Deploy vikunja

2023-09-07 20:18:32 +01:00 · 2023-09-07 20:18:32 +01:00 · e56ffa576f
parent d16feb2f89
commit e56ffa576f
9 changed files with 113 additions and 2 deletions
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -15,4 +15,4 @@ rules:
    quote-type: double
    required: only-when-needed
  line-length:
-    max: 160
+    max: 200
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -67,6 +67,7 @@
    - tandoor
    - mastodon
    - gitea
+    - vikunja

 - hosts: ingress
  roles:
--- a/ansible/roles/forrest/files/prometheus/prometheus.yml
+++ b/ansible/roles/forrest/files/prometheus/prometheus.yml
@ -49,6 +49,7 @@ scrape_configs:
      module: [http]
    static_configs:
      - targets:
+          - https://0rng.one
          - https://bin.theorangeone.net
          - https://git.theorangeone.net/api/healthz
          - https://grafana.jakehoward.tech/api/health
@ -61,10 +62,10 @@ scrape_configs:
          - https://notes.theorangeone.net
          - https://plausible.theorangeone.net
          - https://recipes.jakehoward.tech
+          - https://tasks.jakehoward.tech/health
          - https://theorangeone.net
          - https://tt-rss.jakehoward.tech
          - https://vaultwarden.jakehoward.tech/alive
-          - https://0rng.one
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
--- a/ansible/roles/vikunja/files/docker-compose.yml
+++ b/ansible/roles/vikunja/files/docker-compose.yml
@ -0,0 +1,67 @@
+version: "2.3"
+
+services:
+  api:
+    image: vikunja/api:latest
+    restart: unless-stopped
+    environment:
+      - VIKUNJA_DATABASE_HOST=db
+      - VIKUNJA_DATABASE_PASSWORD=vikunja
+      - VIKUNJA_DATABASE_TYPE=postgres
+      - VIKUNJA_DATABASE_USER=vikunja
+      - VIKUNJA_DATABASE_DATABASE=vikunja
+      - VIKUNJA_SERVICE_FRONTENDURL=https://tasks.jakehoward.tech
+      - VIKUNJA_SERVICE_JWTSECRET="{{ jwt_secret }}"
+      - VIKUNJA_SERVICE_ENABLEREGISTRATION=false
+      - VIKUNJA_SERVICE_TIMEZONE={{ timezone }}
+      - VIKUNJA_REDIS_HOST=redis:6379
+      - VIKUNJA_REDIS_ENABLED=true
+      - VIKUNJA_LOG_PATH=/dev/stdout
+      - VIKUNJA_KEYVALUE_TYPE=redis
+      - TZ={{ timezone }}
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.vikunja-api.rule=Host(`tasks.jakehoward.tech`) && (PathPrefix(`/api/v1`) || PathPrefix(`/dav/`) || PathPrefix(`/.well-known/`) || Path(`/health`))
+    volumes:
+      - /mnt/tank/app-data/vikunja/files:/app/vikunja/files
+    depends_on:
+      - db
+      - redis
+    networks:
+      - default
+      - traefik
+
+  frontend:
+    image: vikunja/frontend:latest
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.vikunja-frontend.rule=Host(`tasks.jakehoward.tech`)
+    environment:
+      - VIKUNJA_SENTRY_DSN=
+    networks:
+      - default
+      - traefik
+    depends_on:
+      - api
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/postgres/vikunja/:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=vikunja
+      - POSTGRES_USER=vikunja
+
+  redis:
+    image: redis:6-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/redis/vikunja/:/data
+
+networks:
+  traefik:
+    external: true
--- a/ansible/roles/vikunja/handlers/main.yml
+++ b/ansible/roles/vikunja/handlers/main.yml
@ -0,0 +1,4 @@
+- name: restart vikunja
+  shell:
+    chdir: /opt/vikunja
+    cmd: "{{ docker_update_command }}"
--- a/ansible/roles/vikunja/tasks/main.yml
+++ b/ansible/roles/vikunja/tasks/main.yml
@ -0,0 +1,20 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/vikunja
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/vikunja/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart vikunja
+  become: true
--- a/ansible/roles/vikunja/vars/main.yml
+++ b/ansible/roles/vikunja/vars/main.yml
@ -0,0 +1 @@
+jwt_secret: "{{ vault_jwt_secret }}"
--- a/ansible/roles/vikunja/vars/vault.yml
+++ b/ansible/roles/vikunja/vars/vault.yml
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+36386230316234323435653664353232393139643966653230363861633063366364643037353438
+3836623061316662643931306133616163306263343165350a396563636531323264386261363136
+36373162663965353635663266323935353733326461313863313764386361343066313638636166
+6130623932313961650a643539356264646361363938383065393338666637303533663139363737
+39666164306130333864303133626631663661656533353365633538646538366461663139303961
+66323834383731376638366334306564636532613961383761383933373235626633363065343636
+39326561663665333437306132626238326662623865393164333039663230303366616561383639
+38613161623934303365
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@ -205,6 +205,14 @@ resource "cloudflare_record" "jakehowardtech_collabora" {
  ttl     = 1
 }

+resource "cloudflare_record" "jakehowardtech_tasks" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "tasks"
+  value   = linode_instance.casey.ip_address
+  type    = "A"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "@"