From 13d834a31692b1b36a8547e7be28127d23c6f09d Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Mon, 5 Jan 2026 22:24:17 +0100
Subject: [PATCH] any.software.monica-podman: add role

---
 .../files/monica.Caddyfile                    |  5 ++
 .../files/monica.pod                          |  3 +
 .../handlers/main.yml                         | 16 ++++++
 .../any.software.monica-podman/meta/main.yml  |  4 ++
 .../any.software.monica-podman/tasks/main.yml | 55 ++++++++++++++++++
 .../templates/monica-app.container.j2         | 17 ++++++
 .../templates/monica-mariadb.container.j2     | 13 +++++
 .../templates/monica.env.j2                   | 56 +++++++++++++++++++
 8 files changed, 169 insertions(+)
 create mode 100644 roles/any.software.monica-podman/files/monica.Caddyfile
 create mode 100644 roles/any.software.monica-podman/files/monica.pod
 create mode 100644 roles/any.software.monica-podman/handlers/main.yml
 create mode 100644 roles/any.software.monica-podman/meta/main.yml
 create mode 100644 roles/any.software.monica-podman/tasks/main.yml
 create mode 100644 roles/any.software.monica-podman/templates/monica-app.container.j2
 create mode 100644 roles/any.software.monica-podman/templates/monica-mariadb.container.j2
 create mode 100644 roles/any.software.monica-podman/templates/monica.env.j2

diff --git a/roles/any.software.monica-podman/files/monica.Caddyfile b/roles/any.software.monica-podman/files/monica.Caddyfile
new file mode 100644
index 0000000..6d21f02
--- /dev/null
+++ b/roles/any.software.monica-podman/files/monica.Caddyfile
@@ -0,0 +1,5 @@
+prm.roosens.me {
+    reverse_proxy localhost:8001 {
+        header_down +X-Robots-Tag "none"
+    }
+}
diff --git a/roles/any.software.monica-podman/files/monica.pod b/roles/any.software.monica-podman/files/monica.pod
new file mode 100644
index 0000000..9b4304d
--- /dev/null
+++ b/roles/any.software.monica-podman/files/monica.pod
@@ -0,0 +1,3 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=8001:80
diff --git a/roles/any.software.monica-podman/handlers/main.yml b/roles/any.software.monica-podman/handlers/main.yml
new file mode 100644
index 0000000..398cf2f
--- /dev/null
+++ b/roles/any.software.monica-podman/handlers/main.yml
@@ -0,0 +1,16 @@
+---
+- name: 'restart monica'
+  ansible.builtin.systemd_service:
+    name: 'monica-app'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true
+
+- name: 'restart mariadb'
+  ansible.builtin.systemd_service:
+    name: 'monica-mariadb'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true
diff --git a/roles/any.software.monica-podman/meta/main.yml b/roles/any.software.monica-podman/meta/main.yml
new file mode 100644
index 0000000..32c83bc
--- /dev/null
+++ b/roles/any.software.monica-podman/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: any.tools.caddy
+    become: true
diff --git a/roles/any.software.monica-podman/tasks/main.yml b/roles/any.software.monica-podman/tasks/main.yml
new file mode 100644
index 0000000..8c4e339
--- /dev/null
+++ b/roles/any.software.monica-podman/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/monica'
+    state: directory
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  become: true
+
+- name: Ensure Monica Quadlet file is present
+  ansible.builtin.template:
+    src: 'monica-app.container.j2'
+    dest: '/home/debian/.config/containers/systemd/monica-app.container'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure MariaDB Quadlet file is present
+  ansible.builtin.template:
+    src: 'monica-mariadb.container.j2'
+    dest: '/home/debian/.config/containers/systemd/monica-mariadb.container'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart mariadb'
+
+- name: Ensure Pod file is present
+  ansible.builtin.copy:
+    src: 'monica.pod'
+    dest: '/home/debian/.config/containers/systemd/monica.pod'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure Monica environment file is present
+  ansible.builtin.template:
+    src: 'monica.env.j2'
+    dest: '/etc/monica/monica.env'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  notify: 'restart monica'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'monica.Caddyfile'
+    dest: '/etc/caddy/monica.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+  notify: 'reload caddy'
diff --git a/roles/any.software.monica-podman/templates/monica-app.container.j2 b/roles/any.software.monica-podman/templates/monica-app.container.j2
new file mode 100644
index 0000000..12f5038
--- /dev/null
+++ b/roles/any.software.monica-podman/templates/monica-app.container.j2
@@ -0,0 +1,17 @@
+# vim: ft=systemd
+[Unit]
+Requires=monica-mariadb.service
+After=monica-mariadb.service
+
+[Container]
+Image=docker.io/monica:3.7.0-apache
+Pod=monica.pod
+
+EnvironmentFile=/etc/monica/monica.env
+Volume={{ monica_data_dir }}:/var/www/html/storage
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/roles/any.software.monica-podman/templates/monica-mariadb.container.j2 b/roles/any.software.monica-podman/templates/monica-mariadb.container.j2
new file mode 100644
index 0000000..2931d4e
--- /dev/null
+++ b/roles/any.software.monica-podman/templates/monica-mariadb.container.j2
@@ -0,0 +1,13 @@
+# vim: ft=systemd
+[Unit]
+StopWhenUnneeded=true
+
+[Container]
+Image=docker.io/mariadb:10.7.1
+Pod=monica.pod
+
+Environment="MARIADB_ROOT_PASSWORD={{ monica_mariadb_root_pass }}" MARIADB_USER=monica MARIADB_PASSWORD=monica MARIADB_DATABASE=monica
+Volume={{ mariadb_data_dir }}:/var/lib/mysql
+
+[Service]
+Restart=always
diff --git a/roles/any.software.monica-podman/templates/monica.env.j2 b/roles/any.software.monica-podman/templates/monica.env.j2
new file mode 100644
index 0000000..0f11cd0
--- /dev/null
+++ b/roles/any.software.monica-podman/templates/monica.env.j2
@@ -0,0 +1,56 @@
+APP_ENV=production
+APP_DEBUG=false
+APP_KEY={{ monica_app_key }}
+HASH_SALT={{ monica_hash_salt }}
+HASH_LENGTH=18
+APP_URL=https://prm.roosens.me
+APP_FORCE_URL=false
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=monica
+DB_USERNAME=monica
+DB_PASSWORD=monica
+DB_PREFIX=
+DB_TEST_HOST=127.0.0.1
+DB_TEST_DATABASE=monica_test
+DB_TEST_USERNAME=homestead
+DB_TEST_PASSWORD=secret
+DB_USE_UTF8MB4=true
+MAIL_MAILER=smtp
+MAIL_HOST=mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=
+MAIL_PASSWORD=
+MAIL_ENCRYPTION=
+MAIL_FROM_ADDRESS=
+MAIL_FROM_NAME=Monica instance
+APP_EMAIL_NEW_USERS_NOTIFICATION=
+APP_DISABLE_SIGNUP=true
+APP_SIGNUP_DOUBLE_OPTIN=false
+APP_TRUSTED_PROXIES=*
+APP_TRUSTED_CLOUDFLARE=false
+LOG_CHANNEL=daily
+SENTRY_SUPPORT=false
+SENTRY_LARAVEL_DSN=
+CHECK_VERSION=true
+SESSION_LIFETIME=120
+QUEUE_CONNECTION=sync
+DEFAULT_MAX_UPLOAD_SIZE=10240
+DEFAULT_MAX_STORAGE_SIZE=51200
+DEFAULT_FILESYSTEM=public
+AWS_KEY=
+AWS_SECRET=
+AWS_REGION=us-east-1
+AWS_BUCKET=
+AWS_SERVER=
+MFA_ENABLED=true
+DAV_ENABLED=true
+PASSPORT_PERSONAL_ACCESS_CLIENT_ID=
+PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=
+ALLOW_STATISTICS_THROUGH_PUBLIC_API_ACCESS=false
+POLICY_COMPLIANT=true
+ENABLE_GEOLOCATION=false
+LOCATION_IQ_API_KEY=
+ENABLE_WEATHER=false
+DARKSKY_API_KEY=