added jnss-web

roles/caddy/tasks/main.yml

@@ -120,7 +120,7 @@
     owner: root
     group: "{{ caddy_user }}"
     mode: '0640'
-    backup: yes
+    backup: no
   notify: reload caddy
 
 - name: Check Caddyfile syntax (basic check)

roles/caddy/templates/Caddyfile.j2

@@ -21,43 +21,3 @@
 
 # Import service configurations
 import {{ caddy_sites_enabled_dir }}/*
-
-# Primary domain: {{ caddy_domain }}
-{{ caddy_domain }} {
-    {% if caddy_tls_enabled %}
-        {% if caddy_dns_provider == "cloudflare" and cloudflare_api_token %}
-    # DNS challenge for automatic TLS 
-    tls {
-        dns cloudflare {{ cloudflare_api_token }}
-        resolvers {{ caddy_dns_resolvers | join(' ') }}
-    }
-        {% elif caddy_tls_email %}
-    # HTTP challenge for automatic TLS  
-    tls {{ caddy_tls_email }}
-        {% endif %}
-    {% endif %}
-    
-    # Serve static content
-    root * {{ caddy_default_site_root }}
-    file_server
-    
-    # Logging
-    log {
-        {% if caddy_log_format == "json" %}
-        output file {{ caddy_log_dir }}/{{ caddy_domain | replace('.', '_') }}.log {
-            roll_size 100mb
-            roll_keep 5
-        }
-        format json {
-            time_format "2006-01-02T15:04:05.000Z07:00"
-        }
-        level {{ caddy_log_level }}
-        {% else %}
-        output file {{ caddy_log_dir }}/{{ caddy_domain | replace('.', '_') }}.log {
-            roll_size 100mb
-            roll_keep 5
-        }
-        level {{ caddy_log_level }}
-        {% endif %}
-    }
-}

roles/gitea/defaults/main.yml

@@ -63,7 +63,7 @@ gitea_enable_lfs: true
 
 # Access Control - Private server with public repos allowed
 gitea_disable_registration: true          # No public registration (admin only)
-gitea_require_signin: true                # Require sign-in (unauthorized users read-only)
+gitea_require_signin: false                # Require sign-in (unauthorized users read-only)
 gitea_show_registration_button: false     # Hide registration UI
 
 # OAuth Configuration - Preferred but not forced
@@ -86,7 +86,7 @@ gitea_smtp_addr: "smtp.titan.email"
 gitea_smtp_port: 587
 gitea_mailer_from: "hello@jnss.me"
 gitea_mailer_user: "hello@jnss.me"
-gitea_mailer_password: "{{ vault_gitea_smtp_password }}"
+gitea_mailer_password: "{{ vault_smtp_password }}"
 gitea_mailer_subject_prefix: "[Gitea]"
 
 # =================================================================

roles/nextcloud/defaults/main.yml

@@ -105,7 +105,7 @@ nextcloud_smtp_secure: "tls"  # tls, ssl, or empty string for no encryption
 nextcloud_smtp_auth: true  # Enable SMTP authentication
 nextcloud_smtp_authtype: "PLAIN"  # LOGIN or PLAIN
 nextcloud_smtp_username: "hello@jnss.me"  # SMTP username
-nextcloud_smtp_password: "{{ vault_nextcloud_smtp_password | default('') }}"
+nextcloud_smtp_password: "{{ vault_smtp_password | default('') }}"
 
 # Email Addressing
 nextcloud_mail_from_address: "hello"  # Local part only (before @)

roles/vaultwarden/defaults/main.yml

@@ -64,7 +64,7 @@ vaultwarden_smtp_host: "smtp.titan.email"
 vaultwarden_smtp_port: 587
 vaultwarden_smtp_from: "hello@jnss.me"
 vaultwarden_smtp_username: "hello@jnss.me"
-vaultwarden_smtp_password: "{{ vault_vaultwarden_smtp_password | default('') }}"
+vaultwarden_smtp_password: "{{ vault_smtp_password | default('') }}"
 vaultwarden_smtp_security: "starttls"  # Options: starttls, force_tls, off
 
 # =================================================================