distributed secrets to group_vars and added karakeep

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

roles/docker_host/templates/compose.yaml.j2

@@ -1,12 +1,12 @@
 services:
 {% for service in services %}
 {% if inventory_hostname in service.vm %}
-  {{service.name}}:
+  {{ service.name }}:
     container_name: {{ service.container_name }}
     image: {{ service.image }}
     restart: {{ service.restart }}
 {% if service.network_mode is not defined %}
-    hostname: {{service.name}}
+    hostname: {{ service.name }}
     networks:
       - net
 {% endif %}
@@ -15,7 +15,7 @@ services:
     ports:
 {% for port in service.ports %}
 {% if port.internal != 'proxy_only' %}
-      - {{port.external}}:{{port.internal}}
+      - {{ port.external }}:{{ port.internal }}
 {% endif %}
 {% endfor %}
 {% endif %}
@@ -41,24 +41,24 @@ services:
 {% if service.volumes is defined and service.volumes is iterable %}
     volumes:
 {% for volume in service.volumes %}
-      - {{volume.external}}:{{volume.internal}}
+      - {{ volume.external }}:{{ volume.internal }}
 {% endfor %}
 {% endif %}
 {% if service.environment is defined and service.environment is iterable %}
     environment:
 {% for env in service.environment %}
-      - {{env}}
+      - {{ env }}
 {% endfor %}
 {% endif %}
 {% if service.devices is defined and service.devices is iterable  %}
     devices:
 {% for device in service.devices %}
-      - {{device.external}}:{{device.internal}}
+      - {{ device.external }}:{{ device.internal }}
 {% endfor %}
 {% endif %}
 {% if service.name == 'paperless' %}
 
-  {{service.name}}-broker:
+  {{ service.name }}-broker:
     container_name: paperless-broker
     image: docker.io/library/redis:7
     restart: unless-stopped
@@ -67,7 +67,7 @@ services:
     volumes:
       - /opt/local/paperless/redis/data:/data
 
-  {{service.name}}-postgres:
+  {{ service.name }}-postgres:
     container_name: paperless-postgres
     image: docker.io/library/postgres:15
     restart: unless-stopped
@@ -78,7 +78,31 @@ services:
     environment:
       POSTGRES_DB: paperless
       POSTGRES_USER: paperless
-      POSTGRES_PASSWORD: 5fnhn%u2YWY3paNvMAjdoufYPQ2Hf3Yi
+      POSTGRES_PASSWORD: {{ vault.docker.paperless.dbpass }}
+{% endif %}
+{% if service.name == 'karakeep' %}
+
+  {{ service.name }}-chrome:
+    image: gcr.io/zenika-hub/alpine-chrome:123
+    restart: unless-stopped
+    command:
+      - --no-sandbox
+      - --disable-gpu
+      - --disable-dev-shm-usage
+      - --remote-debugging-address=0.0.0.0
+      - --remote-debugging-port=9222
+      - --hide-scrollbars
+
+  {{ service.name }}-meilisearch:
+    image: getmeili/meilisearch:v1.11.1
+    restart: unless-stopped
+    environment:
+      MEILI_NO_ANALYTICS: "true"
+      NEXTAUTH_SECRET={{ vault.docker.karakeep.nextauth_secret }}
+      MEILI_MASTER_KEY={{ vault.docker.karakeep.meili_master_key }}
+      NEXTAUTH_URL=http://localhost:3000
+    volumes:
+      - meilisearch:/meili_data
 {% endif %}
 
 {% endif %}

roles/reverse_proxy/templates/Caddyfile.j2

@@ -18,9 +18,9 @@
     }
 	tls {
 		dns netcup {
-			customer_number {{ vault.netcup.customer_number }}
-			api_key {{ vault.netcup.api_key}}
-			api_password {{ vault.netcup.api_password }}
+			customer_number {{ vault_netcup.customer_number }}
+			api_key {{ vault_netcup.api_key }}
+			api_password {{ vault_netcup.api_password }}
 		}
     propagation_timeout 900s
 		propagation_delay 600s