Implement initial BookWyrm role

- Removed obsolete TODO.md
- Added config/main.yml with service, feature, CSP, and registration settings
- Added schema/main.yml defining vaulted SECRET_KEY (alphanumeric)
- Added tasks/main.yml to load stateful stack
- Added Dockerfile.j2 ensuring data/media dirs
- Added docker-compose.yml.j2 with application, worker, redis, volumes
- Added env.j2 with registration, secrets, DB, Redis, OIDC support
- Extended vars/main.yml with BookWyrm variables and OIDC, Docker, Redis settings
- Updated meta/main.yml with logo and run_after dependencies

Ref: https://chatgpt.com/share/68b6c060-3a0c-800f-89f8-e114a16a4a80

roles/web-app-bookwyrm/templates/Dockerfile.j2

@@ -0,0 +1,7 @@
+FROM "{{ BOOKWYRM_IMAGE }}:{{ BOOKWYRM_VERSION }}"
+
+# Place for optional plugins/patches
+# COPY ./patches/ /app/patches/
+
+# Ensure media/data exist (UID/GID depend on upstream; keep generic)
+RUN mkdir -p /app/data /app/media && chown -R 1000:1000 /app/data /app/media

roles/web-app-bookwyrm/templates/docker-compose.yml.j2

@@ -0,0 +1,40 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  application:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: "{{ BOOKWYRM_CUSTOM_IMAGE }}"
+    container_name: "{{ BOOKWYRM_CONTAINER }}"
+    hostname: "{{ BOOKWYRM_HOSTNAME }}"
+    ports:
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
+    environment:
+{% include 'roles/web-app-bookwyrm/templates/env.j2' %}
+    volumes:
+      - 'data:/app/data'
+      - 'media:/app/media'
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+  worker:
+    image: "{{ BOOKWYRM_CUSTOM_IMAGE }}"
+    container_name: "{{ BOOKWYRM_CONTAINER }}-worker"
+    command: "bash -lc 'celery -A celerywyrm worker -l INFO'"
+    environment:
+{% include 'roles/web-app-bookwyrm/templates/env.j2' %}
+    volumes:
+      - 'data:/app/data'
+      - 'media:/app/media'
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ BOOKWYRM_DATA_VOLUME }}
+  media:
+    name: {{ BOOKWYRM_MEDIA_VOLUME }}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-bookwyrm/templates/env.j2

@@ -0,0 +1,40 @@
+# Core
+BOOKWYRM_URL="{{ BOOKWYRM_URL }}"
+DOMAIN="{{ BOOKWYRM_HOSTNAME }}"
+PORT="{{ WEB_PORT }}"
+WEB_PROTOCOL="{{ WEB_PROTOCOL }}"
+MEDIA_ROOT="/app/media"
+DATA_ROOT="/app/data"
+REGISTRATION_OPEN={{ BOOKWYRM_REGISTRATION_OPEN }}
+ALLOW_INVITE_REQUESTS={{ BOOKWYRM_ALLOW_INVITE_REQUESTS }}
+
+# Django/Secrets (provide via vault/env in production)
+SECRET_KEY="{{ BOOKWYRM_SECRET_KEY }}"
+EMAIL="{{ users['no-reply'].email }}"
+
+# Database
+DATABASE_URL="postgres://{{ database_username }}:{{ database_password }}@{{ database_host }}:{{ database_port }}/{{ database_name }}"
+
+# Redis / Celery
+REDIS_BROKER_URL="redis://{{ BOOKWYRM_REDIS_HOST }}:{{ BOOKWYRM_REDIS_PORT }}/0"
+REDIS_CACHE_URL="redis://{{ BOOKWYRM_REDIS_HOST }}:{{ BOOKWYRM_REDIS_PORT }}/1"
+
+# Proxy (if BookWyrm sits behind reverse proxy)
+FORWARDED_ALLOW_IPS="*"
+USE_X_FORWARDED_HOST="true"
+SECURE_PROXY_SSL_HEADER="HTTP_X_FORWARDED_PROTO,{{ WEB_PROTOCOL }}"
+
+# OIDC (optional – only if BOOKWYRM_OIDC_ENABLED)
+{% if BOOKWYRM_OIDC_ENABLED %}
+OIDC_TITLE="{{ BOOKWYRM_OIDC_LABEL | replace('\"','\\\"') }}"
+OIDC_ISSUER="{{ BOOKWYRM_OIDC_ISSUER }}"
+OIDC_AUTHORIZATION_ENDPOINT="{{ BOOKWYRM_OIDC_AUTH_URL }}"
+OIDC_TOKEN_ENDPOINT="{{ BOOKWYRM_OIDC_TOKEN_URL }}"
+OIDC_USERINFO_ENDPOINT="{{ BOOKWYRM_OIDC_USERINFO_URL }}"
+OIDC_END_SESSION_ENDPOINT="{{ BOOKWYRM_OIDC_LOGOUT_URL }}"
+OIDC_JWKS_URI="{{ BOOKWYRM_OIDC_JWKS_URL }}"
+OIDC_CLIENT_ID="{{ BOOKWYRM_OIDC_CLIENT_ID }}"
+OIDC_CLIENT_SECRET="{{ BOOKWYRM_OIDC_CLIENT_SECRET }}"
+OIDC_SCOPES="{{ BOOKWYRM_OIDC_SCOPES }}"
+OIDC_UNIQUE_ATTRIBUTE="{{ BOOKWYRM_OIDC_UNIQUE_ATTRIBUTE }}"
+{% endif %}