From f0c3fbbe1b004086517bff0c4091ca4dc992779c Mon Sep 17 00:00:00 2001
From: jack <jack@csrx.ru>
Date: Fri, 27 Mar 2026 09:14:14 +0700
Subject: [PATCH] fix: auto-bootstrap Outline team on fresh install

On a fresh DB Outline shows a blank login page because there is no team
and emailSigninEnabled = false. Add idempotent Ansible tasks that:
1. Create the 'Visual' team if none exists
2. Set guestSignin=true so email magic-link login works
Triggered by: server rebuild lost Outline DB (no backup existed).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 roles/services/defaults/main.yml |  1 +
 roles/services/tasks/main.yml    | 36 ++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/roles/services/defaults/main.yml b/roles/services/defaults/main.yml
index 873e756..04d7abb 100644
--- a/roles/services/defaults/main.yml
+++ b/roles/services/defaults/main.yml
@@ -31,5 +31,6 @@ uptime_kuma_image:   "louislam/uptime-kuma:1"                      # https://hub
 outline_image:       "outlinewiki/outline:0.80.2"                  # https://hub.docker.com/r/outlinewiki/outline/tags
 outline_db_image:    "postgres:15-alpine"
 outline_redis_image: "redis:7-alpine"
+outline_team_name:   "Visual"
 n8n_image:           "n8nio/n8n:1.89.2"                            # https://hub.docker.com/r/n8nio/n8n/tags
 outline_mcp_image:   "git.{{ domain_base }}/jack/outline-mcp:latest"
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index 68e10b7..55db964 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -139,3 +139,39 @@
   loop: "{{ forgejo_hooks.results }}"
   loop_control:
     label: "{{ item.item }}"
+
+# ── Outline: bootstrap team on fresh install ─────────────────────────────────
+# On a fresh DB there is no team → login page shows nothing.
+# emailSigninEnabled = guestSignin AND SMTP_HOST is set.
+# We idempotently create the team + enable guestSignin so email login works.
+- name: Wait for Outline to be healthy
+  ansible.builtin.command: docker exec outline wget -qO- http://127.0.0.1:3000/_health
+  register: outline_health
+  changed_when: false
+  retries: 15
+  delay: 10
+  until: outline_health.rc == 0
+
+- name: Bootstrap Outline team (idempotent)
+  ansible.builtin.shell: |
+    docker exec outline-db psql -U outline outline -c "
+      INSERT INTO teams (id, name, \"createdAt\", \"updatedAt\",
+        sharing, \"documentEmbeds\", \"guestSignin\",
+        \"defaultUserRole\", \"memberCollectionCreate\",
+        \"inviteRequired\", \"memberTeamCreate\")
+      SELECT gen_random_uuid(), '{{ outline_team_name }}', NOW(), NOW(),
+        true, true, true,
+        'member', true, false, true
+      WHERE NOT EXISTS (SELECT 1 FROM teams);
+    "
+  register: outline_team
+  changed_when: "'INSERT 0 1' in outline_team.stdout"
+
+- name: Enable email signin on Outline team
+  ansible.builtin.shell: |
+    docker exec outline-db psql -U outline outline -c "
+      UPDATE teams SET \"guestSignin\" = true
+      WHERE \"guestSignin\" = false;
+    "
+  register: outline_guest_signin
+  changed_when: "'UPDATE 1' in outline_guest_signin.stdout"