Add kanbord

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Add kanbord
Signed-off-by: Florian Pritz <bluewind@xinu.at>
5054193c · Florian Pritz · 79d28122 · 5054193c · 5054193c · 5054193c
Commit 5054193c authored Mar 04, 2017 by Florian Pritz
--- a/group_vars/all/kanboard.yml
+++ b/group_vars/all/kanboard.yml
+$ANSIBLE_VAULT;1.1;AES256
+35353936623030636232393539393164396365376130343161636139613764316664373330613937
+3933613364346461356462363364373634313837663730650a663039376662633337386465333531
+62313138613939353961386639323132643763346536626435653638356261376237616161616432
+3135646239633537390a366534376333346238323466656365633730323731376630383562616264
+34636232636435313039623134653862366630343733373035396139363933323839396566616535
+61356234356163643366343464303163633761333339623865366165376237383164363235323439
+316335636134333430366536383031646434
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -30,3 +30,4 @@
    - { role: flyspray, tags: ["flyspray"] }
    - { role: mailman, mailman_domain: "lists.archlinux.org", tags: ["mailman"] }
    - { role: patchwork, tags: ["patchwork"] }
+    - { role: kanboard, tags: ["kanboard"] }
--- a/roles/kanboard/defaults/main.yml
+++ b/roles/kanboard/defaults/main.yml
+---
+
+kanboard_dir: "/srv/http/kanboard"
+kanboard_domain: "kanboard.archlinux.org"
+
+kanboard_db_user: "kanboard"
+kanboard_db: "kanboard"
+
--- a/roles/kanboard/handlers/main.yml
+++ b/roles/kanboard/handlers/main.yml
+---
+
+- name: restart php-fpm@kanboard
+  service: name=php-fpm@kanboard state=restarted
--- a/roles/kanboard/tasks/main.yml
+++ b/roles/kanboard/tasks/main.yml
+---
+
+- name: install packages
+  pacman: name=git,php-composer state=present
+
+- name: make kanboard user
+  user: name=kanboard shell=/bin/false home="{{ kanboard_dir }}" createhome=no
+
+- name: clone kanboard git repo
+  git: repo=https://github.com/kanboard/kanboard.git dest="{{kanboard_dir}}" version=stable
+
+- name: install nginx config
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/kanboard.conf owner=root group=root mode=644
+  notify:
+    - reload nginx
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ kanboard_domain }} state=directory owner=root group=root mode=0755
+
+- name: make dirs for webuser
+  file: path="{{kanboard_dir}}/{{item}}" owner=kanboard mode=700 state=directory
+  with_items:
+    - data
+    - .composer
+    - vendor
+
+- name: install composer dependencies
+  composer: command="install" working_dir="{{kanboard_dir}}"
+  become: true
+  become_user: kanboard
+
+- name: create kanboard db user
+  postgresql_user: name={{ kanboard_db_user }} password={{ kanboard_db_password }}
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: create kanboard db
+  postgresql_db: db="{{kanboard_db}}"
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: install kanboard config
+  template: src=config.php.j2 dest="{{kanboard_dir}}/config.php" owner=root group=kanboard mode=640
+
+- name: configure php-fpm
+  template:
+    src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/kanboard.conf"
+    owner=root group=root mode=0644
+  notify:
+    - restart php-fpm@kanboard
+
+- name: start and enable systemd socket
+  service: name=php-fpm@kanboard.socket state=running enabled=true
--- a/roles/kanboard/templates/config.php.j2
+++ b/roles/kanboard/templates/config.php.j2
+<?php
+
+define('DB_DRIVER', 'postgres');
+define('DB_USERNAME', '{{kanboard_db_user}}');
+define('DB_PASSWORD', '{{kanboard_db_password}}');
+define('DB_HOSTNAME', 'localhost');
+define('DB_NAME', '{{kanboard_db}}');
--- a/roles/kanboard/templates/nginx.d.conf.j2
+++ b/roles/kanboard/templates/nginx.d.conf.j2
+upstream kanboard {
+    server unix:///run/php-fpm/kanboard.socket;
+}
+
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ kanboard_domain }};
+
+    access_log   /var/log/nginx/{{ kanboard_domain }}/access.log;
+    error_log    /var/log/nginx/{{ kanboard_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ kanboard_domain }};
+
+    access_log   /var/log/nginx/{{ kanboard_domain }}/access.log;
+    error_log    /var/log/nginx/{{ kanboard_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ kanboard_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ kanboard_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ kanboard_domain }}/chain.pem;
+
+    root {{ kanboard_dir }};
+
+    location /data {
+        deny all;
+    }
+
+    location ~ \.php$ {
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        fastcgi_pass kanboard;
+    }
+}
--- a/roles/kanboard/templates/php-fpm.conf.j2
+++ b/roles/kanboard/templates/php-fpm.conf.j2
+[global]
+error_log = syslog
+daemonize = no
+
+[kanboard]
+listen = /run/php-fpm/kanboard.socket
+listen.owner = kanboard
+listen.group = http
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2000
+
+php_admin_value[open_basedir] = {{ kanboard_dir }}:/tmp
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 200
+php_admin_value[opcache.revalidate_freq] = 60
+php_admin_value[opcache.fast_shutdown] = 1
+php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen