Application Categories¶

accounting¶

GnuCash Installation Role ¶

Installs GnuCash finance management software on Pacman-based systems, ensuring the latest version is present.

Empower your financial management with Akaunting, a dynamic and feature-rich accounting platform designed to simplify your bookkeeping and boost your business growth. Enjoy intuitive tools, real-time insights, and an energetic approach to your finances.

acme¶

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

activitypub¶

BookWyrm ¶

BookWyrm is a self-hosted federated social reading platform where users share reviews, track reading, and connect with others across the Fediverse.

Bridgy Fed ¶

Bridgy Fed: bridge between ActivityPub (Fediverse), ATProto/Bluesky and IndieWeb.

Chess ¶

Federated chess server based on ActivityPub. Play and follow games across the Fediverse with verified rules and open identities.

administration¶

MariaDB ¶

The Docker MariaDB Role offers an easy and efficient way to deploy a MariaDB server inside a Docker container. Manage your data securely and effectively, making it ideal for production or local development.

PostgreSQL ¶

The Docker PostgreSQL Role offers an easy and efficient way to run a PostgreSQL database inside a Docker container. Manage your data securely and effectively, making it ideal for production or local development.

System Maintenance Lock ¶

Ensures system integrity during maintenance activities by blocking execution until critical services have stopped, using a locking mechanism with timeout and retry logic.

Sudo ¶

Installs and configures the sudo package with a default sudoers file to ensure secure privilege escalation and system administration.

User ¶

Executes common tasks for user environment configuration.

Persona: Administrator 🛠️¶

Installs essential tools for Linux system administrators on Linux.

Persona: Network Administrator🌐¶

Installs essential network analysis tools for system administrators on Linux.

ELK Stack ¶

Transform online learning and collaboration with BigBlueButton, an interactive web conferencing solution designed to energize virtual classrooms and meetings. Enjoy dynamic tools and an engaging environment that makes every session a powerful learning experience.

FusionDirectory ¶

FusionDirectory is a web-app-based tool to manage LDAP directories and this role ensures a reliable, easy-to-use interface for LDAP administration.

administrator¶

Administrator User ¶

Creates a dedicated administrator user for local administrative tasks, ensuring secure privilege escalation and proper system management. This role configures the administrator account, sets up the home directory, SSH settings, and grants sudo privileges with password authentication.

Root User ¶

Manages the generation and handling of an SSH key for the root user. This role ensures secure remote access by generating a new RSA 4096-bit key pair if one does not exist, and displays the public key for further use.

agent¶

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

ai¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

akaunting¶

Akaunting ¶

aliases¶

Postfix ¶

Installs and configures Postfix to provide a robust mail transfer agent setup with a preconfigured aliases file for local mail delivery.

analytics¶

Nginx Matomo Tracking Role ¶

Injects Matomo analytics tracking code and noscript image tracker into Nginx-served HTML pages.

Matomo ¶

Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity.

anonymity¶

Torbrowser ¶

Installs and configures the Tor service and Tor Browser Launcher for secure, anonymous web browsing on Pacman-based systems.

ansible¶

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

application¶

Roulette Wheel ¶

This role deploys and configures the Roulette Wheel application using Docker Compose. It automates the process of pulling the latest source code from GitHub, building a Docker image, and deploying the application.

apt¶

Update apt ¶

Updates packages on Debian-based systems by refreshing the apt cache and performing a distribution upgrade.

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

archlinux¶

GNOME Desktop ¶

Aggregates essential GNOME desktop roles—including caffeine, extensions, and terminal—for a complete GNOME environment on Linux.

GNOME Caffeine ¶

Installs caffeine-ng and configures it to autostart for preventing screen sleep on GNOME.

LibreOffice ¶

Installs LibreOffice along with Liberation fonts and language packages on Arch Linux systems for a complete office suite experience.

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

RetroArch 🎮¶

Installs and configures RetroArch.

Spotify 🎵¶

Installs the Spotify client.

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

dev-base-devel Role ¶

This role installs the base-devel package group, providing all core development tools needed for building software on Arch Linux systems.

Fakeroot ¶

Installs fakeroot on Arch Linux using Pacman, enabling non-privileged file manipulations required for package building and development.

GCC 🧠¶

Installs the GNU Compiler Collection (GCC).

Git ¶

Installs Git using the Pacman package manager on Arch Linux systems.

Make Installation ¶

Installs GNU Make using the Pacman package manager on Arch Linux systems.

System AUR Helper ¶

Installs the AUR helper yay and configures an aur_builder user with appropriate sudo privileges to facilitate AUR package management on Arch Linux systems.

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

Package Manager Installation 📦¶

Installs and updates packages using pkgmgr.

Backup to USB ¶

Automated backups to a swappable USB device.

Docker Healer 🩺¶

Automated recovery for unhealthy or exited Docker Compose containers.

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

msmtp 📧¶

Installs and configures msmtp, a lightweight SMTP client and sendmail replacement.

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

Update Pacman ¶

Updates the package cache and upgrades all installed packages on Arch Linux systems using pacman.

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Default 🎮¶

Installs a curated set of open source games for Arch Linux.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

Persona: Administrator 🛠️¶

Installs essential tools for Linux system administrators on Linux.

Persona: Network Administrator🌐¶

Installs essential network analysis tools for system administrators on Linux.

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

Taiga ¶

Supercharge your project management with Taiga—a dynamic, agile tool designed for teams that thrive on creativity and collaboration. Experience a vibrant interface, robust task tracking, and an energetic platform that drives your projects to success.

arduino¶

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

asset-management¶

Snipe‑IT ¶

Snipe‑IT is an open‑source asset management system providing a containerized deployment with centralized MariaDB integration, configurable SMTP settings, and pending SAML authentication enhancements for secure asset tracking and management.

assets¶

RetroArch 🎮¶

Installs and configures RetroArch.

Content Delivery Network ¶

Prepares and manages the CDN folder structure with shared, vendor, and per-role release directories.

Assets Server ¶

Serves static assets via Nginx by copying from a source directory to the Nginx data path.

atproto¶

Bridgy Fed ¶

Bridgy Fed: bridge between ActivityPub (Fediverse), ATProto/Bluesky and IndieWeb.

aur¶

Spotify 🎵¶

Installs the Spotify client.

System AUR Helper ¶

Installs the AUR helper yay and configures an aur_builder user with appropriate sudo privileges to facilitate AUR package management on Arch Linux systems.

authentication¶

sys-stk-back-stateless ¶

Loads the docker-compose role and adds OAuth2 proxy support if enabled in the application’s configuration. This ensures authentication via a centralized OIDC provider (e.g., Keycloak) with minimal configuration overhead.

automation¶

Chromium 🌐¶

Automates the installation and configuration of the Chromium browser with enforced security extensions.

GNOME Desktop ¶

Aggregates essential GNOME desktop roles—including caffeine, extensions, and terminal—for a complete GNOME environment on Linux.

GNOME Extensions Manager ¶

Configures GNOME Shell extensions and installs the CLI GNOME Extension Manager for managing extensions.

GNOME Terminal ¶

Installs GNOME Terminal on Arch Linux, providing a modern terminal emulator for the GNOME desktop environment.

LibreOffice ¶

Installs LibreOffice along with Liberation fonts and language packages on Arch Linux systems for a complete office suite experience.

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

Make Installation ¶

Installs GNU Make using the Pacman package manager on Arch Linux systems.

Node.js ¶

Installs Node.js

npm ¶

Installs npm and runs optional ‘npm ci’ inside a project

Python-Pip ¶

Installs the python-pip package to provide the Python package manager, ensuring that Python packages can be installed reliably on the target system.

Python-Yaml ¶

Installs the `python-yaml` package to enable YAML support in Python.

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Kevins Package Manager 🤖📦¶

Automates the installation of Kevin’s Package Manager — a tool for managing multiple repositories and automating Git operations.

Backup to USB ¶

Automated backups to a swappable USB device.

Backup Remote to Local ¶

Pulls backups from a remote server and stores them locally using rsync with retry logic. This role is part of a comprehensive backup scheme and works in conjunction with other roles to ensure reliable backup operations.

Backup Provider ¶

Configures the host as a backup provider to facilitate secure backup operations.

User for Backup Provider ¶

Sets up a dedicated backup user with restricted SSH commands for backup operations. This role configures a backup user with custom SSH key restrictions and sudo rights, ensuring secure and controlled access for backup processes.

Infinito.Nexus CLI ¶

This role installs and provides the Infinito.Nexus CLI, enabling you to manage your entire Infinito.Nexus environment from the command line. After deployment, the `infinito` command is available.

Automated Email Alerts for Service Failures ¶

Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

Automated Telegram Alerts for Service Failures ¶

Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

Backup Docker to Local ¶

Automates the backup of Docker volumes to a local folder

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

Cleanup Backups Service ¶

Automates the cleanup of old backups by executing a Python script that deletes outdated backup versions when disk usage exceeds a specified threshold.

Certbot Reaper ¶

Automates the revocation and deletion of unused Let’s Encrypt certificates

Cleanup Disc Space ¶

Frees disk space on the target system by executing a cleanup script that removes temporary files, clears package caches, and optionally handles Docker and backup cleanup.

Cleanup Failed Backups ¶

Cleans up failed Docker backups by configuring a systemd service and timer to execute the cleanup operations periodically.

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

System Btrfs Auto Balancer ¶

Automates the balancing of Btrfs file systems by cloning the auto-btrfs-balancer repository and configuring a systemd service and timer for regular execution.

Docker Auto Restart ¶

Automates the restart of Docker Compose instances by detecting docker-compose.yml files and executing a restart script, ensuring consistent service availability.

Docker Healer 🩺¶

Automated recovery for unhealthy or exited Docker Compose containers.

🌐 Cloudflare DNS Records ¶

Generic role to manage Cloudflare DNS records (A/AAAA, CNAME, MX, TXT, SRV) in a data-driven way.

sys-dns-wildcards ¶

Create Cloudflare wildcard DNS records (*.parent) for parent hosts; no base or *.apex records.

sys-service ¶

Role to manage systemd service units, including cleanup, deployment, and runtime configuration.

Front Base (HTTPS + Cloudflare + Handlers) 🚀¶

Front bootstrap for web apps: HTTPS base, optional Cloudflare setup, and handler wiring.

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

sys-svc-dns ¶

Cloudflare DNS bootstrap: parent host A/AAAA (and optional CAA) — runs once per play.

Docker Server ¶

Installs and maintains Docker.

msmtp 📧¶

Installs and configures msmtp, a lightweight SMTP client and sendmail replacement.

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

Systemd Timer ¶

Configures a systemd timer to periodically start a specified service. This role automates the creation, reloading, and restarting of systemd timer units for recurring tasks.

Cleanup Backups Timer ¶

Schedules periodic cleanup of old backups by configuring a systemd timer to trigger the sys-ctl-cln-bkps role.

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

Presentation ¶

An interactive presentation platform focused on guiding end-users through the practical use of the Infinito.Nexus software. Designed to demonstrate features, workflows, and real-world applications for Administrators, Developers, End-Users, Businesses, and Investors.

Nextcloud ¶

Elevate your collaboration with Nextcloud, a vibrant self-hosted cloud solution designed for dynamic file sharing, seamless communication, and effortless teamwork. Embrace unparalleled control, flexibility, and a boosted digital workspace that adapts to your every need.

OpenProject ¶

Transform your project management with OpenProject, a vibrant and collaborative tool that brings clarity and energy to your planning, tracking, and team communication. Experience streamlined workflows and an innovative platform that propels your projects forward.

Sphinx ¶

Automates building and serving Sphinx documentation. Unlock comprehensive insights with our extensive documentation. Explore guides, tutorials, and support resources designed to help you navigate software effortlessly.

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

WordPress ¶

Use the full power of WordPress—with its intuitive interface, customizable themes and plugins, responsive design, and advanced SEO tools—in a scalable and secure containerized environment.

YOURLS ¶

Streamline your online presence with YOURLS — a nimble, open‑source URL shortener that empowers you to create, track, and manage short links effortlessly.

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

autostart¶

GNOME Caffeine ¶

Installs caffeine-ng and configures it to autostart for preventing screen sleep on GNOME.

backend¶

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

backup¶

Backup to USB ¶

Automated backups to a swappable USB device.

Backup Remote to Local ¶

Backup Provider ¶

Configures the host as a backup provider to facilitate secure backup operations.

User for Backup Provider ¶

Backup Docker to Local ¶

Automates the backup of Docker volumes to a local folder

Cleanup Backups Service ¶

Automates the cleanup of old backups by executing a Python script that deletes outdated backup versions when disk usage exceeds a specified threshold.

Cleanup Failed Backups ¶

Cleans up failed Docker backups by configuring a systemd service and timer to execute the cleanup operations periodically.

Database Docker Composition ¶

Combines Docker Compose with a central RDBMS role to automatically provision database containers with backup, user, and permission management.

Cleanup Backups Timer ¶

Schedules periodic cleanup of old backups by configuring a systemd timer to trigger the sys-ctl-cln-bkps role.

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

backups¶

Backup Provider ¶

Configures the host as a backup provider to facilitate secure backup operations.

balancing¶

System Btrfs Auto Balancer ¶

Automates the balancing of Btrfs file systems by cloning the auto-btrfs-balancer repository and configuring a systemd service and timer for regular execution.

base-devel¶

dev-base-devel Role ¶

This role installs the base-devel package group, providing all core development tools needed for building software on Arch Linux systems.

baserow¶

Baserow ¶

Empower your data management with Baserow, an innovative platform that makes building and managing databases both fun and efficient. Enjoy a dynamic interface, seamless collaboration, and energetic tools that supercharge your workflow.

bash¶

Shell 🐚¶

Ensures that .profile is sourced in all shells.

User ¶

Executes common tasks for user environment configuration.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

bigbluebutton¶

BigBlueButton ¶

blender¶

util-desk-design ¶

Installs designer tools such as GIMP, Blender, and Draw.io via AUR on Arch Linux.

blog¶

WordPress ¶

Use the full power of WordPress—with its intuitive interface, customizable themes and plugins, responsive design, and advanced SEO tools—in a scalable and secure containerized environment.

bluesky¶

Bluesky ¶

Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way.

Bridgy Fed ¶

Bridgy Fed: bridge between ActivityPub (Fediverse), ATProto/Bluesky and IndieWeb.

bluray¶

desk-bluray-player ¶

Installs VLC, libaacs and libbluray for Blu-ray playback on Arch Linux–based systems.

books¶

BookWyrm ¶

BookWyrm is a self-hosted federated social reading platform where users share reviews, track reading, and connect with others across the Fediverse.

bookwyrm¶

BookWyrm ¶

BookWyrm is a self-hosted federated social reading platform where users share reviews, track reading, and connect with others across the Fediverse.

bootstrap¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

branding¶

Simple Icons ¶

Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding.

bridge¶

Bridgy Fed ¶

Bridgy Fed: bridge between ActivityPub (Fediverse), ATProto/Bluesky and IndieWeb.

browser¶

Chromium 🌐¶

Automates the installation and configuration of the Chromium browser with enforced security extensions.

Firefox 🦊¶

Automates Firefox installation and enforces Enterprise Policies (auto-install extensions) on Arch Linux.

Torbrowser ¶

Installs and configures the Tor service and Tor Browser Launcher for secure, anonymous web browsing on Pacman-based systems.

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

browsers¶

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

btrfs¶

sys-ctl-hlth-btrfs ¶

Health-check for Btrfs filesystems, alerts on any device error counters.

System Btrfs Auto Balancer ¶

Automates the balancing of Btrfs file systems by cloning the auto-btrfs-balancer repository and configuring a systemd service and timer for regular execution.

buckets¶

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

build¶

dev-base-devel Role ¶

This role installs the base-devel package group, providing all core development tools needed for building software on Arch Linux systems.

GCC 🧠¶

Installs the GNU Compiler Collection (GCC).

Make Installation ¶

Installs GNU Make using the Pacman package manager on Arch Linux systems.

cache¶

Memcached ¶

Provides a Docker Compose snippet for a Memcached service (`memcached`) with optional volume, healthcheck, and logging.

Redis ¶

Provides a Docker Compose snippet for a Redis service (redis:alpine) with volume, healthcheck and logging.

caching¶

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

caffeine¶

GNOME Caffeine ¶

Installs caffeine-ng and configures it to autostart for preventing screen sleep on GNOME.

cdn¶

Content Delivery Network ¶

Prepares and manages the CDN folder structure with shared, vendor, and per-role release directories.

central-database¶

MariaDB ¶

PostgreSQL ¶

Central Database ¶

The Docker Central Database Role lets you quickly provision a centralized database through Docker Compose. Whether using MariaDB or PostgreSQL, this role provides a reliable, low-maintenance solution that supports your business applications.

certbot¶

Certbot Reaper ¶

Automates the revocation and deletion of unused Let’s Encrypt certificates

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

sys-svc-cln-domains ¶

Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains

certificate¶

Let’s Encrypt SSL for Nginx 🔐¶

An Ansible role to automate Let’s Encrypt SSL certificate issuance and renewal for Nginx

chat¶

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

XMPP ¶

Stub role for deploying an XMPP server/container—implementation pending.

chess¶

Chess ¶

Federated chess server based on ActivityPub. Play and follow games across the Fediverse with verified rules and open identities.

chromium¶

Chromium 🌐¶

Automates the installation and configuration of the Chromium browser with enforced security extensions.

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

ci¶

Jenkins ¶

Stub for a Jenkins CI server deployment via Docker Compose—role is currently deprecated and pending reimplementation.

ci/cd¶

GitLab ¶

Accelerate your development with GitLab, an all-in-one platform for source code management, CI/CD, and more. Experience a robust and collaborative environment that empowers your development process.

cleanup¶

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

Cleanup Backups Service ¶

Automates the cleanup of old backups by executing a Python script that deletes outdated backup versions when disk usage exceeds a specified threshold.

Certbot Reaper ¶

Automates the revocation and deletion of unused Let’s Encrypt certificates

Cleanup Disc Space ¶

Frees disk space on the target system by executing a cleanup script that removes temporary files, clears package caches, and optionally handles Docker and backup cleanup.

Cleanup Failed Backups ¶

Cleans up failed Docker backups by configuring a systemd service and timer to execute the cleanup operations periodically.

sys-daemon ¶

Role to reset and configure the systemd manager (drop-ins, defaults, validation).

sys-svc-cln-domains ¶

Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains

Docker Server ¶

Installs and maintains Docker.

Cleanup Backups Timer ¶

Schedules periodic cleanup of old backups by configuring a systemd timer to trigger the sys-ctl-cln-bkps role.

cli¶

CopyQ ¶

Installs CopyQ clipboard manager on Pacman-based systems and configures autostart for the current user.

Jrnl Role for Ansible ¶

Installs Jrnl CLI journal application on Pacman-based systems for command-line journaling.

Desk-micro Role for Ansible ¶

Installs micro CLI text editor on Pacman‑based systems.

Desk-neovim Role for Ansible ¶

Installs neovim CLI text editor on Pacman‑based systems.

Infinito.Nexus CLI ¶

This role installs and provides the Infinito.Nexus CLI, enabling you to manage your entire Infinito.Nexus environment from the command line. After deployment, the `infinito` command is available.

client¶

Spotify 🎵¶

Installs the Spotify client.

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

clipboard¶

CopyQ ¶

Installs CopyQ clipboard manager on Pacman-based systems and configures autostart for the current user.

cloud¶

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

Nextcloud ¶

cloudflare¶

🌐 Cloudflare DNS Records ¶

Generic role to manage Cloudflare DNS records (A/AAAA, CNAME, MX, TXT, SRV) in a data-driven way.

sys-dns-wildcards ¶

Create Cloudflare wildcard DNS records (*.parent) for parent hosts; no base or *.apex records.

Front Base (HTTPS + Cloudflare + Handlers) 🚀¶

Front bootstrap for web apps: HTTPS base, optional Cloudflare setup, and handler wiring.

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

sys-svc-dns ¶

Cloudflare DNS bootstrap: parent host A/AAAA (and optional CAA) — runs once per play.

Nginx WWW Redirect 🌐¶

An Ansible role to redirect www subdomains to bare domains (apex). Supports Cloudflare edge redirects or local Nginx redirects.

cms¶

Joomla ¶

Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design, inspiring creativity and driving your digital presence to new heights.

Moodle ¶

Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning.

code¶

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

collabora¶

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

colors¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

compiler¶

GCC 🧠¶

Installs the GNU Compiler Collection (GCC).

compose¶

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Docker Container ¶

Provides shared Jinja2 snippets for Docker Compose service definitions (base, networks, healthchecks, depends_on).

Database Docker Composition ¶

Combines Docker Compose with a central RDBMS role to automatically provision database containers with backup, user, and permission management.

sys-stk-back-stateless ¶

Database Docker with Web Proxy ¶

Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front-proxy.

Docker Compose with Web Proxy ¶

Combines the docker-compose role with sys-stk-front-proxy to deploy applications behind a reverse proxy.

OpenProject ¶

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

compression¶

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

conference¶

BigBlueButton ¶

conferencing¶

Zoom ¶

Installs the Zoom video conferencing client via AUR on Arch Linux.

BigBlueButton ¶

configuration¶

Git ¶

Installs Git and configures it using a custom git-configurator for personal computers.

Wireguard ¶

Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity.

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

Postfix ¶

Installs and configures Postfix to provide a robust mail transfer agent setup with a preconfigured aliases file for local mail delivery.

Sudo ¶

Installs and configures the sudo package with a default sudoers file to ensure secure privilege escalation and system administration.

sshd ¶

Configures a secure SSH daemon environment by deploying a templated sshd_config file and restarting the SSH service as needed.

Systemd Timer ¶

Configures a systemd timer to periodically start a specified service. This role automates the creation, reloading, and restarting of systemd timer units for recurring tasks.

User ¶

Executes common tasks for user environment configuration.

Administrator User ¶

Root User ¶

confluence¶

Confluence ¶

Confluence is an enterprise wiki and collaboration platform by Atlassian. This role deploys Confluence in Docker, adds support for OIDC authentication, and integrates with the Infinito.Nexus ecosystem.

container¶

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Docker Server ¶

Installs and maintains Docker.

containers¶

Docker Container Health Check ¶

Checks Docker containers for unhealthy or exited states and alerts on any issues.

content management¶

Joomla ¶

Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design, inspiring creativity and driving your digital presence to new heights.

copyq¶

CopyQ ¶

Installs CopyQ clipboard manager on Pacman-based systems and configures autostart for the current user.

corporate¶

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

coturn¶

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

crm¶

EspoCRM ¶

Empower your customer relationship management with EspoCRM. Tailored for businesses of all sizes, EspoCRM enables you to manage your sales, customer interactions, and business processes with ease, fostering productivity and streamlined communication across teams.

csp¶

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

css¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

curl¶

Automated Telegram Alerts for Service Failures ¶

Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

daemon¶

sys-daemon ¶

Role to reset and configure the systemd manager (drop-ins, defaults, validation).

data management¶

Baserow ¶

database¶

MariaDB ¶

PostgreSQL ¶

Database Docker Composition ¶

Combines Docker Compose with a central RDBMS role to automatically provision database containers with backup, user, and permission management.

Database Docker with Web Proxy ¶

Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front-proxy.

Central Database ¶

databases¶

Baserow ¶

debian¶

Update apt ¶

Updates packages on Debian-based systems by refreshing the apt cache and performing a distribution upgrade.

decentralization¶

Pixelfed ¶

Pixelfed is a decentralized image sharing platform that champions creativity and privacy. This containerized deployment provides a secure, scalable, and modern environment for sharing visual content within a federated network.

decentralized¶

Bluesky ¶

Friendica ¶

Empower your decentralized social networking with Friendica, a platform designed to foster communication and community building with ease. Experience a robust, containerized deployment that streamlines installation, configuration, and maintenance for your Friendica instance.

Mastodon ¶

Dive into a decentralized social experience with Mastodon, a federated platform designed for dynamic, community-driven networking. Enjoy real-time updates, robust moderation, and customizable user interfaces that empower communities to thrive.

Matrix ¶

Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. Benefit from federation, end-to-end encryption, and versatile bridging that connects you globally while safeguarding your data.

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

dependencies¶

MIG ¶

The Meta Infinite Graph offers you an interactive, visual map of all Infinito.Nexus roles and their dependencies—making it easy to explore, understand, and navigate the complete structure of your infrastructure.

deployment¶

Presentation ¶

Sphinx ¶

design¶

util-desk-design ¶

Installs designer tools such as GIMP, Blender, and Draw.io via AUR on Arch Linux.

desktop¶

Git ¶

Installs Git and configures it using a custom git-configurator for personal computers.

GNOME Desktop ¶

Aggregates essential GNOME desktop roles—including caffeine, extensions, and terminal—for a complete GNOME environment on Linux.

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

development¶

README for PC-Docker Playbook ¶

Installs Docker and Docker Compose, and adds a user to the Docker group for non-root usage on development machines.

dev-base-devel Role ¶

This role installs the base-devel package group, providing all core development tools needed for building software on Arch Linux systems.

Fakeroot ¶

Installs fakeroot on Arch Linux using Pacman, enabling non-privileged file manipulations required for package building and development.

GCC 🧠¶

Installs the GNU Compiler Collection (GCC).

Kevins Package Manager 🤖📦¶

Automates the installation of Kevin’s Package Manager — a tool for managing multiple repositories and automating Git operations.

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

devops¶

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

directory¶

LDAP ¶

Unleash the potential of centralized identity management with our robust LDAP Directory solution, powered by OpenLDAP. Manage users, groups, and schemas securely with extensive customization options and integrated TLS support.

LAM ¶

Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories.

discourse¶

Discourse ¶

Discourse is a popular open-source discussion platform designed to foster community engagement with modern, user-friendly features and robust moderation tools.

discussion¶

Discourse ¶

Discourse is a popular open-source discussion platform designed to foster community engagement with modern, user-friendly features and robust moderation tools.

disk¶

Cleanup Backups Service ¶

Automates the cleanup of old backups by executing a Python script that deletes outdated backup versions when disk usage exceeds a specified threshold.

Cleanup Disc Space ¶

Frees disk space on the target system by executing a cleanup script that removes temporary files, clears package caches, and optionally handles Docker and backup cleanup.

sys-ctl-hlth-disc-space ¶

Disk-space usage monitor; alerts when usage exceeds threshold.

dns¶

🌐 Cloudflare DNS Records ¶

Generic role to manage Cloudflare DNS records (A/AAAA, CNAME, MX, TXT, SRV) in a data-driven way.

sys-dns-hetzner-rdns ¶

Generic role to manage reverse DNS (PTR) for Hetzner Cloud resources (server, primary_ip, floating_ip, load_balancer).

sys-dns-wildcards ¶

Create Cloudflare wildcard DNS records (*.parent) for parent hosts; no base or *.apex records.

sys-svc-dns ¶

Cloudflare DNS bootstrap: parent host A/AAAA (and optional CAA) — runs once per play.

docker¶

README for PC-Docker Playbook ¶

Installs Docker and Docker Compose, and adds a user to the Docker group for non-root usage on development machines.

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Docker Container ¶

Provides shared Jinja2 snippets for Docker Compose service definitions (base, networks, healthchecks, depends_on).

Backup Remote to Local ¶

MariaDB ¶

Memcached ¶

Provides a Docker Compose snippet for a Memcached service (`memcached`) with optional volume, healthcheck, and logging.

LDAP ¶

PostgreSQL ¶

Redis ¶

Provides a Docker Compose snippet for a Redis service (redis:alpine) with volume, healthcheck and logging.

Storage Optimizer ¶

Optimizes storage allocation for Docker volumes by migrating volumes between SSD and HDD based on container image types, and creates symbolic links to maintain consistent paths.

OpenResty ¶

Role to provision an OpenResty container via Docker Compose.

Backup Docker to Local ¶

Automates the backup of Docker volumes to a local folder

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

Cleanup Failed Backups ¶

Cleans up failed Docker backups by configuring a systemd service and timer to execute the cleanup operations periodically.

Docker Container Health Check ¶

Checks Docker containers for unhealthy or exited states and alerts on any issues.

Docker Volumes Health Check ¶

Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts.

Docker Compose Certificate Sync Service ¶

Deploys Let’s Encrypt certificates into Docker Compose Nginx setups via systemd service and timer.

Docker Auto Restart ¶

Automates the restart of Docker Compose instances by detecting docker-compose.yml files and executing a restart script, ensuring consistent service availability.

Docker Healer 🩺¶

Automated recovery for unhealthy or exited Docker Compose containers.

Database Docker Composition ¶

Combines Docker Compose with a central RDBMS role to automatically provision database containers with backup, user, and permission management.

sys-stk-back-stateless ¶

Database Docker with Web Proxy ¶

Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front-proxy.

Docker Compose with Web Proxy ¶

Combines the docker-compose role with sys-stk-front-proxy to deploy applications behind a reverse proxy.

Docker Server ¶

Installs and maintains Docker.

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

Central Database ¶

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

Baserow ¶

BigBlueButton ¶

Bluesky ¶

Discourse ¶

Discourse is a popular open-source discussion platform designed to foster community engagement with modern, user-friendly features and robust moderation tools.

ELK Stack ¶

Friendica ¶

Funkwhale ¶

Dive into a world of rhythm and sound with Funkwhale, an innovative self-hosted music sharing platform that celebrates creativity and community. Enjoy an energetic soundscape and seamless music streaming that amplifies your passion for tunes.

FusionDirectory ¶

FusionDirectory is a web-app-based tool to manage LDAP directories and this role ensures a reliable, easy-to-use interface for LDAP administration.

Gitea ¶

Boost your development journey with Gitea, a lightweight and energetic self-hosted Git service that offers efficient code collaboration, intuitive version control, and an agile environment for your projects. Ignite your coding spirit, innovate faster, and code with confidence!

GitLab ¶

Accelerate your development with GitLab, an all-in-one platform for source code management, CI/CD, and more. Experience a robust and collaborative environment that empowers your development process.

Joomla ¶

Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design, inspiring creativity and driving your digital presence to new heights.

Keycloak ¶

Step into a secure future with Keycloak! Our dynamic identity and access management solution offers streamlined SSO capabilities, robust security measures, and an intuitive user experience that propels your applications to unprecedented heights of performance and reliability.

LAM ¶

Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories.

Listmonk ¶

Elevate your email marketing with Listmonk, a high-performance, self-hosted newsletter and mailing list manager featuring a modern dashboard, advanced analytics, and flexible configuration options.

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

Mailu ¶

Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates comprehensive features for managing digital correspondence reliably.

Mastodon ¶

Matomo ¶

Matrix ¶

Mobilizon ¶

Experience Mobilizon, an open-source event management platform that empowers communities to create, manage, and attend events with ease, prioritizing privacy and decentralization.

Moodle ¶

Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning.

Presentation ¶

Nextcloud ¶

Docker OAuth2 Proxy Role ¶

Configures OAuth2 Proxy with Keycloak integration for protecting web applications in Docker Compose.

OpenProject ¶

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

pgAdmin ¶

Take control of your PostgreSQL databases with pgAdmin — a powerful, open source, web-app-based administration tool offering an intuitive user interface, multi‑server management, robust configuration options, and optional OAuth2 integration for enhanced security.

phpldapadmin ¶

Take control of your LDAP directory with phpldapadmin — a web‑based LDAP client offering an intuitive interface to manage your LDAP directories. This containerized deployment simplifies administration and provides secure, flexible configuration options.

PhpMyAdmin ¶

Manage your databases with confidence using PHPMyAdmin, a robust and dynamic tool designed to simplify administration and enhance productivity. Enjoy an intuitive interface, powerful features, and an energetic approach that makes database management a breeze.

Pixelfed ¶

Roulette Wheel ¶

Sphinx ¶

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

Taiga ¶

WordPress ¶

Use the full power of WordPress—with its intuitive interface, customizable themes and plugins, responsive design, and advanced SEO tools—in a scalable and secure containerized environment.

YOURLS ¶

Streamline your online presence with YOURLS — a nimble, open‑source URL shortener that empowers you to create, track, and manage short links effortlessly.

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

Simple Icons ¶

Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding.

docker-compose¶

Docker Healer 🩺¶

Automated recovery for unhealthy or exited Docker Compose containers.

documentation¶

Confluence ¶

MediaWiki ¶

Empower your knowledge base with MediaWiki, a versatile and collaborative platform designed for comprehensive, user-driven documentation. Benefit from an extensive extension ecosystem, robust content management, and customizable configurations tailored to your needs.

Sphinx ¶

XWiki ¶

XWiki is an open-source enterprise wiki and knowledge management platform, offering collaboration tools, structured content, and extensibility through apps and plugins.

domains¶

sys-svc-cln-domains ¶

Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains

Nginx Redirect Role ¶

Configures Nginx to perform 301 redirects based on a list of source→target domain mappings.

dotfiles¶

Shell 🐚¶

Ensures that .profile is sourced in all shells.

drawio¶

util-desk-design ¶

Installs designer tools such as GIMP, Blender, and Draw.io via AUR on Arch Linux.

driver¶

drv-intel Role ¶

Installs Intel media drivers on Pacman-based systems, ensuring the `intel-media-driver` package is present and up-to-date.

drivers¶

Non-Free Drivers ¶

Installs proprietary GPU drivers (`mhwd -a pci nonfree 0300`) on Arch-based systems.

dynamic¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

e-learning¶

Moodle ¶

Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning.

ebook¶

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

ecommerce¶

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

editor¶

Desk-micro Role for Ansible ¶

Installs micro CLI text editor on Pacman‑based systems.

Desk-neovim Role for Ansible ¶

Installs neovim CLI text editor on Pacman‑based systems.

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

education¶

BigBlueButton ¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

Moodle ¶

Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning.

elk¶

ELK Stack ¶

email¶

Unified Service Failure Notifier ¶

Installs a unified systemd notification service that sends alerts via both Telegram and Email when a service fails.

Automated Email Alerts for Service Failures ¶

Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

sys-ctl-hlth-msmtp ¶

Periodic MTA health-check: sends test mail via msmtp and alerts on failure.

msmtp 📧¶

Installs and configures msmtp, a lightweight SMTP client and sendmail replacement.

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

Mailu ¶

Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates comprehensive features for managing digital correspondence reliably.

email marketing¶

Listmonk ¶

Elevate your email marketing with Listmonk, a high-performance, self-hosted newsletter and mailing list manager featuring a modern dashboard, advanced analytics, and flexible configuration options.

embedded¶

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

emulator¶

RetroArch 🎮¶

Installs and configures RetroArch.

encrypted¶

Matrix ¶

encryption¶

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

engineering¶

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

enterprise-policy¶

Chromium 🌐¶

Automates the installation and configuration of the Chromium browser with enforced security extensions.

Firefox 🦊¶

Automates Firefox installation and enforces Enterprise Policies (auto-install extensions) on Arch Linux.

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

environment¶

Shell 🐚¶

Ensures that .profile is sourced in all shells.

epson¶

Driver Epson Multiprinter Driver ¶

Installs Epson multifunction printer drivers and scanning utilities (escpr, imagescan) via Pacman and AUR on Arch Linux.

espocrm¶

EspoCRM ¶

event-management¶

Mobilizon ¶

Experience Mobilizon, an open-source event management platform that empowers communities to create, manage, and attend events with ease, prioritizing privacy and decentralization.

extensions¶

GNOME Extensions Manager ¶

Configures GNOME Shell extensions and installs the CLI GNOME Extension Manager for managing extensions.

fakeroot¶

Fakeroot ¶

Installs fakeroot on Arch Linux using Pacman, enabling non-privileged file manipulations required for package building and development.

federated¶

Mastodon ¶

Matrix ¶

SocialHome ¶

Deploys a SocialHome federated social network via Docker Compose with basic domain wiring.

federation¶

Chess ¶

Federated chess server based on ActivityPub. Play and follow games across the Fediverse with verified rules and open identities.

Pixelfed ¶

fediverse¶

BookWyrm ¶

BookWyrm is a self-hosted federated social reading platform where users share reviews, track reading, and connect with others across the Fediverse.

Bridgy Fed ¶

Bridgy Fed: bridge between ActivityPub (Fediverse), ATProto/Bluesky and IndieWeb.

file¶

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

filesystem¶

sys-ctl-hlth-btrfs ¶

Health-check for Btrfs filesystems, alerts on any device error counters.

System Btrfs Auto Balancer ¶

Automates the balancing of Btrfs file systems by cloning the auto-btrfs-balancer repository and configuring a systemd service and timer for regular execution.

finance¶

GnuCash Installation Role ¶

Installs GnuCash finance management software on Pacman-based systems, ensuring the latest version is present.

Akaunting ¶

firefox¶

Firefox 🦊¶

Automates Firefox installation and enforces Enterprise Policies (auto-install extensions) on Arch Linux.

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

firewall¶

WireGuard Client behind NAT ¶

Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.

flask¶

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

flowise¶

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

forum¶

Discourse ¶

Discourse is a popular open-source discussion platform designed to foster community engagement with modern, user-friendly features and robust moderation tools.

friendica¶

Friendica ¶

frontend¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

fun¶

Gamer Default 🎮¶

Installs a curated set of open source games for Arch Linux.

funkwhale¶

Funkwhale ¶

fusiondirectory¶

FusionDirectory ¶

FusionDirectory is a web-app-based tool to manage LDAP directories and this role ensures a reliable, easy-to-use interface for LDAP administration.

gamemode¶

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

games¶

Gamer Default 🎮¶

Installs a curated set of open source games for Arch Linux.

gaming¶

RetroArch 🎮¶

Installs and configures RetroArch.

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Default 🎮¶

Installs a curated set of open source games for Arch Linux.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

gcc¶

GCC 🧠¶

Installs the GNU Compiler Collection (GCC).

gimp¶

util-desk-design ¶

Installs designer tools such as GIMP, Blender, and Draw.io via AUR on Arch Linux.

git¶

Git ¶

Installs Git and configures it using a custom git-configurator for personal computers.

Git ¶

Installs Git using the Pacman package manager on Arch Linux systems.

Kevins Package Manager 🤖📦¶

Automates the installation of Kevin’s Package Manager — a tool for managing multiple repositories and automating Git operations.

Gitea ¶

gitea¶

Gitea ¶

gitlab¶

GitLab ¶

Accelerate your development with GitLab, an all-in-one platform for source code management, CI/CD, and more. Experience a robust and collaborative environment that empowers your development process.

global¶

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

gnome¶

GNOME Desktop ¶

Aggregates essential GNOME desktop roles—including caffeine, extensions, and terminal—for a complete GNOME environment on Linux.

GNOME Extensions Manager ¶

Configures GNOME Shell extensions and installs the CLI GNOME Extension Manager for managing extensions.

GNOME Terminal ¶

Installs GNOME Terminal on Arch Linux, providing a modern terminal emulator for the GNOME desktop environment.

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

gnucash¶

GnuCash Installation Role ¶

Installs GnuCash finance management software on Pacman-based systems, ensuring the latest version is present.

gpu¶

Non-Free Drivers ¶

Installs proprietary GPU drivers (`mhwd -a pci nonfree 0300`) on Arch-based systems.

graph¶

MIG ¶

graphics¶

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

greenlight¶

BigBlueButton ¶

gui¶

CopyQ ¶

Installs CopyQ clipboard manager on Pacman-based systems and configures autostart for the current user.

health¶

sys-ctl-hlth-btrfs ¶

Health-check for Btrfs filesystems, alerts on any device error counters.

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

sys-ctl-hlth-disc-space ¶

Disk-space usage monitor; alerts when usage exceeds threshold.

Docker Container Health Check ¶

Checks Docker containers for unhealthy or exited states and alerts on any issues.

Docker Volumes Health Check ¶

Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts.

sys-ctl-hlth-journalctl ¶

Searches the systemd journal for errors over the past day and alerts if any are found.

sys-ctl-hlth-msmtp ¶

Periodic MTA health-check: sends test mail via msmtp and alerts on failure.

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

hetzner¶

sys-dns-hetzner-rdns ¶

Generic role to manage reverse DNS (PTR) for Hetzner Cloud resources (server, primary_ip, floating_ip, load_balancer).

hibernate¶

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

homepage¶

Desktop ¶

PortUI provides Infinito.Nexus users with a unified web interface to easily access all their applications in one place

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

hostname¶

Hostname ¶

Set the system hostname based on the inventory_hostname

html¶

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

http¶

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

https¶

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Front Base (HTTPS + Cloudflare + Handlers) 🚀¶

Front bootstrap for web apps: HTTPS base, optional Cloudflare setup, and handler wiring.

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

hunspell¶

Hunspell ¶

Installs Hunspell and configured language packs on Pacman-based systems for spell checking in multiple languages.

i18n¶

Locales ¶

Configure system locales by deploying locale.gen and locale.conf and generating locales

iam¶

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

icons¶

Simple Icons ¶

Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding.

identity¶

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

identity management¶

LDAP ¶

Keycloak ¶

iframe¶

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

imprint¶

web-svc-legal ¶

Deploys a legal imprint (Impressum) page in Nginx from a Jinja2 template.

inference¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

infinito¶

Package Manager Installation 📦¶

Installs and updates packages using pkgmgr.

Infinito.Nexus CLI ¶

This role installs and provides the Infinito.Nexus CLI, enabling you to manage your entire Infinito.Nexus environment from the command line. After deployment, the `infinito` command is available.

sys-daemon ¶

Role to reset and configure the systemd manager (drop-ins, defaults, validation).

sys-service ¶

Role to manage systemd service units, including cleanup, deployment, and runtime configuration.

MIG ¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

Taiga ¶

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

infrastructure¶

Docker Compose ¶

Manages Docker Compose project structure and execution logic on Arch Linux.

Docker Server ¶

Installs and maintains Docker.

injection¶

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

injector¶

Nginx Global Matomo & Theming Modifier Role 🚀¶

Core role for Nginx HTML injection of Matomo, theming, iFrame and JS snippets based on application feature flags.

installation¶

Git ¶

Installs Git using the Pacman package manager on Arch Linux systems.

Python-Pip ¶

Installs the python-pip package to provide the Python package manager, ensuring that Python packages can be installed reliably on the target system.

Python-Yaml ¶

Installs the `python-yaml` package to enable YAML support in Python.

intel¶

drv-intel Role ¶

Installs Intel media drivers on Pacman-based systems, ensuring the `intel-media-driver` package is present and up-to-date.

iptables¶

WireGuard Client behind NAT ¶

Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.

java¶

Java ¶

Installs OpenJDK 11 (`jdk11-openjdk`) on Pacman-based systems to provide a Java runtime and development environment.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

javascript¶

Node.js ¶

Installs Node.js

npm ¶

Installs npm and runs optional ‘npm ci’ inside a project

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

jdk¶

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

jdk11¶

Java ¶

Installs OpenJDK 11 (`jdk11-openjdk`) on Pacman-based systems to provide a Java runtime and development environment.

jenkins¶

Jenkins ¶

Stub for a Jenkins CI server deployment via Docker Compose—role is currently deprecated and pending reimplementation.

jinja2¶

Docker Container ¶

Provides shared Jinja2 snippets for Docker Compose service definitions (base, networks, healthchecks, depends_on).

jira¶

Jira ¶

Jira Software is Atlassian’s issue & project tracking platform. This role deploys Jira in Docker, adds optional OIDC support, and integrates with the Infinito.Nexus ecosystem.

joomla¶

Joomla ¶

Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design, inspiring creativity and driving your digital presence to new heights.

journal¶

Jrnl Role for Ansible ¶

Installs Jrnl CLI journal application on Pacman-based systems for command-line journaling.

journalctl¶

sys-ctl-hlth-journalctl ¶

Searches the systemd journal for errors over the past day and alerts if any are found.

journald¶

Journalctl ¶

Configure and manage systemd-journald settings

jrnl¶

Jrnl Role for Ansible ¶

Installs Jrnl CLI journal application on Pacman-based systems for command-line journaling.

keepassxc¶

desk-keepassxc ¶

Installs KeePassXC password manager on Pacman-based systems.

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

kernel-modules¶

pc-virtual-box ¶

Installs and configures VirtualBox and its kernel modules on Pacman-based systems, including extension packs and user group setup.

keycloak¶

Keycloak ¶

Docker OAuth2 Proxy Role ¶

Configures OAuth2 Proxy with Keycloak integration for protecting web applications in Docker Compose.

lam¶

LAM ¶

Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories.

landingpage¶

Desktop ¶

PortUI provides Infinito.Nexus users with a unified web interface to easily access all their applications in one place

language¶

Hunspell ¶

Installs Hunspell and configured language packs on Pacman-based systems for spell checking in multiple languages.

laptop¶

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

ldap¶

LDAP ¶

BigBlueButton ¶

FusionDirectory ¶

FusionDirectory is a web-app-based tool to manage LDAP directories and this role ensures a reliable, easy-to-use interface for LDAP administration.

LAM ¶

Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories.

Nextcloud ¶

OpenProject ¶

phpldapadmin ¶

legal¶

web-svc-legal ¶

Deploys a legal imprint (Impressum) page in Nginx from a Jinja2 template.

letsencrypt¶

Docker Compose Certificate Sync Service ¶

Deploys Let’s Encrypt certificates into Docker Compose Nginx setups via systemd service and timer.

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

sys-svc-dns ¶

Cloudflare DNS bootstrap: parent host A/AAAA (and optional CAA) — runs once per play.

Let’s Encrypt SSL for Nginx 🔐¶

An Ansible role to automate Let’s Encrypt SSL certificate issuance and renewal for Nginx

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

libreoffice¶

LibreOffice ¶

Installs LibreOffice along with Liberation fonts and language packages on Arch Linux systems for a complete office suite experience.

lid¶

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

lightweight¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

linux¶

drv-intel Role ¶

Installs Intel media drivers on Pacman-based systems, ensuring the `intel-media-driver` package is present and up-to-date.

Docker Server ¶

Installs and maintains Docker.

listmonk¶

Listmonk ¶

Elevate your email marketing with Listmonk, a high-performance, self-hosted newsletter and mailing list manager featuring a modern dashboard, advanced analytics, and flexible configuration options.

litellm¶

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

llm¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

local¶

Backup Remote to Local ¶

Backup Docker to Local ¶

Automates the backup of Docker volumes to a local folder

locales¶

Locales ¶

Configure system locales by deploying locale.gen and locale.conf and generating locales

lock¶

System Maintenance Lock ¶

Ensures system integrity during maintenance activities by blocking execution until critical services have stopped, using a locking mechanism with timeout and retry logic.

log-management¶

ELK Stack ¶

logging¶

Journalctl ¶

Configure and manage systemd-journald settings

logout¶

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

logs¶

sys-ctl-hlth-journalctl ¶

Searches the systemd journal for errors over the past day and alerts if any are found.

lutris¶

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

magento¶

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

mail¶

🌐 Cloudflare DNS Records ¶

Generic role to manage Cloudflare DNS records (A/AAAA, CNAME, MX, TXT, SRV) in a data-driven way.

sys-dns-hetzner-rdns ¶

Generic role to manage reverse DNS (PTR) for Hetzner Cloud resources (server, primary_ip, floating_ip, load_balancer).

Postfix ¶

Installs and configures Postfix to provide a robust mail transfer agent setup with a preconfigured aliases file for local mail delivery.

Postmarks ¶

Installs and configures the Postmarks mail service client via Docker Compose, ready for use with applications requiring SMTP.

mail server¶

Mailu ¶

Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates comprehensive features for managing digital correspondence reliably.

mailu¶

Mailu ¶

Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates comprehensive features for managing digital correspondence reliably.

maintenance¶

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

System Maintenance Lock ¶

Ensures system integrity during maintenance activities by blocking execution until critical services have stopped, using a locking mechanism with timeout and retry logic.

Update apt ¶

Updates packages on Debian-based systems by refreshing the apt cache and performing a distribution upgrade.

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

Update Pacman ¶

Updates the package cache and upgrades all installed packages on Arch Linux systems using pacman.

make¶

Make Installation ¶

Installs GNU Make using the Pacman package manager on Arch Linux systems.

management¶

Infinito.Nexus CLI ¶

This role installs and provides the Infinito.Nexus CLI, enabling you to manage your entire Infinito.Nexus environment from the command line. After deployment, the `infinito` command is available.

LAM ¶

Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories.

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

manager¶

CopyQ ¶

Installs CopyQ clipboard manager on Pacman-based systems and configures autostart for the current user.

mangohud¶

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

mariadb¶

MariaDB ¶

Central Database ¶

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

PhpMyAdmin ¶

mastodon¶

Mastodon ¶

matomo¶

Nginx Global Matomo & Theming Modifier Role 🚀¶

Core role for Nginx HTML injection of Matomo, theming, iFrame and JS snippets based on application feature flags.

Nginx Matomo Tracking Role ¶

Injects Matomo analytics tracking code and noscript image tracker into Nginx-served HTML pages.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

Matomo ¶

matrix¶

Matrix ¶

media¶

desk-bluray-player ¶

Installs VLC, libaacs and libbluray for Blu-ray playback on Arch Linux–based systems.

drv-intel Role ¶

Installs Intel media drivers on Pacman-based systems, ensuring the `intel-media-driver` package is present and up-to-date.

mediawiki¶

MediaWiki ¶

memcached¶

Memcached ¶

Provides a Docker Compose snippet for a Memcached service (`memcached`) with optional volume, healthcheck, and logging.

meta¶

MIG ¶

micro¶

Desk-micro Role for Ansible ¶

Installs micro CLI text editor on Pacman‑based systems.

microblog¶

Mastodon ¶

microcontroller¶

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

mig¶

MIG ¶

minio¶

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

mobilizon¶

Mobilizon ¶

Experience Mobilizon, an open-source event management platform that empowers communities to create, manage, and attend events with ease, prioritizing privacy and decentralization.

monitor¶

sys-ctl-hlth-btrfs ¶

Health-check for Btrfs filesystems, alerts on any device error counters.

sys-ctl-hlth-disc-space ¶

Disk-space usage monitor; alerts when usage exceeds threshold.

Docker Container Health Check ¶

Checks Docker containers for unhealthy or exited states and alerts on any issues.

Docker Volumes Health Check ¶

Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts.

sys-ctl-hlth-journalctl ¶

Searches the systemd journal for errors over the past day and alerts if any are found.

sys-ctl-hlth-msmtp ¶

Periodic MTA health-check: sends test mail via msmtp and alerts on failure.

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

monitoring¶

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

moodle¶

Moodle ¶

Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning.

msmtp¶

Automated Email Alerts for Service Failures ¶

Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

sys-ctl-hlth-msmtp ¶

Periodic MTA health-check: sends test mail via msmtp and alerts on failure.

msmtp 📧¶

Installs and configures msmtp, a lightweight SMTP client and sendmail replacement.

mtu¶

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

multisite¶

WordPress ¶

Use the full power of WordPress—with its intuitive interface, customizable themes and plugins, responsive design, and advanced SEO tools—in a scalable and secure containerized environment.

music¶

Spotify 🎵¶

Installs the Spotify client.

Funkwhale ¶

nat¶

WireGuard Client behind NAT ¶

Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.

neovim¶

Desk-neovim Role for Ansible ¶

Installs neovim CLI text editor on Pacman‑based systems.

network¶

Persona: Network Administrator🌐¶

Installs essential network analysis tools for system administrators on Linux.

networking¶

Wireguard ¶

Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity.

WireGuard Client behind NAT ¶

Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.

nextcloud¶

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

Nextcloud ¶

nginx¶

OpenResty ¶

Role to provision an OpenResty container via Docker Compose.

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

Docker Compose Certificate Sync Service ¶

Deploys Let’s Encrypt certificates into Docker Compose Nginx setups via systemd service and timer.

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Nginx Global Matomo & Theming Modifier Role 🚀¶

Core role for Nginx HTML injection of Matomo, theming, iFrame and JS snippets based on application feature flags.

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

Nginx Matomo Tracking Role ¶

Injects Matomo analytics tracking code and noscript image tracker into Nginx-served HTML pages.

Front Base (HTTPS + Cloudflare + Handlers) 🚀¶

Front bootstrap for web apps: HTTPS base, optional Cloudflare setup, and handler wiring.

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

Content Delivery Network ¶

Prepares and manages the CDN folder structure with shared, vendor, and per-role release directories.

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

sys-svc-cln-domains ¶

Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains

sys-svc-dns ¶

Cloudflare DNS bootstrap: parent host A/AAAA (and optional CAA) — runs once per play.

Let’s Encrypt SSL for Nginx 🔐¶

An Ansible role to automate Let’s Encrypt SSL certificate issuance and renewal for Nginx

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

Nextcloud ¶

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

Nginx Redirect Role ¶

Configures Nginx to perform 301 redirects based on a list of source→target domain mappings.

Nginx WWW Redirect 🌐¶

An Ansible role to redirect www subdomains to bare domains (apex). Supports Cloudflare edge redirects or local Nginx redirects.

Assets Server ¶

Serves static assets via Nginx by copying from a source directory to the Nginx data path.

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

web-svc-legal ¶

Deploys a legal imprint (Impressum) page in Nginx from a Jinja2 template.

web-svc-logout ¶

Deploys the universal logout service: a Dockerized Python container, Nginx `/logout` proxies for `*.infinito.nexus`, and the `conductor.html.j2` template for unified logout orchestration.

nodejs¶

Node.js ¶

Installs Node.js

npm ¶

Installs npm and runs optional ‘npm ci’ inside a project

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

Roulette Wheel ¶

nonfree¶

Non-Free Drivers ¶

Installs proprietary GPU drivers (`mhwd -a pci nonfree 0300`) on Arch-based systems.

notifications¶

Unified Service Failure Notifier ¶

Installs a unified systemd notification service that sends alerts via both Telegram and Email when a service fails.

Automated Email Alerts for Service Failures ¶

Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

Automated Telegram Alerts for Service Failures ¶

Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

notifier¶

Unified Service Failure Notifier ¶

Installs a unified systemd notification service that sends alerts via both Telegram and Email when a service fails.

npm¶

npm ¶

Installs npm and runs optional ‘npm ci’ inside a project

oauth2¶

sys-stk-back-stateless ¶

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

Docker OAuth2 Proxy Role ¶

Configures OAuth2 Proxy with Keycloak integration for protecting web applications in Docker Compose.

pgAdmin ¶

PhpMyAdmin ¶

object-storage¶

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

obs¶

desk-obs ¶

Installs OBS Studio for streaming and recording on Pacman-based systems.

office¶

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

office-suite¶

LibreOffice ¶

Installs LibreOffice along with Liberation fonts and language packages on Arch Linux systems for a complete office suite experience.

offline¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

oidc¶

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

sys-stk-back-stateless ¶

BigBlueButton ¶

Nextcloud ¶

Taiga ¶

ollama¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

open-source¶

Gamer Default 🎮¶

Installs a curated set of open source games for Arch Linux.

Discourse ¶

Discourse is a popular open-source discussion platform designed to foster community engagement with modern, user-friendly features and robust moderation tools.

Matomo ¶

Mobilizon ¶

Experience Mobilizon, an open-source event management platform that empowers communities to create, manage, and attend events with ease, prioritizing privacy and decentralization.

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

openid¶

Taiga ¶

openjdk¶

Java ¶

Installs OpenJDK 11 (`jdk11-openjdk`) on Pacman-based systems to provide a Java runtime and development environment.

openldap¶

LDAP ¶

openproject¶

OpenProject ¶

openresty¶

OpenResty ¶

Role to provision an OpenResty container via Docker Compose.

opensearch¶

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

openwebui¶

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

optimization¶

Storage Optimizer ¶

Optimizes storage allocation for Docker volumes by migrating volumes between SSD and HDD based on container image types, and creates symbolic links to maintain consistent paths.

orchestration¶

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

package¶

Python-Pip ¶

Installs the python-pip package to provide the Python package manager, ensuring that Python packages can be installed reliably on the target system.

Python-Yaml ¶

Installs the `python-yaml` package to enable YAML support in Python.

Package Manager Installation 📦¶

Installs and updates packages using pkgmgr.

package-management¶

System AUR Helper ¶

Installs the AUR helper yay and configures an aur_builder user with appropriate sudo privileges to facilitate AUR package management on Arch Linux systems.

pacman¶

Git ¶

Installs Git and configures it using a custom git-configurator for personal computers.

Fakeroot ¶

Installs fakeroot on Arch Linux using Pacman, enabling non-privileged file manipulations required for package building and development.

Git ¶

Installs Git using the Pacman package manager on Arch Linux systems.

drv-intel Role ¶

Installs Intel media drivers on Pacman-based systems, ensuring the `intel-media-driver` package is present and up-to-date.

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

Update Pacman ¶

Updates the package cache and upgrades all installed packages on Arch Linux systems using pacman.

passwords¶

desk-keepassxc ¶

Installs KeePassXC password manager on Pacman-based systems.

peertube¶

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

performance¶

Storage Optimizer ¶

Optimizes storage allocation for Docker volumes by migrating volumes between SSD and HDD based on container image types, and creates symbolic links to maintain consistent paths.

System Swapfile ¶

Automates swapfile creation on target systems by cloning and executing a swapfile script.

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

persona¶

Arduino Development Utilities 🔌¶

Installs tools and permissions for Arduino development on Linux.

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

Persona: Administrator 🛠️¶

Installs essential tools for Linux system administrators on Linux.

Persona: Network Administrator🌐¶

Installs essential network analysis tools for system administrators on Linux.

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

pgadmin¶

pgAdmin ¶

php¶

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Magento ¶

Deploy Magento (Adobe Commerce Open Source) via Docker Compose with OpenSearch, MariaDB, optional Redis, and proxy integration for Infinito.Nexus.

Nextcloud ¶

phpldapadmin¶

phpldapadmin ¶

phpmyadmin¶

PhpMyAdmin ¶

pip¶

Python-Pip ¶

Installs the python-pip package to provide the Python package manager, ensuring that Python packages can be installed reliably on the target system.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

pixelfed¶

Pixelfed ¶

pkgmgr¶

Kevins Package Manager 🤖📦¶

Automates the installation of Kevin’s Package Manager — a tool for managing multiple repositories and automating Git operations.

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

png¶

Simple Icons ¶

Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding.

portfolio¶

Desktop ¶

PortUI provides Infinito.Nexus users with a unified web interface to easily access all their applications in one place

postfix¶

Postfix ¶

Installs and configures Postfix to provide a robust mail transfer agent setup with a preconfigured aliases file for local mail delivery.

postgresql¶

PostgreSQL ¶

Central Database ¶

pgAdmin ¶

PhpMyAdmin ¶

postmarks¶

Postmarks ¶

Installs and configures the Postmarks mail service client via Docker Compose, ready for use with applications requiring SMTP.

postMessage¶

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

power¶

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

presentation¶

Presentation ¶

pretix¶

Pretix ¶

Pretix is an open-source ticketing system for events, enabling online sales, registration management, custom ticket layouts, and secure payment integration. It is self-hosted to ensure full control and data protection.

printer¶

Driver Epson Multiprinter Driver ¶

Installs Epson multifunction printer drivers and scanning utilities (escpr, imagescan) via Pacman and AUR on Arch Linux.

privacy¶

Torbrowser ¶

Installs and configures the Tor service and Tor Browser Launcher for secure, anonymous web browsing on Pacman-based systems.

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

productivity¶

Office Tools ¶

Installs a suite of office productivity tools—web browser, email client, e-book manager, and reStructuredText/Markdown editor—on Pacman-based systems.

profile¶

Shell 🐚¶

Ensures that .profile is sourced in all shells.

project management¶

Jira ¶

Jira Software is Atlassian’s issue & project tracking platform. This role deploys Jira in Docker, adds optional OIDC support, and integrates with the Infinito.Nexus ecosystem.

project-management¶

OpenProject ¶

Taiga ¶

provider¶

Backup Provider ¶

Configures the host as a backup provider to facilitate secure backup operations.

proxy¶

sys-stk-back-stateless ¶

Database Docker with Web Proxy ¶

Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front-proxy.

Docker Compose with Web Proxy ¶

Combines the docker-compose role with sys-stk-front-proxy to deploy applications behind a reverse proxy.

Docker OAuth2 Proxy Role ¶

Configures OAuth2 Proxy with Keycloak integration for protecting web applications in Docker Compose.

ptr¶

sys-dns-hetzner-rdns ¶

Generic role to manage reverse DNS (PTR) for Hetzner Cloud resources (server, primary_ip, floating_ip, load_balancer).

puppeteer¶

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

python¶

Python-Pip ¶

Installs the python-pip package to provide the Python package manager, ensuring that Python packages can be installed reliably on the target system.

Python-Yaml ¶

Installs the `python-yaml` package to enable YAML support in Python.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

qbittorrent¶

QBittorrent ¶

Installs the qBittorrent torrent client via AUR on Arch Linux.

qdrant¶

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

qr¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

rag¶

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

rdbms¶

Database Docker Composition ¶

Combines Docker Compose with a central RDBMS role to automatically provision database containers with backup, user, and permission management.

rdns¶

sys-dns-hetzner-rdns ¶

Generic role to manage reverse DNS (PTR) for Hetzner Cloud resources (server, primary_ip, floating_ip, load_balancer).

reading¶

BookWyrm ¶

BookWyrm is a self-hosted federated social reading platform where users share reviews, track reading, and connect with others across the Fediverse.

real-time¶

Matrix ¶

realtime¶

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

recording¶

desk-obs ¶

Installs OBS Studio for streaming and recording on Pacman-based systems.

records¶

🌐 Cloudflare DNS Records ¶

Generic role to manage Cloudflare DNS records (A/AAAA, CNAME, MX, TXT, SRV) in a data-driven way.

redirect¶

Nginx Redirect Role ¶

Configures Nginx to perform 301 redirects based on a list of source→target domain mappings.

Nginx WWW Redirect 🌐¶

An Ansible role to redirect www subdomains to bare domains (apex). Supports Cloudflare edge redirects or local Nginx redirects.

redis¶

Redis ¶

Provides a Docker Compose snippet for a Redis service (redis:alpine) with volume, healthcheck and logging.

remote¶

Backup Remote to Local ¶

repositories¶

Kevins Package Manager 🤖📦¶

Automates the installation of Kevin’s Package Manager — a tool for managing multiple repositories and automating Git operations.

restart¶

Docker Auto Restart ¶

Automates the restart of Docker Compose instances by detecting docker-compose.yml files and executing a restart script, ensuring consistent service availability.

retroarch¶

RetroArch 🎮¶

Installs and configures RetroArch.

revealjs¶

Presentation ¶

reverse_proxy¶

OpenResty ¶

Role to provision an OpenResty container via Docker Compose.

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

roles¶

Content Delivery Network ¶

Prepares and manages the CDN folder structure with shared, vendor, and per-role release directories.

root¶

Root User ¶

roulette¶

Roulette Wheel ¶

runtime¶

Node.js ¶

Installs Node.js

s3¶

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

sales¶

EspoCRM ¶

Pretix ¶

scanner¶

Driver Epson Multiprinter Driver ¶

Installs Epson multifunction printer drivers and scanning utilities (escpr, imagescan) via Pacman and AUR on Arch Linux.

scheduling¶

Systemd Timer ¶

Configures a systemd timer to periodically start a specified service. This role automates the creation, reloading, and restarting of systemd timer units for recurring tasks.

scripting¶

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

security¶

Chromium 🌐¶

Automates the installation and configuration of the Chromium browser with enforced security extensions.

desk-keepassxc ¶

Installs KeePassXC password manager on Pacman-based systems.

Backup Provider ¶

Configures the host as a backup provider to facilitate secure backup operations.

User for Backup Provider ¶

🌐 iFrame Notifier for Nginx ¶

Injects a JS snippet into HTML to notify parent windows of iframe location changes and force external links to new tabs.

Postfix ¶

Installs and configures Postfix to provide a robust mail transfer agent setup with a preconfigured aliases file for local mail delivery.

Sudo ¶

Installs and configures the sudo package with a default sudoers file to ensure secure privilege escalation and system administration.

Let’s Encrypt SSL for Nginx 🔐¶

An Ansible role to automate Let’s Encrypt SSL certificate issuance and renewal for Nginx

sshd ¶

Configures a secure SSH daemon environment by deploying a templated sshd_config file and restarting the SSH service as needed.

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

Administrator User ¶

Root User ¶

Browsers 🎨¶

Wrapper role to install and configure both Chromium and Firefox with enforced security extensions.

self-hosted¶

Ollama ¶

Installs Ollama — a local model server for running open LLMs with a simple HTTP API.

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

Funkwhale ¶

Gitea ¶

GitLab ¶

Accelerate your development with GitLab, an all-in-one platform for source code management, CI/CD, and more. Experience a robust and collaborative environment that empowers your development process.

Joomla ¶

Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design, inspiring creativity and driving your digital presence to new heights.

Keycloak ¶

Listmonk ¶

Elevate your email marketing with Listmonk, a high-performance, self-hosted newsletter and mailing list manager featuring a modern dashboard, advanced analytics, and flexible configuration options.

Mailu ¶

Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates comprehensive features for managing digital correspondence reliably.

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

Open WebUI ¶

Installs Open WebUI — a clean, fast chat interface for local/private AI models (e.g., via Ollama).

seo¶

Nginx WWW Redirect 🌐¶

An Ansible role to redirect www subdomains to bare domains (apex). Supports Cloudflare edge redirects or local Nginx redirects.

services¶

sys-service ¶

Role to manage systemd service units, including cleanup, deployment, and runtime configuration.

shell¶

Shell 🐚¶

Ensures that .profile is sourced in all shells.

Shell Development Utilities 🐚¶

Installs tools for Bash scripting and shell development on Linux.

shop¶

Pretix ¶

smtp¶

msmtp 📧¶

Installs and configures msmtp, a lightweight SMTP client and sendmail replacement.

Postmarks ¶

Installs and configures the Postmarks mail service client via Docker Compose, ready for use with applications requiring SMTP.

snipe-it¶

Snipe‑IT ¶

socialhome¶

SocialHome ¶

Deploys a SocialHome federated social network via Docker Compose with basic domain wiring.

socialmedia¶

Pixelfed ¶

software¶

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Java Development Utilities ☕️¶

Installs tools and dependencies for Java development on Linux.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Python Development Utilities 🐍¶

Installs tools and environment for Python development on Linux.

space¶

sys-ctl-hlth-disc-space ¶

Disk-space usage monitor; alerts when usage exceeds threshold.

spellcheck¶

Hunspell ¶

Installs Hunspell and configured language packs on Pacman-based systems for spell checking in multiple languages.

sphinx¶

Sphinx ¶

spotify¶

Spotify 🎵¶

Installs the Spotify client.

ssh¶

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

User for Backup Provider ¶

sshd ¶

Configures a secure SSH daemon environment by deploying a templated sshd_config file and restarting the SSH service as needed.

User ¶

Executes common tasks for user environment configuration.

Administrator User ¶

Root User ¶

sshd¶

sshd ¶

Configures a secure SSH daemon environment by deploying a templated sshd_config file and restarting the SSH service as needed.

ssl¶

Certbot Reaper ¶

Automates the revocation and deletion of unused Let’s Encrypt certificates

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

Let’s Encrypt SSL for Nginx 🔐¶

An Ansible role to automate Let’s Encrypt SSL certificate issuance and renewal for Nginx

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

sso¶

BigBlueButton ¶

Keycloak ¶

OpenProject ¶

stateless¶

Semi-Stateless Stack (Front + Back) ⚡¶

Combined semi-stateless app stack: front bootstrap + stateless backend.

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

static¶

Assets Server ¶

Serves static assets via Nginx by copying from a source directory to the Nginx data path.

Nginx Static HTML Server ¶

Configures an Nginx server to host static HTML websites with HTTPS support, automatic SSL certificate retrieval via Let’s Encrypt, and secure default settings.

static-files¶

web-svc-cdn ¶

Configures an Nginx-based Content Delivery Network Server.

Nginx File Server ¶

Configures an Nginx-based file server with HTTPS support, automatic SSL/TLS certificate retrieval, directory listing, and .well-known handling for secure static file hosting.

steam¶

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

storage¶

Storage Optimizer ¶

Optimizes storage allocation for Docker volumes by migrating volumes between SSD and HDD based on container image types, and creates symbolic links to maintain consistent paths.

Cleanup Disc Space ¶

Frees disk space on the target system by executing a cleanup script that removes temporary files, clears package caches, and optionally handles Docker and backup cleanup.

MinIO ¶

Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts.

stream¶

Webserver ¶

Installs and configures Nginx HTTP and stream modules with performance-tuned defaults.

streaming¶

desk-obs ¶

Installs OBS Studio for streaming and recording on Pacman-based systems.

Spotify 🎵¶

Installs the Spotify client.

stub¶

Jenkins ¶

Stub for a Jenkins CI server deployment via Docker Compose—role is currently deprecated and pending reimplementation.

XMPP ¶

Stub role for deploying an XMPP server/container—implementation pending.

stun¶

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

sub_filter¶

🌐 Global JavaScript Injector for Nginx ¶

Injects a custom JavaScript snippet into Nginx-served HTML responses via sub_filter.

sys-front-inj-logout ¶

Injects a JavaScript snippet via Nginx sub_filter that intercepts all logout actions (links, buttons, forms) and redirects users to a centralized OIDC logout endpoint.

sudo¶

Sudo ¶

Installs and configures the sudo package with a default sudoers file to ensure secure privilege escalation and system administration.

Administrator User ¶

svg¶

Simple Icons ¶

Deploy and serve SVG and PNG icons effortlessly with Simple Icons, a containerized icon server ideal for web projects, documentation, and branding.

swapfile¶

System Swapfile ¶

Automates swapfile creation on target systems by cloning and executing a swapfile script.

syncope¶

Syncope (DRAFT)¶

Apache Syncope is an open-source Identity and Access Management (IAM) system, offering centralized identity governance, user provisioning, role management, and workflow integration.

system¶

Locales ¶

Configure system locales by deploying locale.gen and locale.conf and generating locales

Hostname ¶

Set the system hostname based on the inventory_hostname

System Maintenance Lock ¶

Ensures system integrity during maintenance activities by blocking execution until critical services have stopped, using a locking mechanism with timeout and retry logic.

Docker Server ¶

Installs and maintains Docker.

Journalctl ¶

Configure and manage systemd-journald settings

Update apt ¶

Updates packages on Debian-based systems by refreshing the apt cache and performing a distribution upgrade.

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

Update Pacman ¶

Updates the package cache and upgrades all installed packages on Arch Linux systems using pacman.

Persona: Administrator 🛠️¶

Installs essential tools for Linux system administrators on Linux.

systemd¶

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

Driver Lid Switch 🛑💻¶

Fixes incorrect lid switch behavior on Linux laptops by setting up hibernation and configuring systemd.

Backup to USB ¶

Automated backups to a swappable USB device.

Backup Remote to Local ¶

Wireguard ¶

Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity.

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

Unified Service Failure Notifier ¶

Installs a unified systemd notification service that sends alerts via both Telegram and Email when a service fails.

Automated Email Alerts for Service Failures ¶

Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

Automated Telegram Alerts for Service Failures ¶

Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

Backup Docker to Local ¶

Automates the backup of Docker volumes to a local folder

Certbot Reaper ¶

Automates the revocation and deletion of unused Let’s Encrypt certificates

sys-ctl-hlth-btrfs ¶

Health-check for Btrfs filesystems, alerts on any device error counters.

Health CSP Crawler ¶

Checks for CSP-blocked resources via Puppeteer-based Node.js crawler

sys-ctl-hlth-disc-space ¶

Disk-space usage monitor; alerts when usage exceeds threshold.

Docker Container Health Check ¶

Checks Docker containers for unhealthy or exited states and alerts on any issues.

Docker Volumes Health Check ¶

Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts.

sys-ctl-hlth-journalctl ¶

Searches the systemd journal for errors over the past day and alerts if any are found.

sys-ctl-hlth-msmtp ¶

Periodic MTA health-check: sends test mail via msmtp and alerts on failure.

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

Docker Compose Certificate Sync Service ¶

Deploys Let’s Encrypt certificates into Docker Compose Nginx setups via systemd service and timer.

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Docker Auto Restart ¶

Automates the restart of Docker Compose instances by detecting docker-compose.yml files and executing a restart script, ensuring consistent service availability.

Docker Healer 🩺¶

Automated recovery for unhealthy or exited Docker Compose containers.

sys-daemon ¶

Role to reset and configure the systemd manager (drop-ins, defaults, validation).

sys-service ¶

Role to manage systemd service units, including cleanup, deployment, and runtime configuration.

Systemd Timer ¶

Configures a systemd timer to periodically start a specified service. This role automates the creation, reloading, and restarting of systemd timer units for recurring tasks.

taiga¶

Taiga ¶

telegram¶

Unified Service Failure Notifier ¶

Installs a unified systemd notification service that sends alerts via both Telegram and Email when a service fails.

Automated Telegram Alerts for Service Failures ¶

Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail.

terminal¶

GNOME Terminal ¶

Installs GNOME Terminal on Arch Linux, providing a modern terminal emulator for the GNOME desktop environment.

theming¶

Nginx Global Matomo & Theming Modifier Role 🚀¶

Core role for Nginx HTML injection of Matomo, theming, iFrame and JS snippets based on application feature flags.

🌍 Global CSS Injection for Nginx ¶

Global CSS injection for Nginx-based apps using dynamic colorschemes.

tickets¶

Pretix ¶

timer¶

Systemd Timer ¶

Configures a systemd timer to periodically start a specified service. This role automates the creation, reloading, and restarting of systemd timer units for recurring tasks.

Cleanup Backups Timer ¶

Schedules periodic cleanup of old backups by configuring a systemd timer to trigger the sys-ctl-cln-bkps role.

tls¶

LDAP ¶

Nginx Certbot Automation ¶

Automates Let’s Encrypt SSL/TLS certificate renewals for Nginx using Certbot and systemd services with automatic reloads after successful renewals.

Nginx Domain Setup 🚀¶

Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.

Certbot ¶

Automates the installation and configuration of Certbot for SSL/TLS certificate management

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

Webserver HTTPS Provisioning 🚀¶

Configures Nginx to serve sites securely over HTTPS, integrates Let’s Encrypt and cleans up stale domain configs.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

tools¶

dev-base-devel Role ¶

This role installs the base-devel package group, providing all core development tools needed for building software on Arch Linux systems.

Development Utilities 👨‍💻¶

Installs a base development environment for software engineers on Linux.

Persona: Administrator 🛠️¶

Installs essential tools for Linux system administrators on Linux.

Persona: Network Administrator🌐¶

Installs essential network analysis tools for system administrators on Linux.

tor¶

Torbrowser ¶

Installs and configures the Tor service and Tor Browser Launcher for secure, anonymous web browsing on Pacman-based systems.

torrent¶

QBittorrent ¶

Installs the qBittorrent torrent client via AUR on Arch Linux.

turn¶

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

uncategorized¶

MSI Keyboard Driver ¶

Ansible role to set up dynamic keyboard color change on MSI laptops

Docker Role Template ¶

Deploys LibreTranslate via Docker Compose with configurable Redis and database backends, and optional Matomo tracking.

update¶

Package Manager Installation 📦¶

Installs and updates packages using pkgmgr.

Docker Auto Restart ¶

Automates the restart of Docker Compose instances by detecting docker-compose.yml files and executing a restart script, ensuring consistent service availability.

Update apt ¶

Updates packages on Debian-based systems by refreshing the apt cache and performing a distribution upgrade.

update-compose ¶

Centralizes system update operations by conditionally invoking platform-specific update roles and Docker image updates.

Update Pacman ¶

Updates the package cache and upgrades all installed packages on Arch Linux systems using pacman.

url-shortener¶

YOURLS ¶

Streamline your online presence with YOURLS — a nimble, open‑source URL shortener that empowers you to create, track, and manage short links effortlessly.

usb¶

Backup to USB ¶

Automated backups to a swappable USB device.

user¶

Nextcloud Client ☁️¶

Installs and links Nextcloud desktop client folders for cloud-integrated user environments.

User for Backup Provider ¶

User ¶

Executes common tasks for user environment configuration.

Administrator User ¶

Root User ¶

utility¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

version control¶

Gitea ¶

GitLab ¶

Accelerate your development with GitLab, an all-in-one platform for source code management, CI/CD, and more. Experience a robust and collaborative environment that empowers your development process.

versioning¶

Content Delivery Network ¶

Prepares and manages the CDN folder structure with shared, vendor, and per-role release directories.

video¶

Zoom ¶

Installs the Zoom video conferencing client via AUR on Arch Linux.

BigBlueButton ¶

video platform¶

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

video-hosting¶

PeerTube ¶

Transform your video hosting experience with Peertube, a decentralized platform built for scalability, innovation, and community collaboration.

virtualbox¶

pc-virtual-box ¶

Installs and configures VirtualBox and its kernel modules on Pacman-based systems, including extension packs and user group setup.

virtualization¶

pc-virtual-box ¶

Installs and configures VirtualBox and its kernel modules on Pacman-based systems, including extension packs and user group setup.

visualization¶

MIG ¶

vlc¶

desk-bluray-player ¶

Installs VLC, libaacs and libbluray for Blu-ray playback on Arch Linux–based systems.

volumes¶

Cleanup Docker Anonymous Volumes ¶

Install and run dockreap to clean up unused anonymous Docker volumes

Docker Volumes Health Check ¶

Detects anonymous Docker volumes not bound to containers (unless whitelisted) and alerts.

vpn¶

Wireguard ¶

Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity.

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

wayland¶

SSH Agent 🔐¶

Persistent SSH agent setup for GNOME Wayland sessions with SSH configuration pulled from Git.

web¶

Front Base (HTTPS + Cloudflare + Handlers) 🚀¶

Front bootstrap for web apps: HTTPS base, optional Cloudflare setup, and handler wiring.

Nginx Docker Reverse Proxy 🚀¶

Nginx reverse proxy front-end for local Docker applications.

PHP Development Utilities 🐘¶

Installs PHP and related development tools on Linux for PHP software engineering.

Corporate ¶

Deploys a corporate identity environment with web assets, legal pages, and a portfolio site on Linux.

Nextcloud ¶

webapp¶

Mini-QR ¶

Mini-QR is a minimalist, self-hosted web application that allows users to instantly generate QR codes in a privacy-friendly way.

webrtc¶

Coturn ¶

Deploys Coturn, a free and open-source TURN/STUN server

webserver¶

sys-ctl-hlth-webserver ¶

Checks that each Nginx domain returns its expected HTTP status and alerts on unexpected codes.

sys-util-csp-cert ¶

Composes HTTPS setup and HTML-content injections (CSS, Matomo, iFrame, JS) for webserver domains.

webui¶

pgAdmin ¶

phpldapadmin ¶

PhpMyAdmin ¶

wiki¶

Confluence ¶

MediaWiki ¶

XWiki ¶

XWiki is an open-source enterprise wiki and knowledge management platform, offering collaboration tools, structured content, and extensibility through apps and plugins.

wildcard¶

Nginx HTTPS Certificate Retrieval ¶

Automates the retrieval of Let’s Encrypt SSL/TLS certificates for Nginx domains using Certbot, supporting both single-domain and wildcard certificates with DNS and webroot ACME challenges.

wine¶

Gamer 🎮¶

Gaming setup role for Arch Linux systems.

Gamer Core 🧩¶

Installs essential gaming utilities, launchers, and runtimes on Linux.

wireguard¶

Wireguard ¶

Manages Wireguard VPN configuration on the host. Installs necessary tools, deploys sysctl settings for IP forwarding, and copies the Wireguard configuration file to enable secure VPN connectivity.

WireGuard Client behind NAT ¶

Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.

Wireguard Client ¶

Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity.

wopi¶

Docker Collabora (DRAFT)¶

Collabora Online CODE with automated proxy, networking, and environment configuration.

wordpress¶

WordPress ¶

Use the full power of WordPress—with its intuitive interface, customizable themes and plugins, responsive design, and advanced SEO tools—in a scalable and secure containerized environment.

workflow¶

Flowise ¶

Installs Flowise — a visual builder to create, test, and publish AI workflows (RAG, tools, webhooks).

www¶

Nginx WWW Redirect 🌐¶

An Ansible role to redirect www subdomains to bare domains (apex). Supports Cloudflare edge redirects or local Nginx redirects.

xmpp¶

XMPP ¶

Stub role for deploying an XMPP server/container—implementation pending.

xwiki¶

XWiki ¶

XWiki is an open-source enterprise wiki and knowledge management platform, offering collaboration tools, structured content, and extensibility through apps and plugins.

yaml¶

Python-Yaml ¶

Installs the `python-yaml` package to enable YAML support in Python.

yay¶

System AUR Helper ¶

Installs the AUR helper yay and configures an aur_builder user with appropriate sudo privileges to facilitate AUR package management on Arch Linux systems.

yourls¶

YOURLS ¶

Streamline your online presence with YOURLS — a nimble, open‑source URL shortener that empowers you to create, track, and manage short links effortlessly.