monica: add docker compose-based config

group_vars/ruby/vars.yml

@@ -1,2 +1,6 @@
 t5_uuid: 'b3b60b45-0bd2-42ac-a8d8-35a44fbd2529'
 elements_uuid: '5D19-E5D1'
+
+monica_app_key: "{{ vault_monica_app_key }}"
+monica_hash_salt: "{{ vault_monica_hash_salt }}"
+monica_mariadb_root_pass: "{{ vault_monica_mariadb_root_pass }}"

group_vars/ruby/vault.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+66333462323334613232666338303230343263613330363538653765656466353032313330663435
+3561393631386465316261353633663234383133343439380a393063326132656630623961656365
+63353866313961333233333837666438373764373534616161333565323831316665393230633364
+3134353339636637340a633561316162656237386261373432373337373739623239643131633636
+34346162633336336162613639303435623936356563333664323237626466393865623536353437
+63666661366532666637643433336233323138633130353331626364643334616636636131373735
+31393533313436343732633761656261306434363165323161383034333166353737623138343364
+66346562653266393665336339343466333635396532613937396539306335396566313466303662
+62356262653835653335303566393035366431636439323664356433303633666563333136623861
+39396464393631613865326437336231353136653366383937306138633432373062626666623561
+64343831376264616661393030366163663666383035663633346232663233346537353337356436
+62333738316633613030376664373136353031653033356334383963373461626133386139376165
+3938

hosts.ini

@@ -14,3 +14,6 @@
 # Miniflux server host
 [miniflux]
 192.168.0.2 static_ip=192.168.0.2
+
+[monica]
+192.168.0.2 static_ip=192.168.0.2

roles/monica-web/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy

roles/monica-web/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'monica.Caddyfile.j2'
+    dest: '/etc/caddy/monica.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload

roles/monica-web/templates/monica.Caddyfile.j2

@@ -0,0 +1,3 @@
+prm.roosens.me {
+    reverse_proxy {{ groups['monica'][0] }}:8001
+}

roles/monica/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/monica'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+- name: Ensure data subvolumes are present
+  community.general.btrfs_subvolume:
+    name: '/monica/{{ item }}'
+  with_items:
+    - 'monica'
+    - 'mariadb'
+
+# Monica runs as www-data which is 33 in the container
+- name: Ensure monica directory has correct permissions
+  file:
+    path: '/mnt/data1/monica/monica'
+    state: directory
+    mode: '0755'
+    owner: 33
+    group: 33
+
+- name: Ensure configuration directory is present
+  file:
+    path: '/etc/monica'
+    state: directory
+    mode: '0755'
+
+- name: Ensure compose file is present
+  template:
+    src: 'compose.yml.j2'
+    dest: '/etc/monica/compose.yml'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  register: res
+
+- name: Ensure stack is deployed
+  ansible.builtin.shell:
+    chdir: '/etc/monica'
+    cmd: 'docker compose up -d --remove-orphans'
+  when: 'res.changed'

roles/monica/templates/compose.yml.j2

@@ -0,0 +1,80 @@
+version: '3'
+
+services:
+  app:
+    image: 'monica:3.7.0-apache'
+    restart: 'always'
+    
+    environment:
+      - "APP_ENV=production"
+      - "APP_DEBUG=false"
+      - "APP_KEY={{ monica_app_key }}"
+      - "HASH_SALT={{ monica_hash_salt }}"
+      - "HASH_LENGTH=18"
+      - "APP_URL=https://prm.roosens.me"
+      - "APP_FORCE_URL=false"
+      - "DB_CONNECTION=mysql"
+      - "DB_HOST=db"
+      - "DB_PORT=3306"
+      - "DB_DATABASE=monica"
+      - "DB_USERNAME=monica"
+      - "DB_PASSWORD=monica"
+      - "DB_PREFIX="
+      - "DB_TEST_HOST=127.0.0.1"
+      - "DB_TEST_DATABASE=monica_test"
+      - "DB_TEST_USERNAME=homestead"
+      - "DB_TEST_PASSWORD=secret"
+      - "DB_USE_UTF8MB4=true"
+      - "MAIL_MAILER=smtp"
+      - "MAIL_HOST=mailtrap.io"
+      - "MAIL_PORT=2525"
+      - "MAIL_USERNAME="
+      - "MAIL_PASSWORD="
+      - "MAIL_ENCRYPTION="
+      - "MAIL_FROM_ADDRESS="
+      - "MAIL_FROM_NAME=Monica instance"
+      - "APP_EMAIL_NEW_USERS_NOTIFICATION="
+      - "APP_DISABLE_SIGNUP=true"
+      - "APP_SIGNUP_DOUBLE_OPTIN=false"
+      - "APP_TRUSTED_PROXIES=*"
+      - "APP_TRUSTED_CLOUDFLARE=false"
+      - "LOG_CHANNEL=daily"
+      - "SENTRY_SUPPORT=false"
+      - "SENTRY_LARAVEL_DSN="
+      - "CHECK_VERSION=true"
+      - "SESSION_LIFETIME=120"
+      - "QUEUE_CONNECTION=sync"
+      - "DEFAULT_MAX_UPLOAD_SIZE=10240"
+      - "DEFAULT_MAX_STORAGE_SIZE=51200"
+      - "DEFAULT_FILESYSTEM=public"
+      - "AWS_KEY="
+      - "AWS_SECRET="
+      - "AWS_REGION=us-east-1"
+      - "AWS_BUCKET="
+      - "AWS_SERVER="
+      - "MFA_ENABLED=true"
+      - "DAV_ENABLED=true"
+      - "PASSPORT_PERSONAL_ACCESS_CLIENT_ID="
+      - "PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET="
+      - "ALLOW_STATISTICS_THROUGH_PUBLIC_API_ACCESS=false"
+      - "POLICY_COMPLIANT=true"
+      - "ENABLE_GEOLOCATION=false"
+      - "LOCATION_IQ_API_KEY="
+      - "ENABLE_WEATHER=false"
+      - "DARKSKY_API_KEY="
+    ports:
+      - 8001:80
+    volumes:
+      - '/mnt/data1/monica/monica:/var/www/html/storage'
+
+  db:
+    image: 'mariadb:10.7.1'
+    restart: 'always'
+  
+    environment:
+      - 'MARIADB_ROOT_PASSWORD={{ monica_mariadb_root_pass }}'
+      - 'MARIADB_USER=monica'
+      - 'MARIADB_PASSWORD=monica'
+      - 'MARIADB_DATABASE=monica'
+    volumes:
+      - '/mnt/data1/monica/mariadb:/var/lib/mysql'

ruby.yml

@@ -26,3 +26,9 @@
   roles:
     - restic
   tags: restic
+
+- hosts: ruby
+  become: yes
+  roles:
+    - monica
+  tags: monica

web.yml

@@ -10,3 +10,9 @@
   roles:
     - miniflux-web
   tags: miniflux
+
+- hosts: web
+  become: yes
+  roles:
+    - monica-web
+  tags: monica