initial push

roles/deploy-docker/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+     - name: création du dossier "{{ name_docker }}"
+       file:
+        path: "/home/ubuntu/{{ name_docker }}"
+        state: directory
+
+     - name: Copie du template docker-compose - "{{ name_docker }}"
+       template:
+         src: "{{ name_docker }}.yml"
+         dest: "/home/ubuntu/{{ name_docker }}/docker-compose.yml"
+       become: yes
+
+     - name: Telechargement du container "VM" - "{{ name_docker }}"
+       shell: chdir=/home/ubuntu/{{ name_docker }} docker compose pull
+#       become: "{{ m_user_name }}"
+
+     - name: Deployement du container "VM" - "{{ name_docker }}"
+       shell: chdir=/home/ubuntu/{{ name_docker }} docker compose up -d
+#       become: "{{ m_user_name }}"

roles/deploy-docker/templates/bacula.yml

@@ -0,0 +1,100 @@
+version: '3.1'
+services:
+
+  db:
+    image: eftechcombr/bacula:15.0.2-catalog
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: bacula
+      POSTGRES_USER: bacula
+      POSTGRES_DB: bacula
+    volumes:
+      - ./pgdata:/var/lib/postgresql/data:rw
+    ports:
+      - 5432:5432
+#
+  bacula-dir:
+    image: eftechcombr/bacula:15.0.2-director
+    restart: unless-stopped
+    volumes:
+      - ./etc:/opt/bacula/etc:ro
+    depends_on: 
+      - db      
+    ports:
+      - 9101:9101
+#
+  bacula-sd:
+    image: eftechcombr/bacula:15.0.2-storage
+    restart: unless-stopped
+    depends_on:
+      - bacula-dir
+      - db
+    volumes:
+      - ./etc:/opt/bacula/etc:ro
+    ports:
+      - 9103:9103
+#
+  bacula-fd:
+    image: eftechcombr/bacula:15.0.2-client
+    restart: unless-stopped
+    depends_on:
+      - bacula-sd
+      - bacula-dir
+      - db
+    volumes:
+      - ./etc:/opt/bacula/etc:ro
+    ports:
+      - 9102:9102
+
+  baculum-api:
+    image: eftechcombr/baculum:15.0.2-api
+    restart: unless-stopped
+    depends_on: 
+      - db
+      - bacula-dir
+    volumes:
+      - ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro
+      - ./etc/baculum:/etc/baculum:rw
+    ports:
+      - 9096:9096
+
+#
+  baculum-web:
+    image: eftechcombr/baculum:15.0.2-web
+    restart: unless-stopped
+    depends_on: 
+      - baculum-api
+    volumes:
+      - ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro
+      - ./etc/baculum:/etc/baculum:rw
+    ports:
+      - 9095:9095
+
+# 
+#volumes: 
+#  pgdata:
+#
+#  gmail:
+#    image: eftechcombr/postfix:gmail
+#    restart: unless-stopped
+#    depends_on:
+#      - bacula-dir
+#    # ports:
+#    #  - 30025:25
+#    environment:
+#      GMAIL_USER: xxxxxxxx
+#      GMAIL_PASS: xxxxxxxx
+#
+#  smtp2tg:
+#    image: b3vis/docker-smtp2tg
+#    restart: unless-stopped
+#    volumes:
+#      - ./etc/smtp2tg.toml:/config/smtp2tg.toml:ro
+#    #    ports:
+#    #  - "31025:25"
+#    depends_on:
+#      - bacula-dir
+#
+# 
+#volumes: 
+#  pgdata:

roles/deploy-docker/templates/bitwarden.yml

@@ -0,0 +1,28 @@
+---
+version: '3.1'
+services:
+  Bitwarden:
+    image: vaultwarden/server:latest
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    restart: always
+    environment:
+      - SIGNUPS_ALLOWED=true
+      - ADMIN_TOKEN=fhBMPCHo0TUNDB
+      - SHOW_PASSWORD_HINT=true
+      - DOMAIN=https://password.{{ domaine_ext }}
+      - SMTP_HOST=ssl0.ovh.net
+      - SMTP_FROM=contact@{{ domaine_ext }}
+      - SMTP_FROM_NAME=RedFrontier Password Manager (Bitwarden)
+      - SMTP_SECURITY=force_tls
+            # ("starttls", "force_tls", "off") Enable a secure connection. Default is "starttls" (Explicit - ports 587 or 25), "force_tls" (Implicit - port 465) or "off", no encryption (port 25)
+      - SMTP_PORT=465
+            # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).
+      - SMTP_USERNAME=contact@{{ domaine_ext }}
+      - SMTP_PASSWORD=Jemeqq3dw@louovh
+      - SMTP_TIMEOUT=15
+    ports:
+      - 9091:80
+      - 9092:3012
+    volumes:
+      - ./:/data

roles/deploy-docker/templates/bookstack.yml

@@ -0,0 +1,51 @@
+version: "3"
+services:
+  bookstack:
+    image: linuxserver/bookstack:latest
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    volumes:
+      - ./config:/config
+    environment:
+      - APP_URL=https://wiki.{{domaine_ext}}
+      - PGID=1000
+      - PUID=1000
+      - DB_HOST=bookstack-db
+      - DB_DATABASE=bookstack
+      - DB_USERNAME=bxlife
+      - DB_PASSWORD=3aslZpYfZ0j8nEbz
+      - DISCORD_APP_ID=1294769940171067413
+      - DISCORD_APP_SECRET=UdI8nbpOzk9LuAV2qxn6sMVdOI_XptZ3
+      - APP_LANG=fr
+      - APP_THEME="custom"
+
+ #     - MAIL_ENCRYPTION=
+    #   - MAIL_FROM_NAME=
+    #  - MAIL_FROM=
+    #   - MAIL_PORT=
+    #   - MAIL_PASSWORD=
+    #   - MAIL_USERNAME=
+    #   - MAIL_HOST=
+      - FILE_UPLOAD_SIZE_LIMIT=999
+      - APP_DEFAULT_DARK_MODE=true
+      - ALLOWED_IFRAME_SOURCES="*"
+    ports:
+      - 10003:443
+      - 10004:80
+    restart: always
+    depends_on:
+      - bookstack-db
+  bookstack-db:
+        image: mariadb:10.3
+        container_name: bookstack-db
+        environment:
+        - PUID=1000
+        - PGID=1000
+        - MYSQL_ROOT_PASSWORD=g6u3h9QWAGE9Q8
+        - TZ=Europe/Paris
+        - MYSQL_DATABASE=bookstack
+        - MYSQL_USER=bxlife
+        - MYSQL_PASSWORD=3aslZpYfZ0j8nEbz
+        volumes:
+        - ./mysql:/var/lib/mysql
+        restart: always

roles/deploy-docker/templates/cloudflare-ddns.yml

@@ -0,0 +1,12 @@
+version: '3'
+services:
+  cloudflare-ddns-server:
+    container_name: CloudFlare-DDNS-SERVEUR
+    hostname: CloudFlare-DDNS-SERVER
+    image: oznu/cloudflare-ddns:latest
+    restart: always
+    environment:
+      - API_KEY=pI56QZrEywuFBB5mAAdz-d-4WCjP-_5-R0fYesjQ
+      - ZONE={{domaine_ext}}
+      - SUBDOMAIN=server
+      - PROXIED=false

roles/deploy-docker/templates/codeserver.yml

@@ -0,0 +1,20 @@
+version: "3.1"
+services:
+  codeserver:
+    image: linuxserver/code-server:latest
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Paris
+      - PASSWORD=caabda9758f649bb01572c7b
+    volumes:
+      - ./config:/config
+    ports:
+      - 4850:8443
+    restart: always
+    healthcheck:
+      test: curl -f http://localhost:8443/ || exit 1
+      interval: 60s
+      retries: 5
+      start_period: 20s
+      timeout: 10s

roles/deploy-docker/templates/dolibarr.yml

@@ -0,0 +1,20 @@
+version: "3"
+services:
+    mariadb:
+        image: mariadb:latest
+        environment:
+            MYSQL_ROOT_PASSWORD: 5XgEvqxdAUTA6f
+            MYSQL_DATABASE: dolibarr
+    web:
+        image: tuxgasy/dolibarr
+        environment:
+            DOLI_DB_HOST: mariadb
+            DOLI_DB_USER: root
+            DOLI_DB_PASSWORD: 5XgEvqxdAUTA6f
+            DOLI_DB_NAME: dolibarr
+            DOLI_URL_ROOT: 'http://0.0.0.0'
+            PHP_INI_DATE_TIMEZONE: 'Europe/Paris'
+        ports:
+            - "80:80"
+        links:
+            - mariadb

roles/deploy-docker/templates/duplicati.yml

@@ -0,0 +1,20 @@
+version: "3.9"
+
+services:
+    duplicati:
+        image: linuxserver/duplicati
+        container_name: duplicati
+        restart: always
+        ports:
+            - 8200:8200  # Interface web accessible sur http://localhost:8200
+        environment:
+            - PUID=1000
+            - PGID=1000
+            - TZ=Europe/Paris
+            - SETTINGS_ENCRYPTION_KEY=nyfNRe229zQTGVVh  # 🔐 Ajoute une clé de chiffrement
+            - DUPLICATI__WEB__AUTHENTICATION__USERNAME=bxlife
+            - DUPLICATI__WEB__AUTHENTICATION__PASSWORD=LhjlWfTa3ahuOg9J
+        volumes:
+            - /:/host_root:ro  # Accès en lecture seule à tout l'hôte
+            - ./backups:/source  # Dossier où sont stockés les backups locaux
+            - ./duplicati:/config  # Configuration et base de données Duplicati

roles/deploy-docker/templates/filebrowser.yml

@@ -0,0 +1,14 @@
+version: "3"
+services:
+  file_browser:
+    image: filebrowser/filebrowser:latest
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    environment:
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - /:/srv
+    ports:
+      - 8963:80
+    restart: always

roles/deploy-docker/templates/firefly.yml

@@ -0,0 +1,36 @@
+version: "3"
+services:
+  firefly:
+    image: fireflyiii/core:latest
+    container_name: Firefly
+    volumes:
+      - ./app:/var/www/html/storage/upload
+    environment:
+      - APP_URL=https://budget.{{ domaine_ext }}
+      - TRUSTED_PROXIES=**
+      - APP_KEY=azertyuiopqsdfghjklmwxcvbn123456
+      - DB_HOST=firefly-db
+      - DB_PORT=3306
+      - DB_CONNECTION=mysql
+      - DB_DATABASE=firefly
+      - DB_USERNAME=bxlife
+      - DB_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC
+    ports:
+      - 17555:8080
+    restart: always
+    depends_on:
+        - firefly-db
+  firefly-db:
+    image: mariadb:10.5.21
+    container_name: firefly_db
+    environment:
+       - PUID=1000
+       - PGID=1000
+       - MYSQL_ROOT_PASSWORD=YFEyHkb7tizo9h
+       - TZ=Europe/Paris
+       - MYSQL_DATABASE=firefly
+       - MYSQL_USER=bxlife
+       - MYSQL_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC
+    volumes:
+       - ./config/mysql:/var/lib/mysql
+    restart: unless-stopped

roles/deploy-docker/templates/fivem.yml

@@ -0,0 +1,50 @@
+version: "3.9"
+services:
+    fivem:
+        image: spritsail/fivem:13227
+        container_name: fivem
+        environment:
+        - NO_LICENSE_KEY=1
+        - NO_DEFAULT_CONFIG=1
+        - PUID=0
+        - PGID=0
+        volumes:
+        - ./config:/config
+        - ./txData:/txData
+        ports:
+        - '40120:40120'
+        - '30120:30120'
+        - '30120:30120/udp'
+        restart: always
+        depends_on:
+        - fivem-db
+    fivem-db:
+        image: mariadb:10.11.6
+        container_name: fivem_db
+        environment:
+        - PUID=0
+        - PGID=0
+        - MYSQL_ROOT_PASSWORD=tdDgrdv6cs2J0D
+        - TZ=Europe/Paris
+        - MYSQL_DATABASE=hardb
+        - MYSQL_USER=har-admin
+        - MYSQL_PASSWORD=Xu22DW2SUwfGFv
+        #- MYSQL_ALLOW_EMPTY_PASSWORD=yes
+        command:
+            --sql_mode=NO_ZERO_IN_DATE,NO_ZERO_DATE,NO_ENGINE_SUBSTITUTION
+        ports:
+        - 3306:3306
+        volumes:
+        - ./mysql:/var/lib/mysql
+        # - ./mysql/my.cnf:/etc/mysql/my.cnf
+        restart: always
+    phpmyadmin:
+        image: phpmyadmin
+        restart: always
+        ports:
+        - 8080:80
+        environment:
+        - PMA_ARBITRARY=1
+        - UPLOAD_LIMIT=100M
+        depends_on:
+        - fivem-db

roles/deploy-docker/templates/gitea.yml

@@ -0,0 +1,62 @@
+version: "3.9"
+services:
+  db:
+    image: postgres
+    container_name: Gitea-DB
+    hostname: gitea-db
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: ["CMD", "pg_isready", "-q", "-d", "gitea", "-U", "osmf15Ox8vsF9jqW"]
+      timeout: 45s
+      interval: 10s
+      retries: 10
+    user: 0:0
+    volumes:
+      - ./db:/var/lib/postgresql/data:rw
+    environment:
+      - POSTGRES_DB=gitea
+      - POSTGRES_USER=osmf15Ox8vsF9jqW
+      - POSTGRES_PASSWORD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq
+    restart: on-failure:5
+
+  web:
+    image: gitea/gitea:latest
+    container_name: Gitea
+    hostname: gitea
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:3000/ || exit 1
+    ports:
+      - 3052:3000
+      - '2222:22'
+    volumes:
+      - ./data:/data
+      - /etc/TZ:/etc/TZ:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=gitea-db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=osmf15Ox8vsF9jqW
+      - GITEA__database__PASSWD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq
+      - ROOT_URL=https://git.{{domaine_ext}}
+    restart: on-failure:5
+    depends_on:
+    - db
+  runner:
+    image: gitea/act_runner:nightly
+    environment:
+      CONFIG_FILE: /config.yaml
+      GITEA_INSTANCE_URL: "https://git.{{domaine_ext}}"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "2D0IxOHijNQVrMhKav8nGNpyJlF8qia51fy1Lwch"
+      GITEA_RUNNER_NAME: "runner_prod"
+      GITEA_RUNNER_LABELS: "runner_prod"
+    volumes:
+      - ./runner/config.yaml:/config.yaml
+      #- /home/ubuntu/redm/txData/RexshackRedMBuild_000214.base:/data/redm
+      - ./runner/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock

roles/deploy-docker/templates/heimdall.yml

@@ -0,0 +1,16 @@
+version: "3"
+services:
+  heimdall:
+    image: linuxserver/heimdall:latest
+    container_name: heimdall
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Paris
+      - APP_URL=https://panel.{{ domaine_ext }}
+    volumes:
+      - ./data:/config
+    ports:
+      - 9705:80
+      - 9706:443
+    restart: always

roles/deploy-docker/templates/nginx.yml

@@ -0,0 +1,36 @@
+version: '3'
+services:
+  nginx:
+    image: 'jc21/nginx-proxy-manager:latest'
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    restart: always
+    ports:
+      - '80:80'
+      - '81:81'
+      - '443:443'
+    environment:
+      DB_MYSQL_HOST: "nginx-db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "bxlife"
+      DB_MYSQL_PASSWORD: "dKGLhPrlaYOWAOZ0"
+      DB_MYSQL_NAME: "nginx"
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    depends_on:
+      - nginx-db
+  nginx-db:
+        image: mariadb:latest
+        container_name: nginx-db
+        environment:
+        - PUID=1000
+        - PGID=1000
+        - MYSQL_ROOT_PASSWORD=xv4gv5k8qGXlrUUl
+        - TZ={{s_tz}}
+        - MYSQL_DATABASE=nginx
+        - MYSQL_USER=bxlife
+        - MYSQL_PASSWORD=dKGLhPrlaYOWAOZ0
+        volumes:
+        - ./config/mysql:/var/lib/mysql
+        restart: unless-stopped

roles/deploy-docker/templates/planka.yml

@@ -0,0 +1,94 @@
+version: '3'
+
+services:
+  planka:
+    image: ghcr.io/plankanban/planka:latest
+    restart: on-failure
+    volumes:
+      - ./user-avatars:/app/public/user-avatars
+      - ./project-background-images:/app/public/project-background-images
+      - ./attachments:/app/private/attachments
+    ports:
+      - 20145:1337
+    environment:
+      - BASE_URL=https://planka.{{ domaine_ext }}
+      - DATABASE_URL=postgresql://postgres@postgres/planka
+      - SECRET_KEY=2ZNQf7B0072PS4
+
+      # - TRUST_PROXY=1
+      # - TOKEN_EXPIRES_IN=365 # In days
+
+      # related: https://github.com/knex/knex/issues/2354
+      # As knex does not pass query parameters from the connection string we
+      # have to use environment variables in order to pass the desired values, e.g.
+      # - PGSSLMODE=<value>
+
+      # Configure knex to accept SSL certificates
+      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
+
+      - DEFAULT_ADMIN_EMAIL=info@bruxelleslife.com # Do not remove if you want to prevent this user from being edited/deleted
+      - DEFAULT_ADMIN_PASSWORD=FHOHozginO95jx
+      - DEFAULT_ADMIN_NAME=bxlife
+      - DEFAULT_ADMIN_USERNAME=bxlife
+
+      # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
+
+      # - ALLOW_ALL_TO_CREATE_PROJECTS=true
+
+      # - OIDC_ISSUER=
+      # - OIDC_CLIENT_ID=
+      # - OIDC_CLIENT_SECRET=
+      # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
+      # - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
+      # - OIDC_SCOPES=openid email profile
+      # - OIDC_RESPONSE_MODE=fragment
+      # - OIDC_USE_DEFAULT_RESPONSE_MODE=true
+      # - OIDC_ADMIN_ROLES=admin
+      # - OIDC_CLAIMS_SOURCE=userinfo
+      # - OIDC_EMAIL_ATTRIBUTE=email
+      # - OIDC_NAME_ATTRIBUTE=name
+      # - OIDC_USERNAME_ATTRIBUTE=preferred_username
+      # - OIDC_ROLES_ATTRIBUTE=groups
+      # - OIDC_IGNORE_USERNAME=true
+      # - OIDC_IGNORE_ROLES=true
+      # - OIDC_ENFORCED=true
+
+      # Email Notifications (https://nodemailer.com/smtp/)
+      - SMTP_HOST=mail.bruxelleslife.com
+      - SMTP_PORT=465
+      - SMTP_NAME=Bruxelles Life Mail
+      - SMTP_SECURE=true
+      - SMTP_USER=info@bruxelleslife.com
+      - SMTP_PASSWORD=vX6@kTScdN94MTJ
+      - SMTP_FROM="Bruxelles Life" <info@bruxelleslife.com>
+      - SMTP_TLS_REJECT_UNAUTHORIZED=false
+
+      # Optional fields: accessToken, events, excludedEvents
+      # - |
+      #   WEBHOOKS=[{
+      #     "url": "http://localhost:3001",
+      #     "accessToken": "notaccesstoken",
+      #     "events": ["cardCreate", "cardUpdate", "cardDelete"],
+      #     "excludedEvents": ["notificationCreate", "notificationUpdate"]
+      #   }]
+
+      # - SLACK_BOT_TOKEN=
+      # - SLACK_CHANNEL_ID=
+      # - GOOGLE_CHAT_WEBHOOK_URL=
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  postgres:
+    image: postgres:14-alpine
+    restart: on-failure
+    volumes:
+      - ./db-data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=planka
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
+      interval: 10s
+      timeout: 5s
+      retries: 5

roles/deploy-docker/templates/portainer.yml

@@ -0,0 +1,14 @@
+version: '3'
+services:
+  portainer:
+    image: 'portainer/portainer-ce:latest'
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    restart: always
+    network_mode: bridge
+    ports:
+      - '8000:8000'
+      - '9000:9000'
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./:/data

roles/deploy-docker/templates/postgressemaphore.yml

@@ -0,0 +1,16 @@
+version: "3.9"
+name: postgressemaphore
+services:
+  db:
+    image: postgres
+    container_name: postgressemaphore_db
+    hostname: postgressemaphore_db
+    restart: always
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: semaphore
+      POSTGRES_USER: semaphore
+      POSTGRES_PASSWORD: TANee5sqeFsgSQf7
+    ports:
+      - '5433:5432'

roles/deploy-docker/templates/rainloop.yml

@@ -0,0 +1,10 @@
+version: '3'
+services:
+  rainloop:
+    image: wernerfred/docker-rainloop:latest
+    container_name: rainloop
+    restart: always
+    ports:
+      - 8088:80
+    volumes:
+      - ./:/rainloop/data

roles/deploy-docker/templates/uptimekuma.yml

@@ -0,0 +1,12 @@
+version: '3.3'
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:latest
+    container_name: {{ name_docker }}
+    hostname: {{ name_docker }}
+    volumes:
+      - ./uptimekuma:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 10028:3001
+    restart: always

roles/deploy-homepage-config/defaults/main.yml

@@ -0,0 +1,3 @@
+domaine_ext: belgiumrp.net
+nginx_user: brp-01@outlook.com
+nginx_pass: Q^mbDpZD2h9GKf

roles/deploy-homepage-config/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+     - name: Copie du template "Settings"
+       template:
+         src: "settings.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/settings.yaml"
+       become: yes
+
+     - name: Copie du template "Bookmarks"
+       template:
+         src: "bookmarks.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/bookmarks.yaml"
+       become: yes
+
+     - name: Copie du template "Services"
+       template:
+         src: "services.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/services.yaml"
+       become: yes
+
+     - name: Copie du template "Widgets"
+       template:
+         src: "widgets.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/widgets.yaml"
+       become: yes
+
+     - name: Copie du template "Custom.css"
+       template:
+         src: "custom.css"
+         dest: "/home/ubuntu/{{ name_docker }}/custom.css"
+       become: yes
+
+     - name: Copie du template "Custom.js"
+       template:
+         src: "custom.js"
+         dest: "/home/ubuntu/{{ name_docker }}/custom.js"
+       become: yes
+
+     - name: Copie du template "Docker"
+       template:
+         src: "docker.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/docker.yaml"
+       become: yes
+
+     - name: Copie du template "Kubernetes"
+       template:
+         src: "kubernetes.yaml"
+         dest: "/home/ubuntu/{{ name_docker }}/kubernetes.yaml"
+       become: yes
+
+     - name: "Copie des backgrounds"
+       copy:
+         src: "{{ item }}"
+         dest: "/home/ubuntu/{{ name_docker }}/images/"
+       with_fileglob:
+         - "/etc/ansible/roles/homepage-config/files/backgrounds/*"
+       become: yes
+
+     - name: "Copie des icons"
+       copy:
+         src: "{{ item }}"
+         dest: "/home/ubuntu/{{ name_docker }}/icons/"
+       with_fileglob:
+         - "/etc/ansible/roles/homepage-config/files/icons/*"
+       become: yes

roles/deploy-homepage-config/templates/bookmarks.yaml

@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/bookmarks
+
+- Bookmarks:
+
+    - Simple Icon:
+        - abbr: SI
+          icon: si-simpleicons
+          href: https://simpleicons.org/

roles/deploy-homepage-config/templates/docker.yaml

@@ -0,0 +1,10 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/docker/
+
+# my-docker:
+#   host: 127.0.0.1
+#   port: 2375
+
+# my-docker:
+#   socket: /var/run/docker.sock

roles/deploy-homepage-config/templates/kubernetes.yaml

@@ -0,0 +1,2 @@
+---
+# sample kubernetes config

roles/deploy-homepage-config/templates/services.yaml

@@ -0,0 +1,57 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/services
+
+- Reseau:
+    - Nginx Proxy Manager:
+        href: https://nginx.{{ domaine_ext }}
+        icon: si-nginxproxymanager-#F15833
+        description: Reverse Proxy
+        widget:
+          type: npm
+          url: https://nginx.{{ domaine_ext }}
+          username: {{ nginx_user }}
+          password: "{{ nginx_pass }}"
+
+
+    - Uptime Kuma:
+        href: https://monitoring.{{ domaine_ext }}
+        icon: si-uptimekuma-#5CDD8B
+        description: Monitoring Network
+        widget:
+          type: uptimekuma
+          url: https://monitoring.{{ domaine_ext }}
+          slug: belgiumrp
+
+- Home Lab:
+    - Portainer:
+        href: https://portainer.{{ domaine_ext }}
+        icon: si-portainer-#13BEF9
+        description: Gestionnaire de container
+        widget:
+          type: portainer
+          url: https://portainer.{{ domaine_ext }}
+          env: 1
+          key: ptr_yiqjc2hL2H2G7gXU5WxQbAHvCo4UkqVJsOyfutvQXS4=
+
+
+- Infra:
+    - Ansible Code Server:
+        href: https://ansible.{{ domaine_ext }}
+        icon: si-visualstudiocode-#007ACC
+        description: Visual Studio Code (WEB) - Ansible
+
+    - Bitwarden:
+        href: https://bitwarden.{{ domaine_ext }}
+        icon: si-bitwarden-#175DDC
+        description: Password Manager
+
+    - Bookstack:
+        href: https://wiki.{{ domaine_ext }}
+        icon: si-bookstack-#0288D1
+        description: Wiki Belgium RP
+
+    # - Grafana:
+    #     href: https://grafana.{{ domaine_ext }}
+    #     icon: si-grafana-#F46800
+    #     description: Monitoring

roles/deploy-homepage-config/templates/settings.yaml

@@ -0,0 +1,58 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/settings
+
+title: "Belgium RP Staff Dashboard"
+headerStyle: boxed
+language: fr
+startUrl: https://dashboard.belgiumrp.net
+hideErrors: true
+target: _self # Possible options include _blank, _self, and _top
+statusStyle: 'dot'
+hideVersion: true
+
+providers:
+  openweathermap: openweathermapapikey
+  weatherapi: weatherapiapikey
+
+background:
+  image: /images/background-datacenter.jpg
+  blur: md # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
+  saturate: 50 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
+  brightness: 50 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
+  opacity: 50 # 0-100
+
+quicklaunch:
+  searchDescriptions: true
+  hideInternetSearch: false
+  showSearchSuggestions: true
+  hideVisitURL: false
+
+layout:
+  Reseau:
+    useEqualHeights: true
+    disableCollapse: true
+    style: row
+    columns: 4
+
+  Home Lab:
+    useEqualHeights: true
+    disableCollapse: true
+    style: row
+    columns: 4
+
+  Infra:
+    useEqualHeights: true
+    disableCollapse: true
+    style: row
+    columns: 6
+  
+  Bookmarks:
+    useEqualHeights: true
+    disableCollapse: true
+    style: row
+    columns: 5
+
+
+theme: dark # or light
+color: slate # Supported colors: slate, gray, zinc, neutral, stone, amber, yellow, lime, green, emerald, teal, cyan, sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white

roles/deploy-homepage-config/templates/widgets.yaml

@@ -0,0 +1,23 @@
+---
+# For configuration options and examples, please see:
+# https://gethomepage.dev/latest/configs/service-widgets
+
+- logo:
+    icon: si-awselasticloadbalancing
+
+- resources:
+    cpu: true
+    memory: true
+
+- search:
+    provider: google # google, duckduckgo, bing, baidu, brave or custom
+    focus: true # Optional, will set focus to the search bar on page load
+    showSearchSuggestions: true # Optional, will show search suggestions. Defaults to false
+    target: _blank # One of _self, _blank, _parent or _top
+
+- datetime:
+    locale: fr
+    text_size: xl
+    format:
+      timeStyle: short
+      dateStyle: short

roles/pallxk.code_server/.gitignore

@@ -0,0 +1,7 @@
+# Created by https://www.gitignore.io/api/ansible
+# Edit at https://www.gitignore.io/?templates=ansible
+
+### Ansible ###
+*.retry
+
+# End of https://www.gitignore.io/api/ansible

roles/pallxk.code_server/.travis.yml

@@ -0,0 +1,12 @@
+dist: bionic
+
+addons:
+  apt:
+    packages:
+    - ansible-lint
+
+script:
+- ansible-lint **/*.yml
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/pallxk.code_server/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 test.cab <git@test.cab>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

roles/pallxk.code_server/defaults/main.yml

@@ -0,0 +1,15 @@
+---
+#code_server_ver: ""
+code_server_install_prefix: /usr/local
+code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server"
+#code_server_work_dir: "{{ ansible_user_dir }}"
+code_server_auth: password
+#code_server_password: ""
+code_server_user: "{{ ansible_user_id }}"
+code_server_host: 0.0.0.0
+code_server_port: 8080
+code_server_env: {}
+#code_server_tls_cert: ""
+code_server_tls_cert_remote: no
+#code_server_tls_key: ""
+code_server_tls_key_remote: no

roles/pallxk.code_server/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart code-server
+  become: yes
+  systemd:
+    daemon-reload: yes
+    name: code-server
+    state: restarted
+    # We mark the service as Type=notify to auto restart it routinely,
+    # but it's actually Type=simple, so "no_block: yes" here to avoid stuck.
+    no_block: yes
+  when: code_server_configure_service

roles/pallxk.code_server/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: Thu Mar 16 20:50:57 2023
+version: v4.0.0

roles/pallxk.code_server/meta/main.yml

@@ -0,0 +1,59 @@
+galaxy_info:
+  role_name: code_server
+  author: pallxk
+  description: Install and configure the latest or specified version of code-server (v4, v3, v2 & v1).
+  company: test.cab
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: MIT
+
+  min_ansible_version: 2.8
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+  - name: ArchLinux
+    versions:
+    - all
+  - name: Debian
+    versions:
+    - buster
+  - name: EL
+    versions:
+    - 7
+  - name: Fedora
+    versions:
+    - 31
+  - name: SLES
+    versions:
+    - 15
+  - name: Ubuntu
+    versions:
+    - bionic
+
+  galaxy_tags:
+  - development
+  - code
+  - codeserver
+  - vscode
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/pallxk.code_server/tasks/check-code-server.yml

@@ -0,0 +1,50 @@
+- name: Check code-server binary exists
+  stat:
+    path: "{{ code_server_bin_dir }}/code-server"
+    follow: yes
+  register: code_server_exists
+
+# This check is compatible with code-server v1, v2 and v3
+#
+# v3.6.0:
+# 3.6.0 a4a03c14922ccaec2a9ff8d1b7b2af8522a4214d
+#
+# v3.5.0:
+# [2020-09-01T06:20:36.864Z] info  Using config file ~/.config/code-server/config.yaml
+# 3.5.0 de41646fc402b968ca6d555fdf2da7de9554d28a
+#
+# v3.4.1:
+# info  Using config file ~/.config/code-server/config.yaml
+# 3.4.1 48f7c2724827e526eeaa6c2c151c520f48a61259
+#
+# v3.0.2:
+# 3.0.2 e480f6527e11344a7c69b7cd024bce9379cea7f0
+#
+# v3:
+# 3.0.0
+#
+# v2:
+# info  2.1698-vsc1.41.1
+# info  f51e045cd5483561afc07694f39307fb673b6d1d
+# info  x64
+#
+# v1:
+# 1.1156-vsc1.33.1
+- name: Check installed code-server version
+  shell: 'set -o pipefail; code-server --version | grep -P -o "(?<=^|info  )\d+(\.\d+)+(-[^ ]+)?"'
+  args:
+    executable: /bin/bash
+  register: code_server_version
+  when: code_server_exists.stat.exists
+  changed_when: no
+
+- name: Check latest code-server version
+  uri:
+    url: https://api.github.com/repos/cdr/code-server/releases
+  register: code_server_releases
+  when: code_server_ver is undefined
+
+- name: Set code-server latest version
+  set_fact:
+    code_server_ver: "{{ code_server_releases.json[0].tag_name }}"
+  when: code_server_ver is undefined

roles/pallxk.code_server/tasks/configure-code-server.yml

@@ -0,0 +1,19 @@
+- name: Create code-server data dir
+  file:
+    path: "{{ code_server_data_dir }}"
+    state: directory
+
+- name: Copy code-server env file
+  template:
+    src: env
+    dest: "{{ code_server_data_dir }}"
+    mode: 0600
+  notify: Restart code-server
+  when: code_server_password is defined or
+        code_server_env|length > 0
+
+- block:
+  - import_tasks: copy-certs.yml
+  rescue:
+  - import_tasks: copy-certs.yml
+    become: yes

roles/pallxk.code_server/tasks/copy-certs.yml

@@ -0,0 +1,21 @@
+- name: Copy TLS certificate
+  copy:
+    remote_src: "{{ code_server_tls_cert_remote }}"
+    src: "{{ code_server_tls_cert }}"
+    dest: "{{ code_server_data_dir }}/tls.cert"
+    owner: "{{ code_server_user }}"
+    group: "{{ ansible_user_gid|string }}"
+    mode: 0440
+  notify: Restart code-server
+  when: code_server_tls_cert is defined
+
+- name: Copy TLS key
+  copy:
+    remote_src: "{{ code_server_tls_key_remote }}"
+    src: "{{ code_server_tls_key }}"
+    dest: "{{ code_server_data_dir }}/tls.key"
+    owner: "{{ code_server_user }}"
+    group: "{{ ansible_user_gid|string }}"
+    mode: 0440
+  notify: Restart code-server
+  when: code_server_tls_key is defined

roles/pallxk.code_server/tasks/deprecate.yml

@@ -0,0 +1,18 @@
+- name: Check usage of deprecated variables
+  debug:
+    msg: "'{{ item }}' is deprecated, please use 'code_server_{{ item }}'"
+  when: "{{ item }} is defined"
+  with_items:
+  - tls_cert
+  - tls_key
+  - tls_cert_remote
+  - tls_key_remote
+
+- name: Set corresponding code_server_ variables
+  set_fact: code_server_{{ item }}={{ lookup('vars', item) }}
+  when: "{{ item }} is defined"
+  with_items:
+  - tls_cert
+  - tls_key
+  - tls_cert_remote
+  - tls_key_remote

roles/pallxk.code_server/tasks/install-code-server-legacy.yml

@@ -0,0 +1,12 @@
+- name: Download code-server legacy
+  become: yes
+  unarchive:
+    remote_src: yes
+    src: "{{ code_server_tar_url }}"
+    dest: "{{ code_server_bin_dir }}"
+    extra_opts:
+      - --strip-components=1
+      - --wildcards
+      - "*/code-server"
+  notify: Restart code-server
+  when: code_server_download_needed

roles/pallxk.code_server/tasks/install-code-server-service.yml

@@ -0,0 +1,13 @@
+- name: Copy code-server systemd unit file
+  become: yes
+  template:
+    src: code-server.service
+    dest: "{{ code_server_service_dir }}"
+  notify: Restart code-server
+
+- name: Copy code-server systemd override file
+  become: yes
+  template:
+    src: code-server.service.d/restart.conf
+    dest: "{{ code_server_service_dir }}/code-server.service.d/"
+  notify: Restart code-server

roles/pallxk.code_server/tasks/install-code-server.yml

@@ -0,0 +1,34 @@
+- name: Clean up {{ code_server_dir }}
+  become: yes
+  file:
+    state: absent
+    path: "{{ code_server_dir }}"
+  when: code_server_download_needed
+
+- name: Create {{ code_server_dir }}
+  become: yes
+  file:
+    state: directory
+    path: "{{ code_server_dir }}"
+
+- name: Download code-server
+  become: yes
+  unarchive:
+    remote_src: yes
+    src: "{{ code_server_tar_url }}"
+    dest: "{{ code_server_dir }}"
+    extra_opts:
+      - --strip-components=1
+  notify: Restart code-server
+  when: code_server_download_needed
+
+- name: Add {{ code_server_bin_dir }}/code-server
+  become: yes
+  file:
+    state: link
+    src: "{{ code_server_dir }}{{ '/bin' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}/code-server"
+    dest: "{{ code_server_bin_dir }}/code-server"
+    # force is required if upgrade from v1 or v2,
+    # in which case dest exists and is a file.
+    force: yes
+  notify: Restart code-server

roles/pallxk.code_server/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Check usage of deprecated role variables
+  include_tasks: deprecate.yml
+  when: >
+    tls_cert is defined
+    or tls_key is defined
+    or tls_cert_remote is defined
+    or tls_key_remote is defined
+
+# Always gather facts as we use ansible_user_id and ansible_user_dir
+- name: Gather Facts
+  setup:
+    gather_subset: '!all'
+
+- name: Check systemd version
+  shell: "set -o pipefail; systemctl --version | head -1 | cut -d' ' -f2"
+  args:
+    executable: /bin/bash
+  register: systemctl_version
+  changed_when: no
+
+- name: Create {{ code_server_service_dir }}
+  become: yes
+  file:
+    state: directory
+    path: "{{ code_server_service_dir }}"
+
+- name: Check code-server
+  include_tasks: check-code-server.yml
+
+- import_tasks: install-code-server-legacy.yml
+  when: code_server_major|int < 3
+
+- import_tasks: install-code-server.yml
+  when: code_server_major|int >= 3
+
+- import_tasks: install-code-server-service.yml
+
+- name: Configure code-server
+  include_tasks: configure-code-server.yml
+
+- name: Configure service
+  set_fact:
+    code_server_configure_service: yes
+  tags:
+    - service
+
+- meta: flush_handlers
+
+- name: Enable code-server service
+  become: yes
+  systemd:
+    name: code-server
+    enabled: yes
+  tags:
+    - service
+
+- name: Report
+  include_tasks: report.yml
+
+- name: Sanity Test
+  include_tasks: tests.yml
+  tags:
+    - tests

roles/pallxk.code_server/tasks/report.yml

@@ -0,0 +1,10 @@
+- name: List installed files
+  debug:
+    msg:
+    - "{{ code_server_dir }}"
+    - "{{ code_server_bin_dir }}/code-server"
+    - "{{ code_server_service_dir }}/code-server.service"
+    - "{{ code_server_service_dir }}/code-server.service.d/restart.conf"
+    - "{% if code_server_password is defined %}{{ code_server_data_dir }}/env{% endif %}"
+    - "{% if code_server_tls_cert is defined %}{{ code_server_data_dir }}/tls.cert{% endif %}"
+    - "{% if code_server_tls_key is defined %}{{ code_server_data_dir }}/tls.key{% endif %}"

roles/pallxk.code_server/tasks/tests.yml

@@ -0,0 +1,13 @@
+---
+- name: Test connectivity locally
+  wait_for:
+    port: "{{ code_server_port }}"
+    timeout: 15
+
+- name: Test connectivity remotely
+  wait_for:
+    host: "{{ inventory_hostname }}"
+    port: "{{ code_server_port }}"
+    timeout: 15
+  delegate_to: localhost
+  ignore_errors: yes

roles/pallxk.code_server/templates/code-server.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Run VS Code on a remote server.
+Documentation=https://github.com/cdr/code-server
+After=network.target network-online.target
+
+[Service]
+Type=simple
+User={{ code_server_user }}
+{% if code_server_password is defined %}
+EnvironmentFile={{ code_server_data_dir_abs }}/env
+{% endif %}
+ExecStart={{ code_server_bin_dir }}/code-server
+ {%- if code_server_major != '1' %} --auth {{ code_server_auth }}{% endif %}
+ {%- if code_server_tls_cert is defined %} --cert {{ code_server_data_dir_abs }}/tls.cert{% endif %}
+ {%- if code_server_tls_key is defined %} --cert-key {{ code_server_data_dir_abs }}/tls.key{% endif %}
+ {%- if code_server_work_dir is defined %} {{ code_server_work_dir }}{% endif %}
+ --host {{ code_server_host }} --port {{ code_server_port }}
+WorkingDirectory=~
+
+[Install]
+WantedBy=multi-user.target

roles/pallxk.code_server/templates/code-server.service.d/restart.conf

@@ -0,0 +1,11 @@
+# Restart every week to fix memory leak
+# https://stackoverflow.com/questions/31055194/how-can-i-configure-a-systemd-service-to-restart-periodically
+[Service]
+Restart=always
+{% if (systemctl_version.stdout|int) < 229 %}
+Type=notify
+# 1 week
+TimeoutStartSec=604800
+{% else %}
+RuntimeMaxSec=604800
+{% endif %}

roles/pallxk.code_server/templates/env

@@ -0,0 +1,6 @@
+{% if code_server_password is defined %}
+PASSWORD={{ code_server_password | quote }}
+{% endif %}
+{% for env in code_server_env %}
+{{ env }}={{ code_server_env[env] | quote }}
+{% endfor %}

roles/pallxk.code_server/tests/defaults-test.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: localhost
+  gather_facts: no
+  roles:
+    - name: ../..

roles/pallxk.code_server/tests/test.yml

@@ -0,0 +1,19 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: localhost
+  gather_facts: no
+  roles:
+    - name: ../..
+      #code_server_ver: ""
+      #code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server"
+      #code_server_work_dir: "{{ ansible_user_dir }}"
+      #code_server_auth: password # password or none
+      #code_server_password: "" # Leave empty to use auto-generated password
+      #code_server_user: "{{ ansible_user_id }}"
+      #code_server_host: 0.0.0.0
+      #code_server_port: 8080
+      #code_server_env: {}
+      #code_server_tls_cert: /etc/letsencrypt/live/example.com/fullchain.pem
+      #code_server_tls_cert_remote: no
+      #code_server_tls_key: /etc/letsencrypt/live/example.com/privkey.pem
+      #code_server_tls_key_remote: no

roles/pallxk.code_server/vars/main.yml

@@ -0,0 +1,47 @@
+---
+# The directory to install the executable for code-server
+code_server_bin_dir: "{{ code_server_install_prefix }}/bin"
+
+# code-server before v3 is a single file binary, code-server since v3 is a directory of files.
+# code_server_dir is only used for v3+
+code_server_dir: "{{ '/opt/code-server' if code_server_major|int >= 3 else '' }}"
+
+# The directory to install code-server systemd service file
+code_server_service_dir: "{{ code_server_install_prefix }}/lib/systemd/system"
+
+# URL prefix for downloading code-server
+code_server_url_prefix: https://github.com/cdr/code-server/releases/download
+
+# code_server_ver without v prefix
+code_server_cleaned_ver: "{{ code_server_ver | regex_replace('^v', '') }}"
+
+# code_server_short_ver removes vscode version
+# 2.1692-vsc1.39.2 -> 2.1692
+# 3.0.0 -> 3.0.0
+code_server_short_ver: "{{ code_server_cleaned_ver | regex_replace('-.+', '') }}"
+
+# Whether we need to download code-server for fresh install or upgrade.
+# Note that code-server release tag has a 'v' prefix since v3.3.0,
+# while `code-server --version` never outputs the 'v' prefix.
+code_server_download_needed: >-
+  {{ not code_server_exists.stat.exists
+  or code_server_version.stdout != code_server_cleaned_ver }}
+
+# The subdirectory under URL prefix containing code-server artifacts
+code_server_download_dir: "{{ 'v' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}{{ code_server_short_ver if code_server_short_ver is version('2.1698', '>=') else code_server_cleaned_ver }}"
+
+# The major version of code-server in string
+code_server_major: "{{ code_server_cleaned_ver.split('.')[0] }}"
+
+# The architecture of code-server as used in download URL
+code_server_arch: "{% if code_server_cleaned_ver is version('3.3.0', '>=') %}amd64{% elif code_server_major != '1' %}x86_64{% else %}x64{% endif %}"
+
+# The build-up final .tar.gz url for code-server
+code_server_tar_url: "{{ code_server_url_prefix }}/{{ code_server_download_dir }}/code-server{{ '-' if code_server_major|int >= 3 else '' }}{{ code_server_cleaned_ver }}-linux-{{ code_server_arch }}.tar.gz"
+
+# The data directory of code-server
+code_server_data_dir_abs: "{{ code_server_data_dir | expanduser }}"
+
+# Whether to configure service.
+# This will be set to yes in tasks unless `--skip-tags service` specified.
+code_server_configure_service: no