Updates

docker/kan/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  web:
+    image: ghcr.io/kanbn/kan:latest
+    container_name: kan-web
+    ports:
+      - "7070:3000"
+    environment:
+      NEXT_PUBLIC_BASE_URL: http://localhost:3000
+      BETTER_AUTH_SECRET: your_auth_secret
+      POSTGRES_URL: postgresql://kan:password@10.89.0.102:5432/kan
+      NEXT_PUBLIC_ALLOW_CREDENTIALS: true
+    restart: unless-stopped

hosts.yml

@@ -21,3 +21,5 @@ all:
           ansible_host: 10.89.0.106
         streaming:
           ansible_host: 10.89.0.107
+        apps:
+          ansible_host: 10.89.0.108

playbooks/apps/kan.yml

@@ -0,0 +1,23 @@
+---
+- name: Deploy Kan.bn app
+  hosts: apps
+  become: true
+  roles:
+    - role: app/database
+      vars:
+        app_name: kan
+  tasks:
+    - name: Create kan-web container with correct ports
+      community.docker.docker_container:
+        name: kan-web
+        image: ghcr.io/kanbn/kan:latest
+        pull: true
+        state: started
+        restart_policy: unless-stopped
+        ports:
+          - "7070:3000"
+        env:
+          NEXT_PUBLIC_BASE_URL: "https://tasks.thegrind.dev"
+          BETTER_AUTH_SECRET:  "your_auth_secret"
+          POSTGRES_URL:        "postgresql://kan:password@10.89.0.102:5432/kan"
+          NEXT_PUBLIC_ALLOW_CREDENTIALS: "true"

playbooks/server/base.yml

@@ -6,4 +6,4 @@
     - role: docker/install
     - role: docker/portainer
     - role: server/setup/sshkey
-    - role: server/setup/webmin
+    # - role: server/setup/webmin # Currently not working but fix eventually

roles/docker/install/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Install prerequisite packages
+  ansible.builtin.apt:
+    name:
+    - ca-certificates
+    - curl
+    state: present
+
+- name: Create apt keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download Docker GPG key
+  ansible.builtin.get_url:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
+
+- name: Add Docker apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [arch={{ docker_arch }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    filename: docker
+    state: present
+  vars:
+    docker_arch: "{{ ansible_architecture | regex_replace('x86_64', 'amd64') }}"
+
+- name: Update apt cache after adding Docker repository
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install Docker packages
+  ansible.builtin.apt:
+    name:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+    state: present

roles/docker/portainer/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: Pull Portainer Agent image
+  become: true
+  community.docker.docker_image:
+    name: portainer/agent
+    tag: latest
+    source: pull
+
+- name: Deploy Portainer Agent container
+  become: true
+  community.docker.docker_container:
+    name: portainer_agent
+    image: portainer/agent
+    pull: false           # we already pulled above
+    state: started
+    restart_policy: always
+    ports:
+      - "9001:9001"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+      - /:/host
+    timeout: 120      # wait up to 2m for it to come up

roles/postgres/priviledges/tasks/main.yml

@@ -1,4 +1,18 @@
 ---
+- name: Grant database-level privileges on "{{ database }}"
+  delegate_to: localhost
+  community.postgresql.postgresql_privs:
+    db: "{{ database }}"
+    type: database
+    objs: "{{ database }}"
+    privs: "CREATE"
+    role: "{{ user }}"
+    state: present
+    login_host: "{{ pg_host }}"
+    login_port: "{{ pg_port }}"
+    login_user: "{{ pg_user }}"
+    login_password: "{{ pg_password }}"
+
 - name: Give user full priviledges on database
   delegate_to: localhost
   community.postgresql.postgresql_privs:

roles/server/setup/webmin/defaults/main.yml

@@ -0,0 +1,8 @@
+# roles/webmin/defaults/main.yml
+webmin_repo_url: https://download.webmin.com
+webmin_dist: stable
+webmin_section: contrib
+
+# Optional HTTP auth
+webmin_auth_user: javi
+webmin_auth_pass: password

roles/server/setup/webmin/tasks/main.yml

@@ -1,40 +1,66 @@
 ---
-- name: Install required dependencies
+- name: Remove any old/malformed Webmin sources list
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d/webmin.list
+    state: absent
+
+- name: Remove any old Webmin keyring
+  ansible.builtin.file:
+    path: /usr/share/keyrings/webmin-archive-keyring.gpg
+    state: absent
+
+- name: Install Webmin GPG key into its own keyring
+  ansible.builtin.apt_key:
+    url: https://download.webmin.com/developers-key.asc
+    keyring: /usr/share/keyrings/webmin-archive-keyring.gpg
+    state: present
+
+- name: Add Webmin APT repository
+  ansible.builtin.apt_repository:
+    filename: webmin
+    repo: >-
+      deb [signed-by=/usr/share/keyrings/webmin-archive-keyring.gpg]
+      https://download.webmin.com/download/repository
+      sarge contrib
+    state: present
+
+- name: Ensure apt prerequisites are installed
   ansible.builtin.apt:
     name:
-      - wget
+      - curl
+      - gnupg
       - apt-transport-https
-      - software-properties-common
+      - ca-certificates
     state: present
     update_cache: true
 
-- name: Add Webmin repository
+- name: Configure APT HTTP auth for Webmin
+  when: webmin_auth_user is defined and webmin_auth_pass is defined
   ansible.builtin.copy:
-    dest: /etc/apt/sources.list.d/webmin.list
+    dest: /etc/apt/auth.conf.d/webmin.conf
-    content: "deb http://download.webmin.com/download/repository sarge contrib"
+    mode: '0600'
-    owner: javi
+    content: |
-    group: javi
+      machine {{ webmin_repo_url | regex_replace('^https?://','') }}
-    mode: '0777'
+      login {{ webmin_auth_user }}
+      password {{ webmin_auth_pass }}
 
-- name: Add Webmin GPG key
+- name: Remove old Webmin preference file
-  ansible.builtin.apt_key:
+  ansible.builtin.file:
-    url: https://www.webmin.com/jcameron-key.asc
+    path: /etc/apt/preferences.d/webmin-stable-package-priority
-    state: present
+    state: absent
 
-- name: Update apt cache
+- name: Refresh apt cache
   ansible.builtin.apt:
     update_cache: true
 
-- name: Install Webmin with recommended packages
+- name: Install Webmin
   ansible.builtin.apt:
     name:
       - webmin
     state: present
-    update_cache: true
-    install_recommends: true
 
-- name: Ensure Webmin service is enabled and running
+- name: Ensure Webmin service is enabled & started
-  ansible.builtin.systemd:
+  ansible.builtin.service:
     name: webmin
+    state: started
     enabled: true
-    state: started