chore(app): archive removed stacks from app

archived stacks:
- actual-budget
- ezbookkeeping
- opencloud
- trilium
- vikunja
- wikijs

docs/archives/services/app/ezbookkeeping/authelia.yaml

@@ -0,0 +1,25 @@
+---
+identity_providers:
+  oidc:
+    clients:
+      # https://www.authelia.com/integration/openid-connect/clients/ezbookkeeping/
+      - client_id: 'ezbookkeeping'
+        client_name: 'ezBookkeeping'
+        client_secret: 'hash'
+        public: false
+        authorization_policy: 'one_factor'
+        require_pkce: true
+        pkce_challenge_method: 'S256'
+        redirect_uris:
+          - 'https://ezbookkeeping.example.com/oauth2/callback'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+        response_types:
+          - 'code'
+        grant_types:
+          - 'authorization_code'
+        access_token_signed_response_alg: 'none'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'

docs/archives/services/app/ezbookkeeping/ezbookkeeping.container.j2

@@ -0,0 +1,61 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=ezBookkeeping
+
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+Image=docker.io/mayswind/ezbookkeeping:{{ version['containers']['ezbookkeeping'] }}
+ContainerName=ezbookkeeping
+HostName=ezbookkeeping
+
+PublishPort={{ services['ezbookkeeping']['ports']['http'] }}:8080/tcp
+
+Volume=%h/data/containers/ezbookkeeping/data:/data:rw
+Volume=%h/containers/ezbookkeeping/ssl:/etc/ssl/ezbookkeeping:ro
+
+# General
+Environment="TZ=Asia/Seoul"
+Environment="EBK_SERVER_DOMAIN={{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }}"
+Environment="EBK_SERVER_ROOT_URL=https://{{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }}/"
+Environment="EBK_LOG_MODE=console"
+
+# Database
+Environment="EBK_DATABASE_TYPE=postgres"
+Environment="EBK_DATABASE_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:{{ services['postgresql']['ports']['tcp'] }}"
+Environment="EBK_DATABASE_NAME=ezbookkeeping_db"
+Environment="EBK_DATABASE_USER=ezbookkeeping"
+Secret=EBK_DATABASE_PASSWD,type=env
+Environment="EBK_DATABASE_SSL_MODE=verify-full"
+Environment="PGSSLROOTCERT=/etc/ssl/ezbookkeeping/{{ root_cert_filename }}"
+
+# OIDC
+Environment="EBK_AUTH_ENABLE_OAUTH2_AUTH=true"
+Environment="EBK_AUTH_OAUTH2_PROVIDER=oidc"
+Environment="EBK_AUTH_OAUTH2_CLIENT_ID=ezbookkeeping"
+Secret=EBK_AUTH_OAUTH2_CLIENT_SECRET,type=env
+Environment="EBK_AUTH_OAUTH2_USE_PKCE=true"
+Environment="EBK_AUTH_OIDC_PROVIDER_BASE_URL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
+Environment="EBK_AUTH_ENABLE_OIDC_DISPLAY_NAME=true"
+Environment="EBK_AUTH_OIDC_CUSTOM_DISPLAY_NAME=Authelia"
+
+# Registration / auth policy
+Environment="EBK_AUTH_ENABLE_INTERNAL_AUTH=false"
+Environment="EBK_USER_ENABLE_REGISTER=true"
+Environment="EBK_AUTH_OAUTH2_AUTO_REGISTER=true"
+
+# AI / MCP disabled by default
+Environment="EBK_MCP_ENABLE_MCP=false"
+Environment="EBK_LLM_TRANSACTION_FROM_AI_IMAGE_RECOGNITION=false"
+
+[Service]
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target

docs/archives/services/app/ezbookkeeping/ezbookkeeping.md

@@ -0,0 +1,35 @@
+# ezBookkeeping
+
+## Prerequisite
+
+### Create database
+
+- Create the password with `openssl rand -base64 32`
+  - Save this value in secrets.yaml in `postgresql.password.ezbookkeeping`
+  - Access infra server to create paperless_db with `podman exec -it postgresql psql -U postgres`
+
+```SQL
+CREATE USER ezbookkeeping WITH PASSWORD 'postgresql.password.ezbookkeeping';
+CREATE DATABASE ezbookkeeping_db;
+ALTER DATABASE ezbookkeeping_db OWNER TO ezbookkeeping;
+```
+
+### Create oidc secret and hash
+
+- Create the secret with `openssl rand -base64 32`
+- access to auth vm
+  - `podman exec -it authelia sh`
+  - `authelia crypto hash generate pbkdf2 --password 'ezbookkeeping.oidc.secret'`
+- Save this value in secrets.yaml in `ezbookkeeping.oidc.secret` and `ezbookkeeping.oidc.hash`
+
+### Add postgresql dump backup list
+
+- [set_postgresql.yaml](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
+
+```yaml
+- name: Set connected services list
+  ansible.builtin.set_fact:
+    connected_services:
+      - ...
+      - "ezbookkeeping"
+```

docs/archives/services/app/ezbookkeeping/group_vars.yaml

@@ -0,0 +1,13 @@
+---
+services:
+  ezbookkeeping:
+    domain:
+      public: ""
+      internal: ""
+    ports:
+      http: ""
+    subuid: "100999"
+
+version:
+  containers:
+    ezbookkeeping: "1.4.0"

docs/archives/services/app/ezbookkeeping/secret.example.yaml

@@ -0,0 +1,8 @@
+---
+postgresql:
+  password:
+    ezbookkeeping: ""
+ezbookkeeping:
+  oidc:
+    secret: ""
+    hash: ""

docs/archives/services/app/ezbookkeeping/set_ezbookkeeping.yaml

@@ -0,0 +1,58 @@
+---
+- name: Create ezbookkeeping directory
+  ansible.builtin.file:
+    path: "{{ node['home_path'] }}/{{ item }}"
+    state: "directory"
+    owner: "{{ services['ezbookkeeping']['subuid'] }}"
+    group: "svadmins"
+    mode: "0770"
+  loop:
+    - "data/containers/ezbookkeeping"
+    - "data/containers/ezbookkeeping/data"
+    - "containers/ezbookkeeping"
+    - "containers/ezbookkeeping/ssl"
+  become: true
+
+
+- name: Deploy root certificate
+  ansible.builtin.copy:
+    content: |
+      {{ hostvars['console']['ca']['root']['crt'] }}
+    dest: "{{ node['home_path'] }}/containers/ezbookkeeping/ssl/{{ root_cert_filename }}"
+    owner: "{{ services['ezbookkeeping']['subuid'] }}"
+    group: "svadmins"
+    mode: "0440"
+  become: true
+  notify: "notification_restart_ezbookkeeping"
+  no_log: true
+
+- name: Register secret value to podman secret
+  containers.podman.podman_secret:
+    name: "{{ item.name }}"
+    data: "{{ item.value }}"
+    state: "present"
+    force: true
+  loop:
+    - name: "EBK_AUTH_OAUTH2_CLIENT_SECRET"
+      value: "{{ hostvars['console']['ezbookkeeping']['oidc']['secret'] }}"
+    - name: "EBK_DATABASE_PASSWD"
+      value: "{{ hostvars['console']['postgresql']['password']['ezbookkeeping'] }}"
+  notify: "notification_restart_ezbookkeeping"
+  no_log: true
+
+- name: Deploy ezbookkeeping.container file
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/app/ezbookkeeping/ezbookkeeping.container.j2"
+    dest: "{{ node['home_path'] }}/.config/containers/systemd/ezbookkeeping.container"
+    owner: "{{ ansible_user }}"
+    group: "svadmins"
+    mode: "0644"
+  notify: "notification_restart_ezbookkeeping"
+
+- name: Enable ezbookkeeping.service
+  ansible.builtin.systemd:
+    name: "ezbookkeeping.service"
+    state: "started"
+    enabled: true
+    daemon_reload: true
+    scope: "user"