From 74cf571e0559db056279ef2b0aa829aa0b5ecdab Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Tue, 23 Dec 2025 22:49:58 +0100
Subject: [PATCH] any.software.miniflux-podman: added role

---
 inventory/group_vars/emma/vault.yml           | 59 +++++++++-------
 .../files/miniflux-app.container              | 14 ++++
 .../files/miniflux.Caddyfile                  |  5 ++
 .../files/miniflux.backup.sh                  |  5 ++
 .../files/miniflux.pod                        |  3 +
 .../meta/main.yml                             |  3 +
 .../tasks/main.yml                            | 67 +++++++++++++++++++
 .../templates/compose.yml.j2                  | 47 +++++++++++++
 .../templates/miniflux-postgres.container.j2  | 15 +++++
 .../templates/miniflux.env.j2                 | 11 +++
 10 files changed, 204 insertions(+), 25 deletions(-)
 create mode 100644 roles/any.software.miniflux-podman/files/miniflux-app.container
 create mode 100644 roles/any.software.miniflux-podman/files/miniflux.Caddyfile
 create mode 100644 roles/any.software.miniflux-podman/files/miniflux.backup.sh
 create mode 100644 roles/any.software.miniflux-podman/files/miniflux.pod
 create mode 100644 roles/any.software.miniflux-podman/meta/main.yml
 create mode 100644 roles/any.software.miniflux-podman/tasks/main.yml
 create mode 100644 roles/any.software.miniflux-podman/templates/compose.yml.j2
 create mode 100644 roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2
 create mode 100644 roles/any.software.miniflux-podman/templates/miniflux.env.j2

diff --git a/inventory/group_vars/emma/vault.yml b/inventory/group_vars/emma/vault.yml
index 9ba1cda..c9d7c03 100644
--- a/inventory/group_vars/emma/vault.yml
+++ b/inventory/group_vars/emma/vault.yml
@@ -1,26 +1,35 @@
 $ANSIBLE_VAULT;1.1;AES256
-38613635363435396562373461643133326636633430393530643166666334366132396335316130
-3662663565653432656365653265393636643233363564370a323866373639376438323135343239
-35623865373737396636353766636333626566666439343737396537343838333361363366303334
-6632343033386337330a333665643361373564636636666461393637356332333466656430383731
-65626537623733356134383464333162656438323964313630383930313739313465316331653034
-36376665663331363466613330343665313333323339306365323365646166623537303434303730
-32363037343761633466636531383864303335363938623932346232366261636262643034346138
-31346132636334636637353030313339376262316433396334333532363138353365313838373231
-35636335626664663637326437323733366331623435336666383434376430613564356636376432
-62393064323336663064346266373934343736653666383362636434333962323466313631333165
-66323431323966373263326464316432313636386238393339333161386162333337353631303466
-64653034653965303039343464366463613564343634616230366665363861336633366530303562
-38303065346237653233386566353766356637383965363636386566656139643638613461613037
-61333737343964383034393839633462323466303030323433383163623862313433333932613831
-63306665626465386230326665303430643637653836383237393531373739646666383237356338
-30663462336366356636366662383864353764356264643237396561316633353261626236306165
-65623366356665623334303835366361656365333835663032656338373937306130353839333366
-62386130646164656538653031386561666230653635636661643264396430656234623634333037
-63373939346461613964363335663833376564363234616564346261363362626135323537643864
-38353936653434323735393966623664343761653934366638626239643135333139653461306435
-38393232373834366234663762633062393633333234363938646562386334663633626434653763
-32643831303037323738393962666136333138343937313966623264613633373134316135666563
-36366165343031376266353461326465393538363039333135613736643931306333353031313635
-66646266346566303231346638346436323766633233633833376166663235326337363136376561
-63363633613639656437363738636236636365343232393731356638333335356331
+65386638663231383730366662326664386366383763643266666534336439396234343161333038
+3633373235656264623038653734663934663439346333310a643531633337646330656133313461
+62643165303132373437366466636538363630333737343238613334386362323733613539393335
+6563353766653733650a333032376561313731356336333565396539653931323637303263613965
+36353939613037636239353736383837363930376264326139306564343532623761613336656239
+34303732326331623331363764373961366534386562663134663634306365616436323138366136
+36656261646631393232373337646535316261333435326564656262663737393232616536316532
+63623234343932313661636166643730313661633531313764653861653139646365346239343134
+37663735646134623531343762303538623565626162313263373236643464326334363739376632
+32623361626332336630663836366563623235376138366431333731333764613935386633336131
+61636563396361326661393635393038343133363535313763363039646336393030303638316665
+65316261303435643533306338613433366236613431316261393262303939643431303263366634
+37626334313066323762343236313161356338616262326266373861356238636238313963303362
+39346234656133653230373835393537323362373966346163343938616530316562636264313239
+33656561626164343865306164656166633938653034396563316636653663376638613362383962
+37633964386662346565303961663731663865663134646433333964393431333837643861386366
+63643636643638383436623964353063616538303538623561663435366330306230633861353435
+65346532663138633533363163653864373330336336383065346332333965663836336134366630
+37643564333232393838346536373132303630303732323666343664636335336335396364636337
+31626331386631336436363933353730396631646235333164376231323438356633316566633931
+66343061393338356232353462376636623139393436366364383332396233313665343261323663
+62306566336234383162316133366432383064613461663231626238336431313865633236313936
+38336130636435653537653237383866343536623634313664653837646135333561366135646262
+36613037333039326362386233356530663738666537643334353364656464623230363035353134
+31633263313737393033633361386239613336353933303563353935313666636138393337383764
+31363938663235386334343431313362393337393936643662663965336263386662353635393234
+38623064306235343862343966346339633866323939323166303636646461306364613432396261
+32666539666238626531636638303861643931623232386564386536363438636362646465643339
+32613562353639303331633463386166313935323036373730623438326236393835313136336238
+33666563396364613961323862316530663036356566356239313964306138623139323933306565
+61663562663931376563643833316166633465363132616530363739346432643762666230656466
+38646164306237366166386338386230666636326465663762636133363534663636303031343734
+36343535653461366233613763343835303838653336376462393631333539383333303632333866
+3761663065623631396331303465656136393962366362376432
diff --git a/roles/any.software.miniflux-podman/files/miniflux-app.container b/roles/any.software.miniflux-podman/files/miniflux-app.container
new file mode 100644
index 0000000..ac6addd
--- /dev/null
+++ b/roles/any.software.miniflux-podman/files/miniflux-app.container
@@ -0,0 +1,14 @@
+# vim: ft=systemd
+[Unit]
+Requires=miniflux-postgres.service
+
+[Container]
+Image=docker.io/miniflux/miniflux:2.2.7
+EnvironmentFile=/etc/miniflux/miniflux.env
+Pod=miniflux.pod
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/roles/any.software.miniflux-podman/files/miniflux.Caddyfile b/roles/any.software.miniflux-podman/files/miniflux.Caddyfile
new file mode 100644
index 0000000..1a26eea
--- /dev/null
+++ b/roles/any.software.miniflux-podman/files/miniflux.Caddyfile
@@ -0,0 +1,5 @@
+nws.roosens.me {
+    reverse_proxy localhost:8002 {
+        header_down +X-Robots-Tag "none"
+    }
+}
diff --git a/roles/any.software.miniflux-podman/files/miniflux.backup.sh b/roles/any.software.miniflux-podman/files/miniflux.backup.sh
new file mode 100644
index 0000000..fada9cb
--- /dev/null
+++ b/roles/any.software.miniflux-podman/files/miniflux.backup.sh
@@ -0,0 +1,5 @@
+cd /etc/miniflux
+
+/usr/bin/docker compose exec -T db pg_dump -U miniflux miniflux |
+    /usr/bin/gzip --rsyncable |
+    /usr/local/bin/restic backup --stdin --stdin-filename miniflux-postgres.sql.gz
diff --git a/roles/any.software.miniflux-podman/files/miniflux.pod b/roles/any.software.miniflux-podman/files/miniflux.pod
new file mode 100644
index 0000000..e8fb0e8
--- /dev/null
+++ b/roles/any.software.miniflux-podman/files/miniflux.pod
@@ -0,0 +1,3 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=127.0.0.1:8002:8080
diff --git a/roles/any.software.miniflux-podman/meta/main.yml b/roles/any.software.miniflux-podman/meta/main.yml
new file mode 100644
index 0000000..d620a12
--- /dev/null
+++ b/roles/any.software.miniflux-podman/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: any.tools.caddy
diff --git a/roles/any.software.miniflux-podman/tasks/main.yml b/roles/any.software.miniflux-podman/tasks/main.yml
new file mode 100644
index 0000000..2263f37
--- /dev/null
+++ b/roles/any.software.miniflux-podman/tasks/main.yml
@@ -0,0 +1,67 @@
+---
+- name: Ensure systemd directory is present
+  ansible.builtin.file:
+    path: '/home/debian/.config/containers/systemd'
+    state: 'directory'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+
+- name: Ensure Quadlet files are present
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'miniflux-postgres.container'
+
+- name: Ensure Quadlet files is present
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'miniflux-app.container'
+    - 'miniflux.pod'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/miniflux'
+    state: directory
+    mode: '0755'
+
+- name: Ensure environment file is present
+  ansible.builtin.template:
+    src: 'miniflux.env.j2'
+    dest: '/etc/miniflux/miniflux.env'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  register: res
+
+- name: Ensure Caddyfile is present
+  copy:
+    src: 'miniflux.Caddyfile'
+    dest: '/etc/caddy/miniflux.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: reload caddy
+
+# - name: Ensure stack is deployed
+#   ansible.builtin.shell:
+#     chdir: '/etc/miniflux'
+#     cmd: 'docker compose up -d --remove-orphans'
+#   when: 'res.changed'
+
+# - name: Ensure backup script is present
+#   ansible.builtin.copy:
+#     src: 'miniflux.backup.sh'
+#     dest: '/etc/backups/miniflux.backup.sh'
+#     owner: 'root'
+#     group: 'root'
+#     mode: '0644'
diff --git a/roles/any.software.miniflux-podman/templates/compose.yml.j2 b/roles/any.software.miniflux-podman/templates/compose.yml.j2
new file mode 100644
index 0000000..76231b1
--- /dev/null
+++ b/roles/any.software.miniflux-podman/templates/compose.yml.j2
@@ -0,0 +1,47 @@
+# vim: ft=yaml
+version: '3'
+name: 'miniflux'
+
+services:
+  app:
+    image: 'miniflux/miniflux:2.2.7'
+    restart: 'always'
+
+    # depends_on:
+    #   db:
+        # condition: service_healthy
+
+    environment:
+      - DATABASE_URL=postgres://miniflux:miniflux@db/miniflux?sslmode=disable
+      - RUN_MIGRATIONS=1
+      - CREATE_ADMIN=1
+      - ADMIN_USERNAME=admin
+      - ADMIN_PASSWORD=password
+
+      # Don't stress the system too much
+      - WORKER_POOL_SIZE=1
+      - BASE_URL=https://nws.roosens.me
+
+      # Default scheduling settings should be good
+
+      # I'm a hoarder
+      - CLEANUP_ARCHIVE_UNREAD_DAYS=-1
+      - CLEANUP_ARCHIVE_READ_DAYS=-1
+    ports:
+      - "127.0.0.1:8002:8080"
+
+  db:
+    image: 'postgres:16.1-alpine'
+    restart: 'always'
+
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      start_period: 30s
+
+    environment:
+      - POSTGRES_USER=miniflux
+      - POSTGRES_PASSWORD=miniflux
+      - POSTGRES_DB=miniflux
+    volumes:
+      - /mnt/data1/miniflux/postgres:/var/lib/postgresql/data
diff --git a/roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2 b/roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2
new file mode 100644
index 0000000..697400e
--- /dev/null
+++ b/roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2
@@ -0,0 +1,15 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/postgres:16.1-alpine
+
+Environment=POSTGRES_USER=miniflux POSTGRES_PASSWORD=miniflux POSTGRES_DB=miniflux
+HealthCmd=["pg_isready","-U","miniflux"]
+HealthInterval=10s
+HealthStartPeriod=30s
+Pod=miniflux.pod
+
+Notify=healthy
+Volume={{ postgres_data_dir }}:/var/lib/postgresql/data
+
+[Service]
+Restart=always
diff --git a/roles/any.software.miniflux-podman/templates/miniflux.env.j2 b/roles/any.software.miniflux-podman/templates/miniflux.env.j2
new file mode 100644
index 0000000..68d8b11
--- /dev/null
+++ b/roles/any.software.miniflux-podman/templates/miniflux.env.j2
@@ -0,0 +1,11 @@
+DATABASE_URL=postgres://miniflux:miniflux@localhost:5432/miniflux?sslmode=disable
+RUN_MIGRATIONS=1
+CREATE_ADMIN=1
+ADMIN_USERNAME={{ miniflux_admin_username }}
+ADMIN_PASSWORD={{ miniflux_admin_password }}
+
+WORKER_POOL_SIZE=1
+BASE_URL=https://nws.roosens.me
+
+CLEANUP_ARCHIVE_UNREAD_DAYS=-1
+CLEANUP_ARCHIVE_READ_DAYS=-1