+ refactored and solve some problems with mariadb and nginx playbook

+ apps playbooks - docker, caprover
* simple refactore starter scripts
+ apt update debops playboook prepend launch by default
* sury repo changed
* database users locked to localhost only
* phpmyadmin blowfish generate secret fix

playbooks/own/libgd3-fix-for-php8.yml

@@ -1,16 +1,18 @@
 ---
 - name: Solve problem with libgd3 for php-gd
   hosts: [ 'debian10' ]
-  when: (php_version != '7.4')
   vars_files:
     - ./../../vars/php.yml
   tasks:
-    - copy:
+    - name: Set pin for libgd3 package
+      copy:
         dest: '/etc/apt/preferences.d/libgd-pin100'
         content: |-
           Package: libgd3
           Pin-Priority: 100
-    - shell: |-
+
+    - name: Update apt cache policy and install libgd
+      shell: |-
         apt update
         apt install -t bullseye libgd3 -yy
         apt-cache policy libgd3

playbooks/own/phpmyadmin-nginx-auth.yml

@@ -22,7 +22,7 @@
         content: |-
           server {
               listen 80;
-              listen 443;
+              listen 443 ssl;
               ssl_certificate           /etc/pki/realms/domain/default.crt;
               ssl_certificate_key       /etc/pki/realms/domain/default.key;
               server_name pma.{{ domain_name }};

playbooks/own/phpmyadmin.yml

@@ -9,6 +9,7 @@
 
   vars:
     - phpmyadmin_version: 5.2.1
+      # https://docs.ansible.com/ansible/latest/collections/community/general/random_string_lookup.html#keyword-parameters
     - blowfish_secret: "{{ lookup('community.general.random_string', length=32) }}"
 
   tasks:
@@ -24,5 +25,17 @@
         mv phpMyAdmin-{{ phpmyadmin_version }}-all-languages phpmyadmin
         cd phpmyadmin
         cp config.sample.inc.php config.inc.php
-        sed -i "s|'blowfish_secret'] = ''|'blowfish_secret'] = '{{ blowfish_secret }}'|g" config.inc.php
         mkdir tmp && sudo chown :33 tmp && chmod g+w tmp
+
+    - name: 'Set cookie blowfish secret'
+      # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html
+      replace:
+        path: /var/www/phpmyadmin/config.inc.php
+        regexp: "'blowfish_secret'] = ''"
+        replace: "'blowfish_secret'] = '{{ blowfish_secret | replace('\'', '\\\'') }}'\n\n$cfg['CookieSameSite'] = 'Lax';\n"
+
+    - name: 'Set MaxTableList'
+      replace:
+        path: /var/www/phpmyadmin/config.inc.php
+        regexp: "^//$cfg['MaxRows'](.*)"
+        replace: "//$cfg['MaxRows']\1\n\n$cfg['MaxTableList'] = 500;\n"

playbooks/own/yadm-update.yml

@@ -0,0 +1,9 @@
+---
+- hosts: ['debian10']
+  tasks:
+      - name: Update existing YADM install with remote ip-address plugin and replace own
+        shell: |
+            yadm remote set-url origin https://vcs.wpstudio.ru/gitea/dotfiles.git
+            rm -rf .tmux/plugins/tmux-ip-address
+            yadm pull
+            yadm checkout .

playbooks/own/yadm.yml

@@ -1,30 +1,40 @@
 ---
 - hosts: [ 'debian10' ]
   tasks:
-    - name: Install yadm
-      become_user: root
-      shell: |
-        command -v yadm || curl -sfLo /usr/local/bin/yadm https://github.com/TheLocehiliosan/yadm/raw/master/yadm && chmod a+x /usr/local/bin/yadm
-
     - name: Install direnv
       become_user: root
       shell: |
-        command -v direnv || curl -sfLo /usr/local/bin/direnv https://github.com/direnv/direnv/releases/download/v2.35.0/direnv.linux-amd64 && chmod a+x /usr/local/bin/direnv
+        command -v direnv > /dev/null || {
+          curl -sfLo /usr/local/bin/direnv https://github.com/direnv/direnv/releases/download/v2.35.0/direnv.linux-amd64 && \
+          chmod a+x /usr/local/bin/direnv
+        }
 
     - name: Install Starship
       become_user: root
       shell: |
-        command -v starship || curl -sS https://starship.rs/install.sh | sh -s -- -f
+        command -v starship> /dev/null || {
+          curl -sS https://starship.rs/install.sh | sh -s -- -f
+        }
 
-    - name: Clone dotfiles repo
+    - name: Install with init or update yadm
+      become_user: root
       shell: |
-        yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout ./
+        command -v yadm && {
+          yadm remote set-url origin https://vcs.wpstudio.ru/gitea/dotfiles.git
+          rm -rf .tmux/plugins/tmux-ip-address
+          yadm pull && yadm checkout .
+        } || {
+          curl -sfLo /usr/local/bin/yadm https://github.com/TheLocehiliosan/yadm/raw/master/yadm && chmod a+x /usr/local/bin/yadm
+          yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout .
+        }
 
       # For manual change: sed -i 's/#/\\$/g' ${HOME}/.config/starship.toml
     - name: 'Change character for non-root user'
-      become: false
       become_user: root
       shell: |
-          sed -i 's/#/\\$/g' ${HOME}/.config/starship.toml
+        HOME_USER=$(ls /home)
+        test ! -z "${HOME_USER}" && su --login ${HOME_USER} -c 'yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout .'
+        test ! -z "${HOME_USER}" && su --login ${HOME_USER} -c 'sed -i "s/#/\\$/g" ${HOME}/.config/starship.toml'
+        exit 0
       args:
-          executable: /bin/bash
+        executable: /bin/bash