      when: (wallabag_enabled | default(False))
      tags: wallabag

-    - import_tasks: tasks/mosquitto.yml
-      when: (mosquitto_enabled | default(False))
-      tags: mosquitto
-
    - import_tasks: tasks/calibre.yml
      when: (calibre_enabled | default(False))
      tags: calibre
--- a/roles/esphome/defaults/main.yml
+++ b/roles/esphome/defaults/main.yml
@ -0,0 +1,17 @@
+---
+esphome_enabled: false
+esphome_available_externally: "false"
+
+# directories
+esphome_data_directory: "{{ docker_home }}/esphome"
+
+# uid / gid
+esphome_user_id: "1000"
+esphome_group_id: "1000"
+
+# network
+esphome_hostname: "esphome"
+esphome_port: "6052"
+
+# specs
+esphome_memory: 1g
--- a/roles/esphome/tasks/main.yml
+++ b/roles/esphome/tasks/main.yml
@ -0,0 +1,31 @@
+---
+- name: Create EspHome Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ esphome_data_directory }}/data"
+
+- name: EspHome Docker Container
+  docker_container:
+    name: esphome
+    image: esphome/esphome:latest
+    pull: true
+    volumes:
+      - "{{ esphome_data_directory }}:/config:rw"
+      - "/etc/localtime:/etc/localtime:ro"
+    ports:
+      - "{{ esphome_port }}:6052"
+    env:
+      TZ: "{{ ansible_nas_timezone }}"
+      PUID: "{{ esphome_user_id }}"
+      PGID: "{{ esphome_group_id }}"
+    restart_policy: unless-stopped
+    memory: "{{ esphome_memory }}"
+    labels:
+      traefik.enable: "{{ esphome_available_externally }}"
+      traefik.http.routers.esphome.rule: "Host(`{{ esphome_hostname }}.{{ ansible_nas_domain }}`)"
+      traefik.http.routers.esphome.tls.certresolver: "letsencrypt"
+      traefik.http.routers.esphome.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.esphome.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.services.esphome.loadbalancer.server.port: "80"
--- a/roles/mosquitto/defaults/main.yml
+++ b/roles/mosquitto/defaults/main.yml
@ -0,0 +1,16 @@
+---
+mosquitto_enabled: false
+
+# directories
+mosquitto_data_directory: "{{ docker_home }}/mosquitto"
+
+# uid / gid
+mosquitto_user_id: "0"
+mosquitto_group_id: "0"
+
+# network
+mosquitto_port_a: "1883"
+mosquitto_port_b: "9001"
+
+# specs
+mosquitto_memory: 1g
--- a/roles/mosquitto/files/mosquitto.conf
+++ b/roles/mosquitto/files/mosquitto.conf
@ -0,0 +1,7 @@
+persistence true
+persistence_location /mosquitto/data/
+log_dest file /mosquitto/log/mosquitto.log
+log_dest stdout
+listener 1883 0.0.0.0
+allow_anonymous true
+
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@ -3,7 +3,6 @@
  file:
    path: "{{ item }}"
    state: directory
-    mode: 0777
  with_items:
    - "{{ mosquitto_data_directory }}/config"
    - "{{ mosquitto_data_directory }}/data"
@ -11,8 +10,9 @@

 - name: Template mosquitto.conf
  copy:
-    src: mosquitto/mosquitto.conf
+    src: mosquitto.conf
    dest: "{{ mosquitto_data_directory }}/config/mosquitto.conf"
+  register: mosquitto_conf

 - name: Create Mosquitto container
  docker_container:
@ -27,4 +27,5 @@
      - "{{ mosquitto_port_a }}:1883"
      - "{{ mosquitto_port_b }}:9001"
    restart_policy: unless-stopped
+    restart: "{{ mosquitto_conf is changed }}"
    memory: 1g
--- a/roles/route53_ddns/defaults/main.yml
+++ b/roles/route53_ddns/defaults/main.yml
@ -0,0 +1,22 @@
+---
+
+route53_ddns_enabled: false
+
+# Data directory for config file
+route53_data_directory: "{{ docker_home }}/route53_ddns"
+
+# AWS access credentials
+route53_key_id: "{{ mandatory }}"
+route53_secret_key: "{{ mandatory }}"
+
+# Managed DNS zone ID
+route53_hosted_zone_id: "{{ mandatory }}"
+
+# The hostname to update
+route53_host: "*.{{ ansible_nas_domain }}"
+
+# The Time-To-Live for the DNS entry
+route53_ttl: 600
+
+# Container
+route53_memory: 512MB
--- a/roles/route53_ddns/tasks/main.yml
+++ b/roles/route53_ddns/tasks/main.yml
@ -0,0 +1,23 @@
+---
+
+- name: Create AWS Route53 Dynamic DNS Directories
+  file:
+    path: "{{ route53_data_directory }}"
+    state: directory
+
+- name: Generate AWS Route53 Dynamic DNS config file
+  template:
+    src: config.yml
+    dest: "{{ route53_data_directory }}/ddns-route53.yml"
+  register: template_config
+
+- name: AWS Route53 Dynamic DNS Container
+  docker_container:
+    name: route53-ddns
+    image: crazymax/ddns-route53:latest
+    pull: true
+    volumes:
+      - "{{ route53_data_directory }}/ddns-route53.yml:/etc/ddns-route53/ddns-route53.yml"
+    restart_policy: unless-stopped
+    memory: "{{ route53_memory }}"
+    recreate: "{{ template_config is changed }}"
--- a/roles/route53_ddns/templates/config.yml
+++ b/roles/route53_ddns/templates/config.yml
@ -0,0 +1,12 @@
+---
+
+credentials:
+  accessKeyId: "{{ route53_key_id }}"
+  secretAccessKey: "{{ route53_secret_key }}"
+
+route53:
+  hostedZoneID: "{{ route53_hosted_zone_id }}"
+  recordsSet:
+    - name: "{{ route53_host }}."
+      type: "A"
+      ttl: "{{ route53_ttl }}"
--- a/roles/sabnzbd/tasks/main.yml
+++ b/roles/sabnzbd/tasks/main.yml
@ -23,7 +23,9 @@
      PGID: "{{ sabnzbd_group_id }}"
    restart_policy: unless-stopped
    labels:
-      traefik.backend: "sabnzbd"
-      traefik.frontend.rule: "Host:sabnzbd.{{ ansible_nas_domain }}"
      traefik.enable: "{{ sabnzbd_available_externally }}"
-      traefik.port: "8080"
+      traefik.http.routers.sabnzbd.rule: "Host(`{{ sabnzbd_hostname }}.{{ ansible_nas_domain }}`)"
+      traefik.http.routers.sabnzbd.tls.certresolver: "letsencrypt"
+      traefik.http.routers.sabnzbd.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.sabnzbd.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.services.sabnzbd.loadbalancer.server.port: "8080"
--- a/roles/tiddlywiki/defaults/main.yml
+++ b/roles/tiddlywiki/defaults/main.yml
@ -0,0 +1,24 @@
+---
+
+tiddlywiki_enabled: false
+tiddlywiki_available_externally: "false"
+
+# Data directory for config file
+tiddlywiki_data_directory: "{{ docker_home }}/tiddlywiki"
+
+# Basic auth
+# tiddlywiki_username:
+# tiddlywiki_password:
+
+# Node low memory
+# tiddlywiki_node_memory:
+
+# Server debugging
+# tiddlywiki_debug_level: none # full
+
+# Networking
+tiddlywiki_port: 8092
+tiddlywiki_hostname: tiddlywiki
+
+# Container
+tiddlywiki_memory: 512MB
--- a/roles/tiddlywiki/tasks/main.yml
+++ b/roles/tiddlywiki/tasks/main.yml
@ -0,0 +1,30 @@
+---
+
+- name: Create Tiddlywiki Directory
+  file:
+    path: "{{ tiddlywiki_data_directory }}"
+    state: directory
+
+- name: Create Tiddlywiki Container
+  docker_container:
+    name: tiddlywiki
+    image: wmudge/tiddlywiki:latest
+    ports:
+      - "{{ tiddlywiki_port }}:8080"
+    volumes:
+      - "{{ tiddlywiki_data_directory }}:/var/lib/tiddlywiki"
+    env:
+      NODE_MEM: "{{ tiddlywiki_node_memory | default(omit) }}"
+      USERNAME: "{{ tiddlywiki_username | default(omit) }}"
+      PASSWORD: "{{ tiddlywiki_password | default(omit) }}"
+      DEBUG: "{{ tiddlywiki_debug_level | default(omit) }}"
+    pull: true
+    restart_policy: unless-stopped
+    memory: "{{ tiddlywiki_memory }}"
+    labels:
+      traefik.enable: "{{ tiddlywiki_available_externally }}"
+      traefik.http.routers.tiddlywiki.rule: "Host(`{{ tiddlywiki_hostname }}.{{ ansible_nas_domain }}`)"
+      traefik.http.routers.tiddlywiki.tls.certresolver: "letsencrypt"
+      traefik.http.routers.tiddlywiki.tls.domains[0].main: "{{ ansible_nas_domain }}"
+      traefik.http.routers.tiddlywiki.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
+      traefik.http.services.tiddlywiki.loadbalancer.server.port: "8080"
--- a/roles/traefik/defaults/main.yml
+++ b/roles/traefik/defaults/main.yml
@ -14,7 +14,7 @@ traefik_port_http: "80"
 traefik_port_https: "443"
 traefik_port_ui: "8083"

-traefik_docker_image: traefik:v2.4
+traefik_docker_image: traefik:latest
 traefik_log_level: "INFO"

 # find the relevant name and environment variables for your DNS provider at https://go-acme.github.io/lego/dns/
--- a/tasks/ubooquity.yml
+++ b/tasks/ubooquity.yml
@ -18,8 +18,8 @@
      - "{{ books_root }}:/books"
    env:
      TZ: "{{ ansible_nas_timezone }}"
-      PUID: "{{ ubooquity_user_id|quote }}"
-      PGID: "{{ ubooquity_group_id|quote }}"
+      PUID: "{{ ubooquity_user_id }}"
+      PGID: "{{ ubooquity_group_id }}"
      MAXMEM: "1024"
    ports:
      - "{{ ubooquity_port_webui }}:2202"