add n8n workflow automation and fix cloud backup rsync

- Add n8n container (n8nio/n8n:2.11.3) with Caddy reverse proxy at n8n.debyl.io
- Add --exclude .ssh to cloud backup rsync to prevent overwriting
  authorized_keys on TrueNAS backup targets

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ansible/roles/podman/tasks/containers/debyltech/n8n.yml

@@ -0,0 +1,54 @@
+---
+- name: create n8n host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ n8n_path }}"
+
+- name: set n8n volume ownership for node user
+  become: true
+  become_user: "{{ podman_user }}"
+  ansible.builtin.command:
+    cmd: podman unshare chown -R 1000:1000 {{ n8n_path }}
+  changed_when: false
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: n8n
+    container_image: "{{ image }}"
+
+- name: create n8n container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: n8n
+    image: "{{ image }}"
+    image_strict: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    network: shared
+    volumes:
+      - "{{ n8n_path }}:/home/node/.n8n"
+    ports:
+      - 5678:5678/tcp
+    env:
+      N8N_HOST: "{{ n8n_server_name }}"
+      N8N_PORT: "5678"
+      N8N_PROTOCOL: https
+      WEBHOOK_URL: "https://{{ n8n_server_name }}/"
+      N8N_SECURE_COOKIE: "true"
+      GENERIC_TIMEZONE: America/New_York
+
+- name: create systemd startup job for n8n
+  include_tasks: podman/systemd-generate.yml
+  vars:
+    container_name: n8n