Move z9-host-specific configs and templates into z9 subdirectories

playbooks/templates/z9/configs/engelsystem/compose.yaml.j2

@@ -0,0 +1,51 @@
+---
+version: "3.6"
+services:
+  es_server:
+    image: es_server
+    build:
+      context: /home/chaos/engelsystem
+      dockerfile: /home/chaos/engelsystem/docker/Dockerfile
+    environment:
+      MYSQL_HOST: es_database
+      MYSQL_USER: engelsystem
+      MYSQL_PASSWORD: engelsystem
+      MYSQL_DATABASE: engelsystem
+      APP_NAME: CCCamp2023 Alternative Engelsystem
+      APP_URL: https://aes.ccchh.net
+      CONTACT_EMAIL: mailto:aes@hamburg.ccc.de
+      GOODIE_TYPE: none
+      ENABLE_VOUCHER: false
+      MAIL_DRIVER: smtp
+      MAIL_FROM_ADDRESS: aes@send-only-mail.ccchh.net
+      MAIL_HOST: send-only-mailserver.ccchh.net
+      MAIL_PORT: 465
+      MAIL_ENCRYPTION: tls
+      MAIL_USERNAME: aes
+      MAIL_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/engelsystem/MAIL_PASSWORD", create=false, missing="error") }}
+    ports:
+      - "5080:80"
+    networks:
+      - database
+      - internet
+    depends_on:
+      - es_database
+  es_database:
+    image: mariadb:10.2
+    environment:
+      MYSQL_DATABASE: engelsystem
+      MYSQL_USER: engelsystem
+      MYSQL_PASSWORD: engelsystem
+      MYSQL_RANDOM_ROOT_PASSWORD: 1
+      MYSQL_INITDB_SKIP_TZINFO: "yes"
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - database
+volumes:
+  db: {}
+
+networks:
+  database:
+    internal: true
+  internet:

playbooks/templates/z9/configs/keycloak/compose.yaml.j2

@@ -0,0 +1,75 @@
+## Secrets:
+#
+# Secrets should be provided via the relevant `x_secrets.env` files to the
+# containers. Options to be set are documented by commented out environment
+# variables.
+#
+## Links & Resources:
+#
+# https://www.keycloak.org/
+# https://www.keycloak.org/documentation
+# https://www.keycloak.org/getting-started/getting-started-docker
+# https://www.keycloak.org/server/configuration
+# https://www.keycloak.org/server/containers
+# https://www.keycloak.org/server/configuration-production
+# https://www.keycloak.org/server/db
+# https://hub.docker.com/_/postgres
+# https://github.com/docker-library/docs/blob/master/postgres/README.md
+# https://www.keycloak.org/server/hostname
+# https://www.keycloak.org/server/reverseproxy
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
+# https://www.keycloak.org/server/all-config
+
+services:
+  keycloak:
+    build:
+      context: .
+      dockerfile_inline: |
+        FROM quay.io/keycloak/keycloak:22.0 as builder
+
+        ENV KC_DB=postgres
+
+        WORKDIR /opt/keycloak
+        RUN /opt/keycloak/bin/kc.sh build
+
+        FROM quay.io/keycloak/keycloak:22.0
+        COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+        # Runtime options set in compose directly.
+
+        ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+    restart: unless-stopped
+    command: start --optimized
+    depends_on:
+      - db
+    networks:
+      - keycloak
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
+      KC_DB: postgres
+      KC_DB_URL_HOST: db
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
+      KC_HOSTNAME: id.ccchh.net
+      KC_HOSTNAME_STRICT_BACKCHANNEL: true
+      KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
+      KC_PROXY: edge
+    ports:
+      - "8080:8080"
+
+  db:
+    image: postgres:15.2
+    restart: always
+    networks:
+      - keycloak
+    volumes:
+      - "./database:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
+      POSTGRES_DB: keycloak
+
+networks:
+  keycloak:
+    external: false

playbooks/templates/z9/configs/zigbee2mqtt/zigbee2mqtt/configuration.yaml.j2

@@ -0,0 +1,21 @@
+homeassistant: true
+
+permit_join: false
+
+mqtt:
+  base_topic: zigbee2mqtt
+  server: 'mqtt://mqtt.z9'
+
+serial:
+  port: /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014DBC72F-if00
+
+advanced:
+  network_key: [{{ zigbee2mqtt__network_key }}]
+  pan_id: 32673
+  ext_pan_id: [58, 76, 37, 2, 22, 198, 237, 124]
+  channel: 11
+
+frontend:
+  port: 8080
+  host: localhost
+  url: https://zigbee2mqtt.z9