From 3f350f338dafc90495ecc02a1c61ddf98c6c7950 Mon Sep 17 00:00:00 2001
From: Tobias Petrich <tobias@rohrschacht.de>
Date: Fri, 1 May 2026 14:13:02 +0200
Subject: [PATCH] add trilium

---
 .../services/files/trilium/trilium.container  | 22 ++++++++++++++
 ansible/roles/services/vars/main.yml          |  4 +++
 ansible/roles/traefik/files/dynamic.yml       | 30 ++++++++++++++++++-
 3 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/services/files/trilium/trilium.container

diff --git a/ansible/roles/services/files/trilium/trilium.container b/ansible/roles/services/files/trilium/trilium.container
new file mode 100644
index 0000000..5835247
--- /dev/null
+++ b/ansible/roles/services/files/trilium/trilium.container
@@ -0,0 +1,22 @@
+[Unit]
+Description=Trilium deployment
+Wants=network-online.target
+After=network.target network-online.target
+
+[Container]
+ContainerName=trilium
+Image=docker.io/triliumnext/trilium:latest
+PublishPort=127.0.0.1:9400:8080
+Volume=/var/vol/trilium/data:/home/node/trilium-data:Z
+Volume=/usr/share/zoneinfo/Europe/Berlin:/etc/localtime:ro
+Environment=TRILIUM_DATA_DIR=/home/node/trilium-data
+AutoUpdate=registry
+
+[Service]
+# Restart service when sleep finishes
+Restart=on-failure
+RestartSec=60
+
+[Install]
+# Start by default on boot
+WantedBy=multi-user.target default.target
diff --git a/ansible/roles/services/vars/main.yml b/ansible/roles/services/vars/main.yml
index c0010d6..ecbf1e8 100644
--- a/ansible/roles/services/vars/main.yml
+++ b/ansible/roles/services/vars/main.yml
@@ -63,3 +63,7 @@ services:
     systemd_service_name: "silverbullet"
     service_directories:
       - space
+  trilium:
+    systemd_service_name: "trilium"
+    service_directories:
+      - data
diff --git a/ansible/roles/traefik/files/dynamic.yml b/ansible/roles/traefik/files/dynamic.yml
index 4c2dcfe..8909826 100644
--- a/ansible/roles/traefik/files/dynamic.yml
+++ b/ansible/roles/traefik/files/dynamic.yml
@@ -170,6 +170,28 @@ http:
         certResolver: letsencrypt
       service: authentik-service
 
+    # Router for trilium.rohrschacht.de
+    trilium-router:
+      rule: "Host(`trilium.rohrschacht.de`)"
+      entryPoints:
+        - websecure
+      middlewares:
+        - authentik
+      priority: 10
+      tls:
+        certResolver: letsencrypt
+      service: trilium-service
+
+    # Router for trilium.rohrschacht.de authentik outpost path
+    trilium-router-auth:
+      rule: "Host(`trilium.rohrschacht.de`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      entryPoints:
+        - websecure
+      priority: 15
+      tls:
+        certResolver: letsencrypt
+      service: authentik-service
+
   services:
     # Service for wekan.rohrschacht.de
     wekan-service:
@@ -247,4 +269,10 @@ http:
     silverbullet-service:
       loadBalancer:
         servers:
-          - url: "http://localhost:9300"
\ No newline at end of file
+          - url: "http://localhost:9300"
+
+    # Service for trilium.rohrschacht.de
+    trilium-service:
+      loadBalancer:
+        servers:
+          - url: "http://localhost:9400"
\ No newline at end of file