any.software.miniflux-podman: added role

2025-12-23 22:49:58 +01:00 · 2025-12-23 22:49:58 +01:00 · 74cf571e05
commit 74cf571e05
parent adb96c3028
10 changed files with 204 additions and 25 deletions
--- a/roles/any.software.miniflux-podman/files/miniflux-app.container
+++ b/roles/any.software.miniflux-podman/files/miniflux-app.container
@ -0,0 +1,14 @@
+# vim: ft=systemd
+[Unit]
+Requires=miniflux-postgres.service
+
+[Container]
+Image=docker.io/miniflux/miniflux:2.2.7
+EnvironmentFile=/etc/miniflux/miniflux.env
+Pod=miniflux.pod
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
--- a/roles/any.software.miniflux-podman/files/miniflux.Caddyfile
+++ b/roles/any.software.miniflux-podman/files/miniflux.Caddyfile
@ -0,0 +1,5 @@
+nws.roosens.me {
+    reverse_proxy localhost:8002 {
+        header_down +X-Robots-Tag "none"
+    }
+}
--- a/roles/any.software.miniflux-podman/files/miniflux.backup.sh
+++ b/roles/any.software.miniflux-podman/files/miniflux.backup.sh
@ -0,0 +1,5 @@
+cd /etc/miniflux
+
+/usr/bin/docker compose exec -T db pg_dump -U miniflux miniflux |
+    /usr/bin/gzip --rsyncable |
+    /usr/local/bin/restic backup --stdin --stdin-filename miniflux-postgres.sql.gz
--- a/roles/any.software.miniflux-podman/files/miniflux.pod
+++ b/roles/any.software.miniflux-podman/files/miniflux.pod
@ -0,0 +1,3 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=127.0.0.1:8002:8080
--- a/roles/any.software.miniflux-podman/meta/main.yml
+++ b/roles/any.software.miniflux-podman/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: any.tools.caddy
--- a/roles/any.software.miniflux-podman/tasks/main.yml
+++ b/roles/any.software.miniflux-podman/tasks/main.yml
@ -0,0 +1,67 @@
+---
+- name: Ensure systemd directory is present
+  ansible.builtin.file:
+    path: '/home/debian/.config/containers/systemd'
+    state: 'directory'
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+
+- name: Ensure Quadlet files are present
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'miniflux-postgres.container'
+
+- name: Ensure Quadlet files is present
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'miniflux-app.container'
+    - 'miniflux.pod'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/miniflux'
+    state: directory
+    mode: '0755'
+
+- name: Ensure environment file is present
+  ansible.builtin.template:
+    src: 'miniflux.env.j2'
+    dest: '/etc/miniflux/miniflux.env'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  register: res
+
+- name: Ensure Caddyfile is present
+  copy:
+    src: 'miniflux.Caddyfile'
+    dest: '/etc/caddy/miniflux.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: reload caddy
+
+# - name: Ensure stack is deployed
+#   ansible.builtin.shell:
+#     chdir: '/etc/miniflux'
+#     cmd: 'docker compose up -d --remove-orphans'
+#   when: 'res.changed'
+
+# - name: Ensure backup script is present
+#   ansible.builtin.copy:
+#     src: 'miniflux.backup.sh'
+#     dest: '/etc/backups/miniflux.backup.sh'
+#     owner: 'root'
+#     group: 'root'
+#     mode: '0644'
--- a/roles/any.software.miniflux-podman/templates/compose.yml.j2
+++ b/roles/any.software.miniflux-podman/templates/compose.yml.j2
@ -0,0 +1,47 @@
+# vim: ft=yaml
+version: '3'
+name: 'miniflux'
+
+services:
+  app:
+    image: 'miniflux/miniflux:2.2.7'
+    restart: 'always'
+
+    # depends_on:
+    #   db:
+        # condition: service_healthy
+
+    environment:
+      - DATABASE_URL=postgres://miniflux:miniflux@db/miniflux?sslmode=disable
+      - RUN_MIGRATIONS=1
+      - CREATE_ADMIN=1
+      - ADMIN_USERNAME=admin
+      - ADMIN_PASSWORD=password
+
+      # Don't stress the system too much
+      - WORKER_POOL_SIZE=1
+      - BASE_URL=https://nws.roosens.me
+
+      # Default scheduling settings should be good
+
+      # I'm a hoarder
+      - CLEANUP_ARCHIVE_UNREAD_DAYS=-1
+      - CLEANUP_ARCHIVE_READ_DAYS=-1
+    ports:
+      - "127.0.0.1:8002:8080"
+
+  db:
+    image: 'postgres:16.1-alpine'
+    restart: 'always'
+
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      start_period: 30s
+
+    environment:
+      - POSTGRES_USER=miniflux
+      - POSTGRES_PASSWORD=miniflux
+      - POSTGRES_DB=miniflux
+    volumes:
+      - /mnt/data1/miniflux/postgres:/var/lib/postgresql/data
--- a/roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2
+++ b/roles/any.software.miniflux-podman/templates/miniflux-postgres.container.j2
@ -0,0 +1,15 @@
+# vim: ft=systemd
+[Container]
+Image=docker.io/postgres:16.1-alpine
+
+Environment=POSTGRES_USER=miniflux POSTGRES_PASSWORD=miniflux POSTGRES_DB=miniflux
+HealthCmd=["pg_isready","-U","miniflux"]
+HealthInterval=10s
+HealthStartPeriod=30s
+Pod=miniflux.pod
+
+Notify=healthy
+Volume={{ postgres_data_dir }}:/var/lib/postgresql/data
+
+[Service]
+Restart=always
--- a/roles/any.software.miniflux-podman/templates/miniflux.env.j2
+++ b/roles/any.software.miniflux-podman/templates/miniflux.env.j2
@ -0,0 +1,11 @@
+DATABASE_URL=postgres://miniflux:miniflux@localhost:5432/miniflux?sslmode=disable
+RUN_MIGRATIONS=1
+CREATE_ADMIN=1
+ADMIN_USERNAME={{ miniflux_admin_username }}
+ADMIN_PASSWORD={{ miniflux_admin_password }}
+
+WORKER_POOL_SIZE=1
+BASE_URL=https://nws.roosens.me
+
+CLEANUP_ARCHIVE_UNREAD_DAYS=-1
+CLEANUP_ARCHIVE_READ_DAYS=-1