feat(trilium): release trilium

deployment notes:
- oidc error (users cannot access at once, it needs login twice when using oidc

ansible/inventory/group_vars/all.yaml

@@ -185,6 +185,13 @@ services:
     ports:
       http: "3002"
     subuid: "100999"
+  trilium:
+    domain:
+      public: "notes"
+      internal: "notes.app"
+    ports:
+      http: "8004"
+    subuid: "100999"
 
 version:
   packages:
@@ -226,3 +233,4 @@ version:
     ezbookkeeping: "1.4.0"
     sure: "0.7.0-hotfix.2"
     wikijs: "2.5.314"
+    trilium: "v0.102.2"

ansible/playbooks/app/site.yaml

@@ -265,6 +265,14 @@
           tags: ["site", "wikijs"]
       tags: ["site", "wikijs"]
 
+    - name: Set trilium
+      ansible.builtin.include_role:
+        name: "app"
+        tasks_from: "services/set_trilium"
+        apply:
+          tags: ["site", "trilium"]
+      tags: ["site", "trilium"]
+
     - name: Flush handlers right now
       ansible.builtin.meta: "flush_handlers"
 

ansible/roles/app/handlers/main.yaml

@@ -158,3 +158,14 @@
   changed_when: false
   listen: "notification_restart_wikijs"
   ignore_errors: true # noqa: ignore-errors
+
+- name: Restart trilium
+  ansible.builtin.systemd:
+    name: "trilium.service"
+    state: "restarted"
+    enabled: true
+    scope: "user"
+    daemon_reload: true
+  changed_when: false
+  listen: "notification_restart_trilium"
+  ignore_errors: true # noqa: ignore-errors

ansible/roles/app/tasks/services/set_trilium.yaml

@@ -0,0 +1,38 @@
+---
+- name: Create trilium directory
+  ansible.builtin.file:
+    path: "{{ node['home_path'] }}/{{ item }}"
+    state: "directory"
+    owner: "{{ services['trilium']['subuid'] }}"
+    group: "svadmins"
+    mode: "0770"
+  loop:
+    - "data/containers/trilium"
+    - "data/containers/trilium/data"
+  become: true
+
+- name: Register secret value to podman secret
+  containers.podman.podman_secret:
+    name: "TRILIUM_OAUTH_CLIENT_SECRET"
+    data: "{{ hostvars['console']['trilium']['oidc']['secret'] }}"
+    state: "present"
+    force: true
+  notify: "notification_restart_trilium"
+  no_log: true
+
+- name: Deploy trilium.container file
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/app/trilium/trilium.container.j2"
+    dest: "{{ node['home_path'] }}/.config/containers/systemd/trilium.container"
+    owner: "{{ ansible_user }}"
+    group: "svadmins"
+    mode: "0644"
+  notify: "notification_restart_trilium"
+
+- name: Enable trilium.service
+  ansible.builtin.systemd:
+    name: "trilium.service"
+    state: "started"
+    enabled: true
+    daemon_reload: true
+    scope: "user"