From 781b9c31decac2814b036f775119de29d1820a76 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Tue, 1 Oct 2024 14:35:42 +0200 Subject: [PATCH] kanboard: add config --- roles/kanboard-web/meta/main.yml | 3 + roles/kanboard-web/tasks/main.yml | 9 +++ .../templates/kanboard.Caddyfile.j2 | 3 + roles/kanboard/files/compose.yml | 10 +++ roles/kanboard/files/kanboard.data.backup.sh | 12 ++++ .../kanboard/files/kanboard.plugins.backup.sh | 12 ++++ roles/kanboard/files/kanboard.service | 13 ++++ roles/kanboard/handlers/main.yml | 5 ++ roles/kanboard/tasks/main.yml | 71 +++++++++++++++++++ 9 files changed, 138 insertions(+) create mode 100644 roles/kanboard-web/meta/main.yml create mode 100644 roles/kanboard-web/tasks/main.yml create mode 100644 roles/kanboard-web/templates/kanboard.Caddyfile.j2 create mode 100644 roles/kanboard/files/compose.yml create mode 100644 roles/kanboard/files/kanboard.data.backup.sh create mode 100644 roles/kanboard/files/kanboard.plugins.backup.sh create mode 100644 roles/kanboard/files/kanboard.service create mode 100644 roles/kanboard/handlers/main.yml create mode 100644 roles/kanboard/tasks/main.yml diff --git a/roles/kanboard-web/meta/main.yml b/roles/kanboard-web/meta/main.yml new file mode 100644 index 0000000..1dbd0f6 --- /dev/null +++ b/roles/kanboard-web/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: caddy diff --git a/roles/kanboard-web/tasks/main.yml b/roles/kanboard-web/tasks/main.yml new file mode 100644 index 0000000..b25ba17 --- /dev/null +++ b/roles/kanboard-web/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Ensure Caddyfile is present + template: + src: 'kanboard.Caddyfile.j2' + dest: '/etc/caddy/kanboard.Caddyfile' + owner: root + group: root + mode: '0644' + notify: caddy-reload diff --git a/roles/kanboard-web/templates/kanboard.Caddyfile.j2 b/roles/kanboard-web/templates/kanboard.Caddyfile.j2 new file mode 100644 index 0000000..93c6727 --- /dev/null +++ b/roles/kanboard-web/templates/kanboard.Caddyfile.j2 @@ -0,0 +1,3 @@ +kanban.roosens.me { + reverse_proxy {{ hostvars[groups['kanboard'][0]].static_ip }}:8011 +} diff --git a/roles/kanboard/files/compose.yml b/roles/kanboard/files/compose.yml new file mode 100644 index 0000000..3337306 --- /dev/null +++ b/roles/kanboard/files/compose.yml @@ -0,0 +1,10 @@ +services: + kanboard: + image: 'kanboard/kanboard:v1.2.39' + restart: 'always' + + ports: + - '8011:80' + volumes: + - '/mnt/data1/kanboard/data:/var/www/app/data' + - '/mnt/data1/kanboard/plugins:/var/www/app/plugins' diff --git a/roles/kanboard/files/kanboard.data.backup.sh b/roles/kanboard/files/kanboard.data.backup.sh new file mode 100644 index 0000000..d10600a --- /dev/null +++ b/roles/kanboard/files/kanboard.data.backup.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +data_dir='/mnt/data1/kanboard/data' +snapshot_dir="${data_dir}.snapshot" + +# Read-only snapshot for atomic backup +btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? + +/usr/local/bin/restic backup "$snapshot_dir" + +# Always remove snapshot subvolume, even if restic fails +btrfs subvolume delete "$snapshot_dir" diff --git a/roles/kanboard/files/kanboard.plugins.backup.sh b/roles/kanboard/files/kanboard.plugins.backup.sh new file mode 100644 index 0000000..1455907 --- /dev/null +++ b/roles/kanboard/files/kanboard.plugins.backup.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +data_dir='/mnt/data1/kanboard/plugins' +snapshot_dir="${data_dir}.snapshot" + +# Read-only snapshot for atomic backup +btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? + +/usr/local/bin/restic backup "$snapshot_dir" + +# Always remove snapshot subvolume, even if restic fails +btrfs subvolume delete "$snapshot_dir" diff --git a/roles/kanboard/files/kanboard.service b/roles/kanboard/files/kanboard.service new file mode 100644 index 0000000..5df8850 --- /dev/null +++ b/roles/kanboard/files/kanboard.service @@ -0,0 +1,13 @@ +[Unit] +Description=Project management software that focuses on the Kanban methodology +After=docker.service +Requires=docker.service + +[Service] +Type=exec +WorkingDirectory=/etc/kanboard +ExecStart=/usr/bin/docker compose up +ExecStop=/usr/bin/docker compose down + +[Install] +WantedBy=multi-user.target diff --git a/roles/kanboard/handlers/main.yml b/roles/kanboard/handlers/main.yml new file mode 100644 index 0000000..d034b11 --- /dev/null +++ b/roles/kanboard/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: 'restart kanboard' + ansible.builtin.service: + name: 'kanboard' + state: 'restarted' diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml new file mode 100644 index 0000000..32ad344 --- /dev/null +++ b/roles/kanboard/tasks/main.yml @@ -0,0 +1,71 @@ +--- +- name: Ensure data directory is present + ansible.builtin.file: + path: '/mnt/data1/kanboard' + state: directory + mode: '0755' + owner: 'root' + group: 'root' + +- name: Ensure data subvolumes are present + community.general.btrfs_subvolume: + name: '/kanboard/{{ item }}' + loop: + - 'data' + - 'plugins' + +- name: Ensure subvolume permissions are correct + ansible.builtin.file: + path: "/mnt/data1/kanboard/{{ item }}" + state: directory + mode: '0755' + owner: '100' + group: '101' + loop: + - 'data' + - 'plugins' + +- name: Ensure configuration directory is present + ansible.builtin.file: + path: '/etc/kanboard' + state: directory + mode: '0755' + +- name: Ensure compose file is present + ansible.builtin.copy: + src: 'compose.yml' + dest: '/etc/kanboard/compose.yml' + mode: '0644' + owner: 'root' + group: 'root' + notify: 'restart kanboard' + +- name: Ensure backup scripts are present + ansible.builtin.copy: + src: "kanboard.{{ item }}.backup.sh" + dest: "/etc/backups/kanboard.{{ item }}.backup.sh" + owner: 'root' + group: 'root' + mode: '0644' + loop: + - 'data' + - 'plugins' + +- name: Ensure service file is present + ansible.builtin.copy: + src: 'kanboard.service' + dest: '/lib/systemd/system/kanboard.service' + owner: 'root' + group: 'root' + mode: '0644' + register: res + +- name: systemd-reload + ansible.builtin.systemd_service: + daemon_reload: true + when: 'res.changed' + +- name: Ensure kanboard service is enabled + ansible.builtin.service: + name: 'kanboard' + enabled: true