add MMDL task management service deployment

- Add MMDL (Manage My Damn Life) task and calendar management service
- Configure NextAuth with Authentik OIDC integration
- Use MySQL 8.0 with proper authentication plugin
- Include Glance dashboard integration
- Add to main docker deployment pipeline

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

roles/docker/tasks/main.yml

@@ -170,3 +170,7 @@
 - name: Install manyfold
   import_tasks: manyfold.yml
   tags: manyfold
+
+- name: Install mmdl
+  import_tasks: mmdl.yml
+  tags: mmdl

roles/docker/tasks/mmdl.yml

@@ -0,0 +1,25 @@
+---
+- name: Create mmdl directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/mmdl
+    - /opt/stacks/mmdl/data
+    - /opt/stacks/mmdl/mysql
+
+- name: Template mmdl environment file
+  ansible.builtin.template:
+    src: mmdl-env.j2
+    dest: /opt/stacks/mmdl/.env.local
+
+- name: Template mmdl compose file
+  ansible.builtin.template:
+    src: mmdl-compose.yml.j2
+    dest: /opt/stacks/mmdl/compose.yml
+
+- name: Deploy mmdl stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/mmdl
+    files:
+      - compose.yml

roles/docker/templates/mmdl-compose.yml.j2

@@ -0,0 +1,45 @@
+services:
+  mmdl:
+    image: intriin/mmdl:latest
+    container_name: mmdl
+    restart: unless-stopped
+    depends_on:
+      - mmdl_db
+    env_file:
+      - .env.local
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "auth.thesatelliteoflove.com:172.20.0.5"
+    labels:
+      glance.name: MMDL
+      glance.icon: si:task
+      glance.url: https://tasks.thesatelliteoflove.com/
+      glance.description: Task and calendar management
+      glance.id: mmdl
+
+  mmdl_db:
+    image: mysql:8.0
+    container_name: mmdl_db
+    restart: unless-stopped
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      MYSQL_DATABASE: mmdl
+      MYSQL_USER: mmdl
+      MYSQL_PASSWORD: "{{ vault_mmdl_mysql_password }}"
+      MYSQL_ROOT_PASSWORD: "{{ vault_mmdl_mysql_root_password }}"
+      MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
+      MYSQL_ROOT_HOST: "%"
+    volumes:
+      - mmdl_db:/var/lib/mysql
+    labels:
+      glance.parent: mmdl
+      glance.name: DB
+
+volumes:
+  mmdl_db:
+    driver: local
+
+networks:
+  default:
+    external: true
+    name: lava

roles/docker/templates/mmdl-env.j2

@@ -0,0 +1,41 @@
+# Database Configuration
+DB_HOST=mmdl_db
+DB_USER=mmdl
+DB_PASS={{ vault_mmdl_mysql_password }}
+DB_PORT=3306
+DB_DIALECT=mysql
+DB_CHARSET=utf8mb4
+DB_NAME=mmdl
+
+# Encryption
+AES_PASSWORD={{ vault_mmdl_aes_password }}
+
+# SMTP Settings
+SMTP_HOST=smtp.resend.com
+SMTP_USERNAME=resend
+SMTP_PASSWORD={{ resend_key }}
+SMTP_FROM=tasks@updates.thesatelliteoflove.com
+SMTP_PORT=587
+SMTP_SECURE=true
+
+# Authentication
+USE_NEXT_AUTH=true
+NEXTAUTH_URL=https://tasks.thesatelliteoflove.com
+NEXTAUTH_SECRET={{ vault_mmdl_nextauth_secret }}
+
+# Authentik OIDC Configuration
+AUTHENTIK_ISSUER=https://auth.thesatelliteoflove.com/application/o/mmdl
+AUTHENTIK_CLIENT_ID={{ vault_mmdl_oidc_client_id }}
+AUTHENTIK_CLIENT_SECRET={{ vault_mmdl_oidc_client_secret }}
+
+# User and Session Management
+ALLOW_USER_REGISTRATION=false
+MAX_CONCURRENT_LOGINS=3
+OTP_VALIDITY_PERIOD=300
+SESSION_VALIDITY_PERIOD=30
+
+# Application Settings
+API_URL=https://tasks.thesatelliteoflove.com
+DEBUG_MODE=false
+TEST_MODE=false
+SUBTASK_RECURSION_DEPTH=5