From 4eeaf483bcf0b56fd3e14c8ee2a9bd164d035def Mon Sep 17 00:00:00 2001
From: Marcel Arndt <marcel.arndt@hotmail.de>
Date: Wed, 7 Jan 2026 15:06:18 +0100
Subject: [PATCH] add platform application fizzy

---
 iac/ansible/group_vars/all/secrets.yml        | 131 ++++++++++--------
 .../authentik/templates/docker-compose.yml.j2 |   6 +-
 iac/ansible/roles/authentik/vars/main.yml     |   2 -
 iac/ansible/roles/fizzy/defaults/main.yml     |   6 +
 iac/ansible/roles/fizzy/tasks/main.yml        |  42 ++++++
 .../fizzy/templates/docker-compose.yml.j2     |  32 +++++
 iac/ansible/roles/fizzy/vars/main.yml         |   3 +
 7 files changed, 159 insertions(+), 63 deletions(-)
 create mode 100644 iac/ansible/roles/fizzy/defaults/main.yml
 create mode 100644 iac/ansible/roles/fizzy/tasks/main.yml
 create mode 100644 iac/ansible/roles/fizzy/templates/docker-compose.yml.j2
 create mode 100644 iac/ansible/roles/fizzy/vars/main.yml

diff --git a/iac/ansible/group_vars/all/secrets.yml b/iac/ansible/group_vars/all/secrets.yml
index f940b11..4e7aa93 100644
--- a/iac/ansible/group_vars/all/secrets.yml
+++ b/iac/ansible/group_vars/all/secrets.yml
@@ -1,59 +1,74 @@
 $ANSIBLE_VAULT;1.1;AES256
-34613362353964313436306439386661613364663666653265313937343239633365663836653030
-6262386661666364383961336461316139333262623034340a643434316632336132613264646437
-36376365613061353866383135353432303433353931633063313566613166303064316666613132
-3733623536643935370a656431646435626265666265666230356162656363663838636662313466
-61336237306332643032653766313036636163336431613236663864636438363832383231323362
-62666463336639303766356331353635323031636465616235663738333761653934346663386636
-63623361363164663663313966653939643462353638613464396466613931363662623763326535
-34376237353663656636363866373466346434666339646131396439653261373738636665613435
-65356330303863303236373933333163633964633061393136646632386137346434353365343763
-30343937656166303962653030366566616331666262343336343138623566353832313836643435
-62636333346235316562303061656166383135633464623734626336623565346336626134333933
-35363363376663333061663164623539363731613263376163306436636265336562396439356137
-30663431373131303437393166396539306133636264653733303762316363386438643536306338
-32303139303363316264393939326561393730396664343361393863303736343933636265633439
-65633765666362396439643863653531363366383866373939616333353430633530343262366138
-31663863663165653932653733623761613265383039336633383832393761666337336165613933
-63383934366662353038626539633132313939376231643133363739303235326433353733363437
-35626233613936626532326262646166363739666162353237323237383132333134343439336134
-33613462393237626432386462373439303439356666336630363536366233346438313039346530
-33393232333633663731393466653439623638316565346530306439326431323436356166633334
-66383034643834613133333265646338303463393035393266653832366434313636633730636436
-38353337633437656262623061666563646637626363353561323231376237623264373861376666
-66363265633638356133353933613664353934373634613662326437336562663766306364303538
-35623130616265623838353838396235386661666132623163383162373665313462663738303933
-63363764653561616162386139646130393439373066666437623236383238396233653165623032
-34316439376331356539626464313462616238623166623761626435303565653233386236656262
-62613935336661623862323833353265366533643830373634663266666332333463303666343366
-39653332346433306566316430656361363230343761613263393230366362363132663565636264
-65313633653464663963373561373532636235353331353237623635613034613337343730656632
-31656165666134333864353730363163623365393030333932393565666235643639303662663532
-38343734393135643039633664653966313536616533656635373535636434396333313536623536
-39623132326362656166366566373163386363336231633233353639313166333932656133363365
-66666665346331613638656562396463386637356539366539343232353061666531353166396536
-39623762633064323332653831643832303332396431633738396266633935656132323164613161
-61353663383532613763356630373063383161376165333736316466353231656534366636313636
-37616636383163616136643630363535346137636636633432643337393865393063626663333164
-36656537343231386333323637386539386364356266376433616636313239376666353066306363
-39376461323062393935613630656230346131373634363633393035346263663762623063356633
-36646664623230303761373138333164303363373365386266386138653764623030623630333631
-66363866633064656532336137613964653431663436333761666631656339646161636435343065
-37646164653937633962386631373236653064346438323664383933643738656536356562626532
-34663834363230303164626236393938643037363036613965373330636238633661346335336531
-62663461626365386362393061626266303463663735303539383937363965383234666337386165
-30366564363766623162306666656566353662633866396430396633623266383332303339666663
-38313536666336323366616432336161656434646463373963356331326364333038366337386638
-39396535386331663466323334613533383439343437363631363532313362663564353635343735
-37653063383163316366366335663537653134326564643062653065303337303333643961383837
-39393734326562616165313133643766303934336263326433366436623539633233643761616436
-33356234313538343635343630623337343436346638396539316131623861353630333964633839
-33316565326164386337623730623932313363306436316335336238333430626165663232343463
-36653038633632616335393262656638346434386639383131396233643932323931393264613134
-30336134343464373265636234656561653462356435383138323638613039623839373935326462
-32393430616438356332313766353337383035623137363233323664393833303464313162303833
-65383131313335353832343963636639346162353634306430353638393136623734623833306136
-32396130623065326636633235346630336435663261353866323862666231656261333839373162
-35623835663434356438653533623337363531353634663064303035633839656463656238636132
-66316333356633613130323438376530623634336632323365616239373865623334363635396331
-3263616336653336636666386632316564613331323431363935
+65366634326364306462656137353133306666333735343939333130316430346465653639346365
+3137303862326133616536373537613964663762306537620a313031663639336136396161366334
+34633936366538663132383336383334663366313138303436663563313865383134383364626137
+3332626630376234350a313962363364363566646236333333646566383136666332363639373765
+39376332396661656333303332353463343266663064636461353631616133613835313431626332
+30306137396138313939393238636166643931343136343730656538363630316232653734316165
+30313238323266343664306465666664386563353934663731386235373436313163376236396638
+35663236623638616463663963666664346436633434623565316634326537393438303038636430
+64626531393935323635633631643263373137613337313039363132313762366461353138363734
+66363462623932346132376265636339313032616638353132663539653231663930363734323565
+64306537373437626232646335366637656662323462643237653934376265613632356661323961
+33663638623062303964613063353464656234313661333963386663353264613033386535396136
+61393766626264373261393765376337666266633465356235623035313536383939383966343161
+62323931383634383064626239316136336239333834396632353661393363306334376134303435
+61303432393037356463303331303265613831663434306637633236316535316636323235313466
+32653166393932353464376235666531383636373062383365363732613631663262303530363231
+32343538363161356166343165343461613132336564373532306136373736613237323664343138
+36333631366434303333633830326435623562363734613430653363323365396465353033616532
+39393432616431316265386366376534616237363832386264323536633461623663343436393366
+64663865366165363362393864623934373031326231333735646665346238313164333232613137
+66386461626131323961633130373065656439373836643330613634623039613830623462653062
+37373036623035383135383062363436333432663562393531366132663461623734343535333861
+32303665356135626434366662643731336663623066383733333831346163346537666464316233
+32643565363063343238616139626334643462306565323837323632393135363638326364366334
+63643062383139383231613861376463366531343065663933383530636663663264376233313035
+66323963626136393434303930363431656563353565376237386535616164396232623537366262
+33396534326663333736646165393863613566386566353537616335326239353934343237653361
+64373262663461623434633432333336643462383132643866666563336435393537616332616239
+37616335393166636439383836653830623634323738613238323837666537346466646130623836
+34373061353063626335323561616239616663356566353530363166356162616430353466333431
+30333030383334623638663239616335323535356535376630316264633331343036396135353937
+34353835396239636634626330313361353263396464636432643333663263326230656665323065
+66306233393463666362366330386633346635623464646463313066383236396436666435363161
+31326265656365363733653839626363323938393330383034646634636338373161353335323332
+61353937656333316664336264386133666537326638336335383536306435623566636234306435
+31373836346662363234383862623235346639363235653635313435663630313963343061393462
+66303432623739666164303065333432663935633863643538363335313663663964396462613862
+65336634663733666232336262663039393731333032623761636464643130346464353739656231
+66336239646266656166343738633739616561366565386330326536333433336533396432643434
+64613639333039656339306666303330616136636437613565303662306437656638313665353939
+37353631666162636433356262393738323531323639626630313333313237313530633236333531
+31633135356439666661643339646666396438613735616336383937643035313239386336353264
+36373666666335393665353330623533303338303539613932376361323738633365633830666633
+66313430333565666637306536626530393063383731346162363039643837643761313032313539
+37356530353735353231353432653764663632393061653737316531333634353831626537373261
+31336136363638366636633966636532313330633130313462656139393135393565353637646639
+36656139653230303832393762623466333532656237353537353231666262343732356666343466
+61333539396434316561326331336435313533343136653565333835623363323363306632346465
+61323935626136363034363066343762626565656132316139326263396637373964383636396235
+37633330656462643338373765333532336339663731646461623233396664336562623334373166
+36636531373366663733373932656635346663616662313533353764626139353266373535313932
+65633732373932643531326333333731303837356335393461393066333863626161346431366338
+30323930323836323565356130666233343964656536633766353030376338636339336638343234
+64633939383665353136643938386664356662346466616133626664393761663732353663313266
+34313334373136343534646233633736366333613065623137656132623233363134306335663932
+33633032346365626238326564343832363937323833306662643561303535613632376564636663
+31373639623538633861663563373966363635323638336664353061333266386634373261663361
+31343335663539653837626137346333326561393761333635333137643764383463363039353731
+38323031323434303639353432373939346236326437346137373966326466326531363239393738
+36643438646439353831353064613334376135653036356265393130313566396262373464666463
+39386364303363333030356538343565663865343763343330343761353161633364333239393161
+30343862306239303032656561633565363731373131633130656235666238303961316334353939
+66613530633939613237623635333232613832303366343133623862366637656639663030326365
+38306431353065363038336631306138316333383565613961323039316632656466333534396233
+34346533383061313038373130373163373339623233613437356130643464316531353961643437
+31626336373839316633336239633233343365393737633930383761353733303364663435386639
+37366466323433323830343638356261376363366535336437326338323266306565363537303166
+61643438633837616436386363333865636639383833636561316339326234663033643230643731
+66636664386665663562363263353531333766353137363366333566363461653661623135336665
+38633564343362316639383835663236323734316338653730666532353665626261613134316364
+64323432656436623463633639343562663565396334386365613966343136343337636563343130
+30366564313837316266643931383762643737366535306530643931313565336165383261326437
+35363633666432386337373438366463366430613235303335356334636234616464
diff --git a/iac/ansible/roles/authentik/templates/docker-compose.yml.j2 b/iac/ansible/roles/authentik/templates/docker-compose.yml.j2
index d8c996f..2543390 100644
--- a/iac/ansible/roles/authentik/templates/docker-compose.yml.j2
+++ b/iac/ansible/roles/authentik/templates/docker-compose.yml.j2
@@ -17,7 +17,7 @@ services:
     volumes:
       - /mnt/cephfs/authentik/data/db:/var/lib/postgresql/data
     environment:
-      POSTGRES_PASSWORD: "{{ pg_pass }}"
+      POSTGRES_PASSWORD: "{{ authentik_pg_pass }}"
       POSTGRES_USER: "{{ pg_user | default('authentik') }}"
       POSTGRES_DB: "{{ pg_db | default('authentik') }}"
     networks:
@@ -48,7 +48,7 @@ services:
       AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__USER: "{{ pg_user | default('authentik') }}"
       AUTHENTIK_POSTGRESQL__NAME: "{{ pg_db | default('authentik') }}"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "{{ pg_pass }}"
+      AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_pg_pass }}"
       AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
     volumes:
       - /mnt/cephfs/authentik/data/media:/media
@@ -83,7 +83,7 @@ services:
       AUTHENTIK_POSTGRESQL__HOST: postgresql
       AUTHENTIK_POSTGRESQL__USER: "{{ pg_user | default('authentik') }}"
       AUTHENTIK_POSTGRESQL__NAME: "{{ pg_db | default('authentik') }}"
-      AUTHENTIK_POSTGRESQL__PASSWORD: "{{ pg_pass }}"
+      AUTHENTIK_POSTGRESQL__PASSWORD: "{{ authentik_pg_pass }}"
     # `user: root` and the docker socket volume are optional.
     # See more for the docker socket integration here:
     # https://goauthentik.io/docs/outposts/integrations/docker
diff --git a/iac/ansible/roles/authentik/vars/main.yml b/iac/ansible/roles/authentik/vars/main.yml
index 54bbe93..04c8bcd 100644
--- a/iac/ansible/roles/authentik/vars/main.yml
+++ b/iac/ansible/roles/authentik/vars/main.yml
@@ -1,10 +1,8 @@
 ---
 authentik_image: "ghcr.io/goauthentik/server"
 authentik_tag: "2025.6.3"
-authentik_secret_key: ""
 
 pg_user: "authentik"
-pg_pass: ""
 pg_db: "authentik"
 
 traefik_net: "traefik_public"
diff --git a/iac/ansible/roles/fizzy/defaults/main.yml b/iac/ansible/roles/fizzy/defaults/main.yml
new file mode 100644
index 0000000..37bba74
--- /dev/null
+++ b/iac/ansible/roles/fizzy/defaults/main.yml
@@ -0,0 +1,6 @@
+fizzy_secret_key_base: ""
+
+fizzy_from_address: "system@avicenna.hamburg"
+fizzy_smtp_address: "smtp.postmarkapp.com"
+fizzy_smtp_username: ""
+fizzy_smtp_password: ""
\ No newline at end of file
diff --git a/iac/ansible/roles/fizzy/tasks/main.yml b/iac/ansible/roles/fizzy/tasks/main.yml
new file mode 100644
index 0000000..1f4253f
--- /dev/null
+++ b/iac/ansible/roles/fizzy/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: FIZZY | Ensure data directories
+  ansible.builtin.file:
+    path: '{{ data_dir }}/{{ item.path }}'
+    state: directory
+    owner: 1000
+    group: 1000
+    mode: '0750'
+    recurse: no
+  loop:
+    - { path: 'data' }
+    - { path: 'data/storage'}
+  delegate_to: "{{ groups['managers'][0] }}"
+  run_once: true
+
+# - name: FIZZY | Ensure DB data directories
+#   ansible.builtin.file:
+#     path: "{{ data_dir }}/data/db"
+#     state: directory
+#     # Postgres Alpine nutzt UID 70 (postgres). 
+#     # Bei Debian-Images wäre es 999.
+#     owner: 70 
+#     group: 70
+#     mode: '0700'
+#     recurse: no
+#   delegate_to: "{{ groups['managers'][0] }}"
+
+- name: FIZZY | Generate Compose file
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: '{{ data_dir }}/fizzy.yml'
+    mode: 0644
+  run_once: true
+  delegate_to: "{{ groups['managers'][0] }}"
+
+- name: FIZZY | Deploy stack
+  community.docker.docker_stack:
+    state: present
+    name: fizzy
+    compose:
+      - '{{ data_dir }}/fizzy.yml'
+  delegate_to: "{{ groups['managers'][0] }}"
+  run_once: true
diff --git a/iac/ansible/roles/fizzy/templates/docker-compose.yml.j2 b/iac/ansible/roles/fizzy/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..396e4ef
--- /dev/null
+++ b/iac/ansible/roles/fizzy/templates/docker-compose.yml.j2
@@ -0,0 +1,32 @@
+networks:
+  {{ traefik_public_net }}:
+    external: true
+
+services:
+  web:
+    image: ghcr.io/basecamp/fizzy:main
+    restart: unless-stopped
+    environment:
+      - SECRET_KEY_BASE=abcdefabcdef
+      # - TLS_DOMAIN={{ fizzy_domain }}
+      - BASE_URL=https://{{ fizzy_domain }}
+      - MAILER_FROM_ADDRESS={{ fizzy_from_address }}
+      - SMTP_ADDRESS={{ fizzy_smtp_address }}
+      - SMTP_USERNAME={{ fizzy_smtp_username }}
+      - SMTP_PASSWORD={{ fizzy_smtp_password }}
+      - VAPID_PRIVATE_KEY=myvapidprivatekey
+      - VAPID_PUBLIC_KEY=myvapidpublickey
+    volumes:
+      - {{ data_dir }}/data/storage:/rails/storage
+    networks:
+      - {{ traefik_public_net }}
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network={{ traefik_public_net }}"
+        - "traefik.http.routers.fizzy.rule=Host(`{{ fizzy_domain }}`)"
+        - "traefik.http.routers.fizzy.entrypoints=https"
+        - "traefik.http.routers.fizzy.tls.certresolver=main"
+        - "traefik.http.services.fizzy.loadbalancer.server.port=80"
diff --git a/iac/ansible/roles/fizzy/vars/main.yml b/iac/ansible/roles/fizzy/vars/main.yml
new file mode 100644
index 0000000..d674a45
--- /dev/null
+++ b/iac/ansible/roles/fizzy/vars/main.yml
@@ -0,0 +1,3 @@
+data_dir: "{{ ceph_volume }}/fizzy"
+subdomain: fizzy
+fizzy_domain: "{{ subdomain }}.{{ main_domain }}"
\ No newline at end of file