feat: add n8n, outline routes, remove syncthing, fix backup awscli

- Add n8n to tools server (n8n.csrx.ru) - Add cross-server Traefik routes: wiki.csrx.ru + n8n.csrx.ru → tools - Remove Syncthing (replaced by Outline wiki) - Fix awscli install: download static binary (apt/pip broken on Ubuntu 24.04) - Add n8n secrets to vault (encryption key + JWT secret) - Improve CI/CD workflow: syntax-check both playbooks, deploy both servers - Update site.yml: unified single-command deploy for all servers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 06:19:39 +07:00 · 2026-03-22 06:19:39 +07:00 · 92d2c845d8
commit 92d2c845d8
parent 05bcbab858
11 changed files with 234 additions and 159 deletions
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -7,6 +7,7 @@ on:
    branches: [master]
 jobs:
  # ── Syntax check (every PR + push) ─────────────────────────────────────────
  syntax-check:
    runs-on: ubuntu-latest
    steps:
@ -15,14 +16,23 @@ jobs:
      - name: Install ansible
        run: pip3 install ansible --quiet --break-system-packages
      - name: Install collections
        run: |
          ansible-galaxy collection install \
            community.general community.docker ansible.posix --force
      - name: Write vault password
        run: |
          echo "${{ secrets.VAULT_PASSWORD }}" > ~/.vault-password-file
          chmod 600 ~/.vault-password-file
-      - name: Syntax check
+      - name: Syntax check — main
-        run: ansible-playbook playbooks/deploy.yml --syntax-check -i inventory/
+        run: ansible-playbook playbooks/deploy.yml --syntax-check
      - name: Syntax check — tools
        run: ansible-playbook playbooks/tools.yml --syntax-check
  # ── Deploy (push to master only, after syntax-check passes) ────────────────
  deploy:
    needs: syntax-check
    if: github.ref == 'refs/heads/master' && github.event_name == 'push'
@ -33,14 +43,17 @@ jobs:
      - name: Install dependencies
        run: |
          pip3 install ansible --quiet --break-system-packages
-          ansible-galaxy collection install ansible.posix community.general community.docker
+          ansible-galaxy collection install \
            ansible.posix community.general community.docker --force
      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh
          printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
-          printf '%s' "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
+          # Scan host keys directly (no need for SSH_KNOWN_HOSTS secret)
          ssh-keyscan -p 22 87.249.49.32 >> ~/.ssh/known_hosts
          ssh-keyscan -p 22 85.193.83.9  >> ~/.ssh/known_hosts
          chmod 600 ~/.ssh/known_hosts
      - name: Write vault password
@ -48,5 +61,8 @@ jobs:
          echo "${{ secrets.VAULT_PASSWORD }}" > ~/.vault-password-file
          chmod 600 ~/.vault-password-file
-      - name: Deploy
+      - name: Deploy main server
-        run: ansible-playbook playbooks/deploy.yml -i inventory/
+        run: ansible-playbook playbooks/deploy.yml -l main
      - name: Deploy tools server
        run: ansible-playbook playbooks/tools.yml -l tools
--- a/inventory/group_vars/all/main.yml
+++ b/inventory/group_vars/all/main.yml
@ -12,6 +12,7 @@ domain_dashboard:  "dash.{{ domain_base }}"
 domain_auth:       "auth.{{ domain_base }}"
 domain_status:     "status.{{ domain_base }}"
 domain_wiki:       "wiki.{{ domain_base }}"
 domain_n8n:        "n8n.{{ domain_base }}"
 domain_mon:        "mon.{{ domain_base }}"
 # Service paths
@ -44,6 +45,8 @@ cloudflare_zone_id:               "0935215d596a24a10866a81409ed8332"
 outline_secret_key:               "{{ vault_outline_secret_key }}"
 outline_utils_secret:             "{{ vault_outline_utils_secret }}"
 outline_db_password:              "{{ vault_outline_db_password }}"
 n8n_encryption_key:               "{{ vault_n8n_encryption_key }}"
 n8n_jwt_secret:                   "{{ vault_n8n_jwt_secret }}"
 # Server IPs (used for cross-server Traefik routing)
 ip_main:  "87.249.49.32"
 ip_tools: "85.193.83.9"
--- a/inventory/group_vars/all/vault.yml
+++ b/inventory/group_vars/all/vault.yml
@ -1,97 +1,106 @@
 $ANSIBLE_VAULT;1.1;AES256
-63363435626336383432346332393565356632663561623435303461623337623538383765336663
+31636461643831333531333865363466633066313930383165643866653465326136373363643830
-6532306464653361333766353164343936323530366234380a373733323161353231656235353463
+3133373732303438613337353435333764643761356534300a376331636161373664393634376265
-61646565346263633836313962363933663862373435376364366265303736626339386233396537
+66373962303534383636663137306531346564303533613235613935613632373338343630306339
-3365323338333736330a636535356635333235393436666535633562313938353831666335366630
+6133633166396138360a356463323462643266336132303365313363343062346265343961363431
-30613031613237343565643637333664663536353762626666663862633032633938626632613039
+32373838326536396630643636356461663539313131376538656261376166363062343133666262
-61346133343665383762303365623731303363396533643434633539636532306130366435653834
+36386430353963323435343937613539326537333463326538613464356631616362396636366166
-31646363353833633261666138323836316335373538646161376363653764636335373765336432
+34373333363232326639303563343965373733646264383263666266393265313732303036613538
-31633438306266326638643534313665313830326334663431383461306161336165613133383832
+31356633376631303533613462643836323462333930306331666563326536303166336339356633
-33663463646131363938366132343535663732666461353631626161623562666530663536306662
+39393563346139666533376535633166643336646166663962623730346430663363653537623931
-37323063316133373732303435383563333736316661343266343231383731306666626335626438
+38663466616661393532326136636230633363363164626239616438353737353830653730613936
-64363133666230653136363237376631653038623836366238346461383761356232376433386165
+31373037656331356563333031393861633435333364653165633237323532353962383066636462
-37323733663036326534386137343766353464343938393737346534333764333539636139653639
+64646666323235323432336135333466613265363738643630346539636465383833366139303634
-62353539326463303366396231656135643634393730633863343133363162616665366630316663
+66373961663139396464393764353130666331623836386338343862323732346432643030626238
-64353239326138323661343939633938633030366364393431366230626463656464653633633464
+34336563356266333434353035363034363532656532303730363432633435383034393666393439
-35346439343031373832333262373830376237306661623636633439353537333833623638396330
+38626235646365366536303231633635353937666535666630323938303039323666653730383731
-36633437333562323330386230616136336466396239663430643738623637656236316638313062
+36313434616466353538626236333965323861376665383836343136376365303730336130313134
-35666166373965616661386339323865326664623836383138353664666538643433346565623138
+63613335633837313130626339626136646334333931666364376535356163363864656265336433
-33613233393833623832343763623634343332353261353865356530366362333962623538393838
+39333934333637323534343236366432333337373135333762333036343365383438326636613033
-32663934653565393961303566313536643661313862326632633830363235393064363037333162
+33373562373661616237323636343064623831363637313338343631343739363230623164656466
-38323237633066343536653161343761373763383861616531373935326335306130386637313664
+64323761383533643136393539613331353261396663316236613336663738636463633132653534
-66393062623433333364373863393665393838633863656430643833316331623363653539663839
+38653634393965383765656431343830386163333433323961353764316565326638303434656161
-32356564616665363961396132623033303337363035323838343133633861396334313564346564
+31383735356238643761323733353138313934386137633530636430643934363136373666653862
-37353231656464306233393935396562366261336161356263323463346634366438366235356466
+32383634396263326563656364313461636530366336336264326538643830396262326364633437
-36333464336666383739663765636130663332383635346361386435616561356235313061343133
+32656566363763396532316334333331353334316662636330396134613363663034303162323133
-33623335656566613466303832623963613861656361316235353562653365626666366230393639
+62363235303532663536383236326263646366333732333638363631326131306233623035306663
-64356265656432363635666238363235303965663266633833613063623832356262623638653265
+62333035623566636235663963316430303932313166313439396135373033653364376263633937
-64303530636662626137356130643033666362663663323165363632353031373866393233373365
+33616233663333316438333834313831383232666531636336666634316361386538323364366532
-32363432613035643266323631326535366232356132303664633739373536356338353032633564
+62343335333836646231386164333533366638626437333531303263656262356566363462363561
-39656131663532393165303536613134333261333931643738336133323866383830633430376665
+39326430366363623139393461366265613833393638626337636632376364326461313934653939
-31383266343838643332373664383835323264623034636434336263383964646334613633353437
+37336136633161393439383238666537643530616535333861323635386433356463646266326666
-30393962633232333133653234656163326633643634353937653431623737363161643732613130
+36343735316464306238376439663035356331366433326134633631386531313638663265363532
-61376665373466663434616166303866366565366166323436353564326363373665316331303432
+63336366646533333662323739316561393537383033346538363763303333643538363264656230
-32633038386665623465393633373735333864646439613139626630383637363763383364383831
+32653335643039613166386463326662393336363532313064633862313761623265333665356132
-61636231383434373330383530613138663832316437373731313065333136666264386532373639
+33646131336561393333363562653566663062353064383834663430613365323234306336343636
-33366162656634643637343637336233646638373834376564653664633536353963323238646264
+64383661323761326534326564313465323333623631643962313163316533343361323836346461
-61353065663161323937383238616661656239363963333166323032323732326336343437313564
+62623839343530366236323338626134613761396638303230336134303537306338623364376234
-32633639616236356633393237363165333965373266343736633437363534306239313430353236
+35653162376533623636616538336337646330373765366133326134653334313032343733336436
-34363166383866336262623661386132333031366435646230393465363931623039363736633533
+37636462333239326632643830643463623534306337333531646462376434343163353030643430
-39333235666531333936636163393863333862623437333362363935633937383164633463616163
+61343933373339376639316330363139653234636635303739633239613566613634666339643832
-61393930306139633434633330623334393633363736666664303433666536316632323564383438
+62616266346232353737376139626233363335363432323338353935343737663938656630653238
-66316338663866303061323236363061636339623130363639326266356531353366626336303164
+66313231353438346431333533366664313661663330623466316663366337373531636663643632
-39633861653262313165306562653939353637323133663566663164303638663033656636396636
+30353863383635353764633436613964646631373730313232346664343463653163323030643266
-66323232313839376136656632306335313231376466373238346131383062643337376238336232
+66646634373862633361656464646539313433613363313861376462653731383663386662643062
-66333764646162383466613935303434626435316131383130323431653961326634366437313030
+64333164623130666233366536363761343138633935363164653066373837666339323165333362
-31316238346566663037616263333834336335616537373935336165323564386166653232373534
+34616239373062623332383562653961343963386431643665306230656664613766333733353834
-64313634616332333231313962356236313236393336653334626630343263373863373266613864
+62396430616564303830326531643336363631363234626635636133313435626539646433613361
-35396662656563396633313563626661306262383461326435346536666661343562336334313535
+64653437363036363461626364393336323336323634393239626631353430646466343164623465
-36303433646466333132646535303933343237636131336665396661393039363861393236656133
+35623130346663376336336530366161623361663034373433313430636236616661316666346665
-62313539663663343263656564356438336431653565623766613033306664633638393739326461
+64303137323362313938363530316462363666396138663764306561393434636331653137343063
-32633636663764393662373836313738653632653730386133396162633138643663313565343533
+32306136313263373432336162363737306166663666646264666438363537346363613030653733
-34323066303663653732363333343532636434356430393532666134396263373638313533346161
+32653866306134623366616231393234653338653265636137343136356430633236623063306333
-31373935316662366565326139303766383161396638366436356537626336396466626339343536
+61373437393831323830393663663832653939616437373963383934336266373434323133336239
-37396562656339646365653336396636376163653536666463616365626136326530313634333031
+62626334323266343739643932663961616130386435636230613165366232343138346435353739
-35393237656664343133353134383762623330336266376461313731646436346530376133656532
+65393464326531323034333864646661346465633537373632613431663035643536623965336334
-61323931653136663265306531343930316561353034613264623166333664363136643132626163
+65363431343362613639353361313365643438376230353934646466643239316435396266326231
-66333663356562643132303034643735346166326335613637303735626162633261623734313531
+37633362326637323265343437356138633461303031323533613963396536323164666461353034
-38636531643637356635346435303763613034313065306466306261363939616136633562316231
+65373763626362313766623030316164303964633830613337613139613163396439373430633738
-62633239653931623562353936656361663934303464656665366333323062666264336436383834
+38663839646361663164343261656536356337613531393136636134383363333366633866623664
-37353537333364626336353733303766636463313536313331343639636366393966336361373039
+65373364363734666366393462323362326564333431393131303264646536663539363066373938
-62333431366536353236623161633833656664666334313833346433343565613336303538623366
+62643162346661643333313134623865666666643736313235346638353363346435656439353335
-37613930316135363331656635326330653239636336626334353337353665656331356364333734
+36326534656338383666316537303734343462303136653264393538303038373131616664363434
-37376534623739313838383664613639356535353731626164623465666330386136373262663664
+38376131333734303039396232343265303239333330623361666462363261366365626461613034
-39626362623936616563333234343062386466323738316236313630313566643739323131376339
+35616361373631366233623464666261626135353064323635363766356331303864396433323865
-38346365336264613032373966636561626238633735663266376665316161636166363366656563
+32366365623730353033373039626235306166323035393331363839356162323363326366613065
-61396662666463376434633733333265333534656466623932353836616561616536353334653236
+31303630363763663561326238663533633537376561303935363734306234343063393863353738
-35313465393438313835373563323538613961303231616435393131373737333738376637663763
+38346365373331383963643430633164313632323133323838643436646137313361653631376430
-31373230326265386636383065343536393363326539383437313264313463633462353964633764
+38323964383264653237343334386638366463393461653239303734656537616261383361376464
-30306436643039623230626237323535306538363831373063373861663139646661636132383263
+32666266363039316365303563346133356632653366303661626331313763306538386533336137
-63353834663530656564386435376237356332303438343332316434636339363037616264356464
+62373336366466306634323539623439336632333036313361346164316666396333623832393732
-66616630343734346533393563393337613537376636396632343930396130643937316139653034
+32393261393865353362383434326137633963613265343136663834666366633136646335653064
-38653463343065363231626365633330313463633535353431623938646534303161346238346536
+64306162656131636439316636353463383638323938306662336134323035656262386462616339
-30353032333834383735376163396537646132623635346138386132656561333437313161326336
+65373431616332613234353230653365313935646430363435616166323238643533313932356134
-36393564323430623030313736646131313864346566343937613561303964333161616566633764
+38376535373739616338303065623863303030613464633330316337313238623234643862356537
-66623333366634306563303566383930663965666133353865646438303961313635306535366635
+33313630663163626331623862373861613435393566633735636436643939323436616366353633
-31663339343564343266303961616439613039616263303931663234666537326638353038613331
+36623235386434613163303430366366633830376565383632613565393931326531323566353531
-36396633646137353132333362323634613062353237616666333835396330633863306233333565
+65653032383139666538373063383337306235393334383164626337623564663939653933363830
-38343634666536326361316531643231356539323834346139363139613561306330363438623561
+35663630636565636639653662633362643562356638643864383030316565636564306362336539
-39633432653930373731313739353637636537623536306135313733386639363566363463333132
+34376435353434393034613365613533346339353935353233663231623235623863623665616135
-31636261333435663966653066336362653232626635663663326434386437333732383530373132
+65313263643965343833373063616238313465373534613330613035346337343832386136343736
-62323063656131396534633335363537393431373935366233643932666331653662373762323966
+61333637393065653331353737663737376630383036646531353432653434363436323866663331
-34323131613861613936623230316162653434646565643432386161646231356432613837646634
+35656463663830343864643064313931633763373762613233663038653835643932616137646163
-66643561353034393435306239333032356535373238636534343666383432653866306566326661
+31356631346530653461343262303836306463393838666236613834623737666666643035653433
-37356432363561646564613362353537636132316363323735613332353334316330373732366230
+30366138663935613336303931396439343762663566366563303834306465323132363831306337
-38643339386164356666363565623333376136626533363630333562613331323937623939363238
+31363134383263663832383838356332326663663562646536313538653961623233636663336665
-34663030323665333034656332313663336336373937316564313966313034366163616337613133
+66373663356335333161336231313564633834353137643763616261333564656561346130623339
-39323338626137373930626436383433366233393136653862636539306333356538303235346633
+31366435303636646362653034633634636433353032353338373166316336653132373934313630
-32656134333333623766323232616633616636306138653666663661333561303966343764623139
+62656362303631636435303139383766383931626133336565633262323361326337666362353538
-66333164616536326461396632353665633731393263313037386464623430386130353039353264
+66343532353532313964343330323666633231313765336535376431653836343866633334336437
-31343333613530343634363132346332646331653635333665323033396437656536646431663862
+62343538623663373039343134326235613130313534613537386466353130653764653435663666
-37376363653165346433633038396132656339373438646536326534663434366361326637663466
+34363532613635316538363964643435653062643736396362626534363064386536653963383633
-34666565623730323334346330396166626462386637613538303065333036623366333036633739
+32326335613336363332313036353338303738363865346362316339356166333131626339303663
-37383066306462303334333063653161386330373661626162373836353834653966613938666237
+39613531653763613638343839313162636239383030643134373035616361313936386333656633
-61353565363533376666316234333933383437393730633235306362373133323532653337626534
+36646238316566386238333033636439373633393034663466653635616237616566383466613465
-30363434333463616637386131663962396130353133353266326332343631356337626635353532
+39383461663131633461313261613339613633303935636639303337313965306637306538643036
-66393031363238333735633563343231366562653162346637303833386138313037643862663362
+33643665616135643234393739333532356462303263363065613461623631643030666331316562
-37346636663033663361
+36313739356339623465353564363537666335313132663464346665383936346362643565326237
 66336239343735336433636466313163353332333061646638616534656131313437383561653561
 31613861386363326136303833343966313862353234373762356630623335613866666534376533
 63303034333630623164373064383730356136373961646465663766303031303932343664396163
 32646335303562313565386434353036646463343336646665333334336339303465613530373234
 31663461643664313136396633613532363766363635363132323432643161373130333635646335
 33376438323132656335633862653630356534396339303739303538383837343031386232346137
 63366530313661313731326664363936373163383066656635616137653132613134636635346531
 36353130333461323230626239636234326236643366383265626535356130363538653735626337
 30386633373366383339346431656239383136313838363032333663366238623835
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@ -1,10 +1,17 @@
 ---
-# Master playbook — for reference only.
+# ── Master playbook: deploys all servers ────────────────────────────────────
 # Do NOT run this directly: bootstrap.yml requires `-u root`,
 # deploy.yml runs as the deploy user. Run them separately:
 #
-#   ansible-playbook playbooks/bootstrap.yml -u root   # first time only
+# FIRST TIME (new servers, run as root):
-#   ansible-playbook playbooks/deploy.yml              # all subsequent runs
+#   ansible-playbook playbooks/bootstrap.yml -u root
 #
-# - import_playbook: bootstrap.yml
+# ALL SUBSEQUENT DEPLOYS (idempotent, run as deploy user):
-# - import_playbook: deploy.yml
+#   ansible-playbook playbooks/site.yml
 #
 # Per-server:
 #   ansible-playbook playbooks/deploy.yml   # main server only
 #   ansible-playbook playbooks/tools.yml    # tools server only (Outline + n8n)
 #
 # Secrets required in ~/.vault-password-file (see CLAUDE.md)
 - import_playbook: deploy.yml
 - import_playbook: tools.yml
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@ -1,8 +1,20 @@
 ---
- name: Install awscli for S3 uploads
+- name: Install awscli (download static binary — works on Ubuntu 24.04)
-  ansible.builtin.apt:
+  ansible.builtin.shell: |
-    name: awscli
+    set -e
-    state: present
+    ARCH=$(uname -m)
    if [ "$ARCH" = "x86_64" ]; then
      URL="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
    else
      URL="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"
    fi
    cd /tmp
    curl -fsSL "$URL" -o awscliv2.zip
    unzip -q -o awscliv2.zip
    ./aws/install --update -i /usr/local/aws-cli -b /usr/local/bin
    rm -rf awscliv2.zip aws/
  args:
    creates: /usr/local/bin/aws
 - name: Create backup directory
  ansible.builtin.file:
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@ -38,8 +38,6 @@ volumes:
  plane_redis_data:
  plane_minio_data:
  plane_media:
  syncthing_config:
  syncthing_data:
  act_runner_data:
  prometheus_data:
  grafana_data:
@ -380,32 +378,6 @@ services:
      timeout: 20s
      retries: 3
  # ── Syncthing ──────────────────────────────────────────────────────────────
  # Порты 22000 и 21027 нужны для синхронизации между устройствами (не только UI).
  # backend — internal: true, но Syncthing на published ports выходит наружу через host.
  syncthing:
    image: {{ syncthing_image }}
    container_name: syncthing
    restart: unless-stopped
    networks:
      - backend
    ports:
      - "22000:22000/tcp"
      - "22000:22000/udp"
      - "21027:21027/udp"
    volumes:
      - syncthing_config:/var/syncthing/config
      - syncthing_data:/var/syncthing/data
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:8384/rest/noauth/health"]
      interval: 30s
      timeout: 5s
      retries: 3
  # ── Forgejo Actions Runner ─────────────────────────────────────────────────
  # backend — для связи с Forgejo по внутренней сети (http://forgejo:3000)
  # runner-jobs — сеть с интернет-доступом для job-контейнеров
--- a/roles/services/templates/traefik/dynamic/routes.yml.j2
+++ b/roles/services/templates/traefik/dynamic/routes.yml.j2
@ -73,14 +73,6 @@ http:
      middlewares: [rate-limit-default]
      priority: 10
    syncthing:
      rule: "Host(`{{ domain_sync }}`)"
      entrypoints: [websecure]
      tls:
        certresolver: letsencrypt
      service: syncthing
      middlewares: [authelia@docker, rate-limit-strict]
    grafana:
      rule: "Host(`{{ domain_dashboard }}`)"
      entrypoints: [websecure]
@ -105,6 +97,23 @@ http:
      service: uptime-kuma
      middlewares: [rate-limit-default]
    # ── Cross-server: tools ({{ ip_tools }}) ─────────────────────────────────
    wiki:
      rule: "Host(`{{ domain_wiki }}`)"
      entrypoints: [websecure]
      tls:
        certresolver: letsencrypt
      service: wiki
      middlewares: [rate-limit-default]
    n8n:
      rule: "Host(`{{ domain_n8n }}`)"
      entrypoints: [websecure]
      tls:
        certresolver: letsencrypt
      service: n8n
      middlewares: [rate-limit-strict]
  services:
    vaultwarden:
      loadBalancer:
@ -136,11 +145,6 @@ http:
        servers:
          - url: "http://plane-space:3000"
    syncthing:
      loadBalancer:
        servers:
          - url: "http://syncthing:8384"
    grafana:
      loadBalancer:
        servers:
@ -156,6 +160,17 @@ http:
        servers:
          - url: "http://uptime-kuma:3001"
    # ── Cross-server services ─────────────────────────────────────────────────
    wiki:
      loadBalancer:
        servers:
          - url: "http://{{ ip_tools }}:3000"
    n8n:
      loadBalancer:
        servers:
          - url: "http://{{ ip_tools }}:5678"
  middlewares:
    # ── Security Headers (applied globally via entrypoint) ─────────────────
    security-headers:
@ -201,11 +216,6 @@ http:
        users:
          - "{{ traefik_dashboard_htpasswd }}"
    syncthing-auth:
      basicAuth:
        users:
          - "{{ syncthing_basic_auth_htpasswd }}"
    # ── Authelia ForwardAuth ───────────────────────────────────────────────
    authelia:
      forwardAuth:
--- a/roles/tools/defaults/main.yml
+++ b/roles/tools/defaults/main.yml
@ -3,3 +3,4 @@ tools_root: /opt/tools
 outline_image: "outlinewiki/outline:0.80.2"
 outline_db_image: "postgres:15-alpine"
 outline_redis_image: "redis:7-alpine"
 n8n_image: "n8nio/n8n:1.89.2"              # https://hub.docker.com/r/n8nio/n8n/tags
--- a/roles/tools/tasks/main.yml
+++ b/roles/tools/tasks/main.yml
@ -31,6 +31,7 @@
    - "{{ outline_image }}"
    - "{{ outline_db_image }}"
    - "{{ outline_redis_image }}"
    - "{{ n8n_image }}"
 - name: Start tools stack
  community.docker.docker_compose_v2:
--- a/roles/tools/templates/docker-compose.yml.j2
+++ b/roles/tools/templates/docker-compose.yml.j2
@ -5,10 +5,14 @@ networks:
  outline-internal:
    driver: bridge
    internal: true
  n8n-internal:
    driver: bridge
    internal: true
 volumes:
  outline_db_data:
  outline_redis_data:
  n8n_data:
 services:
@ -80,3 +84,39 @@ services:
      options:
        max-size: "10m"
        max-file: "3"
  # ── n8n workflow automation ──────────────────────────────────────────────────
  n8n:
    image: {{ n8n_image }}
    container_name: n8n
    restart: unless-stopped
    networks:
      - n8n-internal
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:5678:5678"
    volumes:
      - n8n_data:/home/node/.n8n
    environment:
      - N8N_HOST={{ domain_n8n }}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://{{ domain_n8n }}/
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
      - N8N_USER_MANAGEMENT_JWT_SECRET=${N8N_JWT_SECRET}
      - GENERIC_TIMEZONE=Europe/Moscow
      - TZ=Europe/Moscow
      - N8N_METRICS=false
      - N8N_LOG_LEVEL=warn
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=336
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://localhost:5678/healthz"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@ -34,3 +34,7 @@ OUTLINE_DB_PASSWORD={{ outline_db_password }}
 DEFAULT_LANGUAGE=ru_RU
 RATE_LIMITER_ENABLED=true
 ENABLE_UPDATES=false
 # n8n secrets
 N8N_ENCRYPTION_KEY={{ n8n_encryption_key }}
 N8N_JWT_SECRET={{ n8n_jwt_secret }}