inventory, roles, config, docs: update all files to refactor the ansible variables structure

config/services/containers/app/actual-budget/actual-budget.container.j2

@@ -9,14 +9,14 @@ Image=ghcr.io/actualbudget/actual-server:{{ version['containers']['actualbudget'
 ContainerName=actual-budget
 HostName=actual-budget
 
-PublishPort=5006:5006
+PublishPort={{ services['actualbudget']['ports']['http'] }}:5006
 
 Volume=%h/data/containers/actual-budget:/data:rw
 
 Environment="TZ=Asia/Seoul"
-Environment="ACTUAL_OPENID_DISCOVERY_URL=https://authelia.ilnmors.com/.well-known/openid-configuration"
+Environment="ACTUAL_OPENID_DISCOVERY_URL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}/.well-known/openid-configuration"
 Environment="ACTUAL_OPENID_CLIENT_ID=actual-budget"
-Environment="ACTUAL_OPENID_SERVER_HOSTNAME=https://budget.ilnmors.com"
+Environment="ACTUAL_OPENID_SERVER_HOSTNAME=https://{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}"
 Environment="ACTUAL_OPENID_AUTH_METHOD=oauth2"
 Secret=ACTUAL_OPENID_CLIENT_SECRET,type=env
 

config/services/containers/app/gitea/gitea.container.j2

@@ -23,18 +23,18 @@ Environment="TZ=Asia/Seoul"
 Environment="GITEA__server__DISABLE_SSH=true"
 # Database
 Environment="GITEA__database__DB_TYPE=postgres"
-Environment="GITEA__database__HOST={{ infra_uri['postgresql']['domain'] }}:{{ infra_uri['postgresql']['ports']['tcp'] }}"
+Environment="GITEA__database__HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:{{ services['postgresql']['ports']['tcp'] }}"
 Environment="GITEA__database__NAME=gitea_db"
 Environment="GITEA__database__USER=gitea"
 Secret=GITEA__database__PASSWD,type=env
 Environment="GITEA__database__SSL_MODE=verify-full"
-Environment="PGSSLROOTCERT=/etc/ssl/gitea/ilnmors_root_ca.crt"
+Environment="PGSSLROOTCERT=/etc/ssl/gitea/{{ root_cert_filename }}"
 # OAuth2 client
 Environment="GITEA__oauth2_client__ACCOUNT_LINKING=auto"
 # OIDC configuration
 Environment="GITEA__openid__ENABLE_OPENID_SIGNIN=false"
 Environment="GITEA__openid__ENABLE_OPENID_SIGNUP=true"
-Environment="GITEA__openid__WHITELISTED_URIS=authelia.ilnmors.com"
+Environment="GITEA__openid__WHITELISTED_URIS={{ services['authelia']['domain'] }}.{{ domain['public'] }}"
 # automatic create user via authelia
 Environment="GITEA__service__DISABLE_REGISTRATION=false"
 Environment="GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true"
@@ -42,7 +42,7 @@ Environment="GITEA__service__SHOW_REGISTRATION_BUTTON=false"
 
 
 [Service]
-ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
 Restart=always
 RestartSec=10s
 TimeoutStopSec=120

config/services/containers/app/immich/immich-ml.container.j2

@@ -13,7 +13,7 @@ Image=ghcr.io/immich-app/immich-machine-learning:{{ version['containers']['immic
 ContainerName=immich-ml
 HostName=immich-ml
 
-PublishPort=3003:3003
+PublishPort={{ services['immich-ml']['ports']['http'] }}:3003
 
 # iGPU access for OpenVINO
 AddDevice=/dev/dri:/dev/dri

config/services/containers/app/immich/immich.container.j2

@@ -13,7 +13,7 @@ Image=ghcr.io/immich-app/immich-server:{{ version['containers']['immich'] }}
 ContainerName=immich
 HostName=immich
 
-PublishPort=2283:2283
+PublishPort={{ services['immich']['ports']['http'] }}:2283
 
 # iGPU access
 AddDevice=/dev/dri:/dev/dri
@@ -26,21 +26,21 @@ Volume=%h/containers/immich/ssl:/etc/ssl/immich:ro
 # Environment
 Environment="TZ=Asia/Seoul"
 Environment="REDIS_HOSTNAME=host.containers.internal"
-Environment="REDIS_PORT={{ hostvars['app']['redis']['immich'] }}"
+Environment="REDIS_PORT={{ services['immich']['ports']['redis'] }}"
 Environment="REDIS_DBINDEX=0"
 
 # Database
-Environment="DB_HOSTNAME={{ infra_uri['postgresql']['domain'] }}"
-Environment="DB_PORT={{ infra_uri['postgresql']['ports']['tcp'] }}"
+Environment="DB_HOSTNAME={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
+Environment="DB_PORT={{ services['postgresql']['ports']['tcp'] }}"
 Environment="DB_USERNAME=immich"
 Environment="DB_DATABASE_NAME=immich_db"
 Environment="DB_PASSWORD_FILE=/run/secrets/DB_PASSWORD"
 Environment="DB_SSL_MODE=verify-full"
-Environment="NODE_EXTRA_CA_CERTS=/etc/ssl/immich/ilnmors_root_ca.crt"
+Environment="NODE_EXTRA_CA_CERTS=/etc/ssl/immich/{{ root_cert_filename }}"
 Secret=IMMICH_DB_PASSWORD,target=/run/secrets/DB_PASSWORD
 
 [Service]
-ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
 Restart=always
 RestartSec=10s
 TimeoutStopSec=120

config/services/containers/app/paperless/paperless.container.j2

@@ -11,7 +11,7 @@ Wants=redis_paperless.service
 Image=ghcr.io/paperless-ngx/paperless-ngx:{{ version['containers']['paperless'] }}
 ContainerName=paperless
 HostName=paperless
-PublishPort=8001:8000/tcp
+PublishPort={{ services['paperless']['ports']['http'] }}:8000/tcp
 
 # Volumes
 Volume=%h/data/containers/paperless/data:/usr/src/paperless/data:rw
@@ -22,7 +22,7 @@ Volume=%h/containers/paperless/ssl:/etc/ssl/paperless:ro
 # General
 Environment="TZ=Asia/Seoul"
 Environment="PAPERLESS_TIME_ZONE=Asia/Seoul"
-Environment="PAPERLESS_URL=https://paperless.ilnmors.com"
+Environment="PAPERLESS_URL=https://{{ services['paperless']['domain']['public'] }}.{{ domain['public'] }}"
 Environment="PAPERLESS_OCR_LANGUAGE=kor+eng"
 Environment="PAPERLESS_OCR_LANGUAGES=kor"
 # Environment="PAPERLESS_OCR_MODE=force"
@@ -32,15 +32,15 @@ Environment="PAPERLESS_WORKER_TIMEOUT=7200"
 Secret=PAPERLESS_SECRET_KEY,type=env
 
 # Redis
-Environment="PAPERLESS_REDIS=redis://host.containers.internal:{{ hostvars['app']['redis']['paperless'] }}"
+Environment="PAPERLESS_REDIS=redis://host.containers.internal:{{ services['paperless']['ports']['redis'] }}"
 
 # Database
-Environment="PAPERLESS_DBHOST={{ infra_uri['postgresql']['domain'] }}"
-Environment="PAPERLESS_DBPORT={{ infra_uri['postgresql']['ports']['tcp'] }}"
+Environment="PAPERLESS_DBHOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
+Environment="PAPERLESS_DBPORT={{ services['postgresql']['ports']['tcp'] }}"
 Environment="PAPERLESS_DBNAME=paperless_db"
 Environment="PAPERLESS_DBUSER=paperless"
 Environment="PAPERLESS_DBSSLMODE=verify-full"
-Environment="PAPERLESS_DBSSLROOTCERT=/etc/ssl/paperless/ilnmors_root_ca.crt"
+Environment="PAPERLESS_DBSSLROOTCERT=/etc/ssl/paperless/{{ root_cert_filename }}"
 Secret=PAPERLESS_DBPASS,type=env
 
 # OIDC
@@ -50,7 +50,7 @@ Environment="PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS=true"
 Secret=PAPERLESS_SOCIALACCOUNT_PROVIDERS,type=env
 
 [Service]
-ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
 Restart=always
 RestartSec=10s
 TimeoutStopSec=120

config/services/containers/app/redis/redis.conf.j2

@@ -1,4 +1,4 @@
 databases 16
 bind 0.0.0.0
-port {{ hostvars['app']['redis'][redis_service] }}
+port 6379
 protected-mode no

config/services/containers/app/redis/redis.container.j2

@@ -13,7 +13,7 @@ Image=docker.io/library/redis:{{ version['containers']['redis'] }}
 ContainerName=redis_{{ redis_service }}
 HostName=redis_{{ redis_service }}
 
-PublishPort={{ hostvars['app']['redis'][redis_service] }}:{{ hostvars['app']['redis'][redis_service] }}
+PublishPort={{ services[redis_service]['ports']['redis'] }}:6379
 
 Volume=%h/containers/redis/{{ redis_service }}/data:/data:rw
 Volume=%h/containers/redis/{{ redis_service }}/redis.conf:/usr/local/etc/redis/redis.conf:ro

config/services/containers/app/vaultwarden/vaultwarden.container.j2

@@ -13,19 +13,19 @@ Image=docker.io/vaultwarden/server:{{ version['containers']['vaultwarden'] }}
 ContainerName=vaultwarden
 HostName=vaultwarden
 
-PublishPort=8000:80/tcp
+PublishPort={{ services['vaultwarden']['ports']['http'] }}:80/tcp
 
 Volume=%h/data/containers/vaultwarden:/data:rw
 Volume=%h/containers/vaultwarden/ssl:/etc/ssl/vaultwarden:ro
 
 Environment="TZ=Asia/Seoul"
-Environment="DOMAIN=https://vault.ilnmors.com"
+Environment="DOMAIN=https://{{ services['vaultwarden']['domain']['public'] }}.{{ domain['public'] }}"
 Environment="SIGNUPS_ALLOWED=false"
 Secret=VW_ADMIN_TOKEN,type=env,target=ADMIN_TOKEN
 Secret=VW_DATABASE_URL,type=env,target=DATABASE_URL
 
 [Service]
-ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
 Restart=always
 RestartSec=10s
 TimeoutStopSec=120

config/services/containers/app/vikunja/vikunja.container.j2

@@ -11,7 +11,7 @@ Wants=network-online.target
 Image=docker.io/vikunja/vikunja:{{ version['containers']['vikunja'] }}
 ContainerName=vikunja
 HostName=vikunja
-PublishPort=3456:3456/tcp
+PublishPort={{ services['vikunja']['ports']['http'] }}:3456/tcp
 
 # Volumes
 Volume=%h/data/containers/vikunja:/app/vikunja/files:rw
@@ -21,25 +21,25 @@ Volume=%h/containers/vikunja/ssl:/etc/ssl/vikunja:ro
 Environment="TZ=Asia/Seoul"
 Environment="VIKUNJA_DEFAULTSETTINGS_TIMEZONE=Asia/Seoul"
 Environment="VIKUNJA_SERVICE_TIMEZONE=Asia/Seoul"
-Environment="VIKUNJA_SERVICE_PUBLICURL=https://vikunja.ilnmors.com"
+Environment="VIKUNJA_SERVICE_PUBLICURL=https://{{ services['vikunja']['domain']['public'] }}.{{ domain['public'] }}"
 Environment="VIKUNJA_SERVICE_ENABLEREGISTRATION=false"
 Secret=VIKUNJA_SERVICE_JWTSECRET,type=env
 
 
 # Database
 Environment="VIKUNJA_DATABASE_TYPE=postgres"
-Environment="VIKUNJA_DATABASE_HOST={{ infra_uri['postgresql']['domain'] }}"
+Environment="VIKUNJA_DATABASE_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
 Environment="VIKUNJA_DATABASE_USER=vikunja"
 Environment="VIKUNJA_DATABASE_DATABASE=vikunja_db"
 Environment="VIKUNJA_DATABASE_SSLMODE=verify-full"
-Environment="VIKUNJA_DATABASE_SSLROOTCERT=/etc/ssl/vikunja/ilnmors_root_ca.crt"
+Environment="VIKUNJA_DATABASE_SSLROOTCERT=/etc/ssl/vikunja/{{ root_cert_filename }}"
 Secret=VIKUNJA_DATABASE_PASSWORD,type=env
 
 
 # OIDC
 Environment="VIKUNJA_AUTH_OPENID_ENABLED=true"
 Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_NAME=Authelia"
-Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_AUTHURL=https://authelia.ilnmors.com"
+Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_AUTHURL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
 Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_CLIENTID=vikunja"
 # Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_SCOPE=" default value = openid email profile
 # Vikunja doesn't support OIDC and local dual login.
@@ -48,7 +48,7 @@ Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_CLIENTID=vikunja"
 Secret=VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_CLIENTSECRET,type=env
 
 [Service]
-ExecStartPre=/usr/bin/nc -zv {{ infra_uri['postgresql']['domain'] }} {{ infra_uri['postgresql']['ports']['tcp'] }}
+ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
 Restart=always
 RestartSec=10s
 TimeoutStopSec=120