any.software.monica-podman: add role

roles/any.software.monica-podman/files/monica.Caddyfile

@@ -0,0 +1,5 @@
+prm.roosens.me {
+    reverse_proxy localhost:8001 {
+        header_down +X-Robots-Tag "none"
+    }
+}

roles/any.software.monica-podman/files/monica.pod

@@ -0,0 +1,3 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=8001:80

roles/any.software.monica-podman/handlers/main.yml

@@ -0,0 +1,16 @@
+---
+- name: 'restart monica'
+  ansible.builtin.systemd_service:
+    name: 'monica-app'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true
+
+- name: 'restart mariadb'
+  ansible.builtin.systemd_service:
+    name: 'monica-mariadb'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true

roles/any.software.monica-podman/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: any.tools.caddy
+    become: true

roles/any.software.monica-podman/tasks/main.yml

@@ -0,0 +1,55 @@
+---
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/monica'
+    state: directory
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  become: true
+
+- name: Ensure Monica Quadlet file is present
+  ansible.builtin.template:
+    src: 'monica-app.container.j2'
+    dest: '/home/debian/.config/containers/systemd/monica-app.container'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure MariaDB Quadlet file is present
+  ansible.builtin.template:
+    src: 'monica-mariadb.container.j2'
+    dest: '/home/debian/.config/containers/systemd/monica-mariadb.container'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart mariadb'
+
+- name: Ensure Pod file is present
+  ansible.builtin.copy:
+    src: 'monica.pod'
+    dest: '/home/debian/.config/containers/systemd/monica.pod'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure Monica environment file is present
+  ansible.builtin.template:
+    src: 'monica.env.j2'
+    dest: '/etc/monica/monica.env'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'monica.Caddyfile'
+    dest: '/etc/caddy/monica.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+  notify: 'reload caddy'

roles/any.software.monica-podman/templates/monica-app.container.j2

@@ -0,0 +1,17 @@
+# vim: ft=systemd
+[Unit]
+Requires=monica-mariadb.service
+After=monica-mariadb.service
+
+[Container]
+Image=docker.io/monica:3.7.0-apache
+Pod=monica.pod
+
+EnvironmentFile=/etc/monica/monica.env
+Volume={{ monica_data_dir }}:/var/www/html/storage
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

roles/any.software.monica-podman/templates/monica-mariadb.container.j2

@@ -0,0 +1,13 @@
+# vim: ft=systemd
+[Unit]
+StopWhenUnneeded=true
+
+[Container]
+Image=docker.io/mariadb:10.7.1
+Pod=monica.pod
+
+Environment="MARIADB_ROOT_PASSWORD={{ monica_mariadb_root_pass }}" MARIADB_USER=monica MARIADB_PASSWORD=monica MARIADB_DATABASE=monica
+Volume={{ mariadb_data_dir }}:/var/lib/mysql
+
+[Service]
+Restart=always

roles/any.software.monica-podman/templates/monica.env.j2

@@ -0,0 +1,56 @@
+APP_ENV=production
+APP_DEBUG=false
+APP_KEY={{ monica_app_key }}
+HASH_SALT={{ monica_hash_salt }}
+HASH_LENGTH=18
+APP_URL=https://prm.roosens.me
+APP_FORCE_URL=false
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=monica
+DB_USERNAME=monica
+DB_PASSWORD=monica
+DB_PREFIX=
+DB_TEST_HOST=127.0.0.1
+DB_TEST_DATABASE=monica_test
+DB_TEST_USERNAME=homestead
+DB_TEST_PASSWORD=secret
+DB_USE_UTF8MB4=true
+MAIL_MAILER=smtp
+MAIL_HOST=mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=
+MAIL_PASSWORD=
+MAIL_ENCRYPTION=
+MAIL_FROM_ADDRESS=
+MAIL_FROM_NAME=Monica instance
+APP_EMAIL_NEW_USERS_NOTIFICATION=
+APP_DISABLE_SIGNUP=true
+APP_SIGNUP_DOUBLE_OPTIN=false
+APP_TRUSTED_PROXIES=*
+APP_TRUSTED_CLOUDFLARE=false
+LOG_CHANNEL=daily
+SENTRY_SUPPORT=false
+SENTRY_LARAVEL_DSN=
+CHECK_VERSION=true
+SESSION_LIFETIME=120
+QUEUE_CONNECTION=sync
+DEFAULT_MAX_UPLOAD_SIZE=10240
+DEFAULT_MAX_STORAGE_SIZE=51200
+DEFAULT_FILESYSTEM=public
+AWS_KEY=
+AWS_SECRET=
+AWS_REGION=us-east-1
+AWS_BUCKET=
+AWS_SERVER=
+MFA_ENABLED=true
+DAV_ENABLED=true
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID=
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=
+ALLOW_STATISTICS_THROUGH_PUBLIC_API_ACCESS=false
+POLICY_COMPLIANT=true
+ENABLE_GEOLOCATION=false
+LOCATION_IQ_API_KEY=
+ENABLE_WEATHER=false
+DARKSKY_API_KEY=