ansible-role-kanboard/tasks/main.yml

---
# - name: install git in host
#   apt: name=git state=present

# - name: checkout kanboard source
#   git:
#     repo: https://github.com/kanboard/kanboard.git
#     dest: /tmp/kanboard-source

# - name: find latest tag
#   command: git describe --abbrev=0
#   args:
#     chdir: /tmp/kanboard-source
#   register: kb_ver

# - name: checkout kanboard source tag {{ kb_ver.stdout }}
#   git:
#     repo: https://github.com/kanboard/kanboard.git
#     dest: /tmp/kanboard-source
#     version: "{{ kb_ver.stdout }}"

# - name: build dir
#   file:
#     path: /tmp/build.kanboard/src
#     state: directory

# - name: find latest release
#   uri:
#     url: https://api.github.com/repos/kanboard/kanboard/releases/latest
#     return_content: yes
#   register: latest

# - name: download latest release
#   unarchive:
#     src: "https://github.com/kanboard/kanboard/archive/{{ latest.json.tag_name }}.tar.gz"
#     dest: /tmp/build.kanboard/src
#     remote_src: yes
#   register: dl

# - name: link release dir
#   file:
#     src: /tmp/build.kanboard/src/kanboard-{{ latest.json.tag_name|regex_replace('^v') }}
#     path: /tmp/build.kanboard/src/kanboard
#     state: link

# - name: copy build files
#   copy: src={{ item }} dest=/tmp/build.kanboard/
#   loop:
#     - Dockerfile
#     - Caddyfile
#   register: cp

# - name: build image
#   docker_image:
#     path: /tmp/build.kanboard
#     name: "{{ kanboard_image_name }}"
#     tag: "{{ latest.json.tag_name }}"
#     force: "{{ dl is changed or cp is changed }}"
#   register: b_img

- name: create kanboard data volume
  docker_volume:
    name: kanboard_data
    state: present
  register: kbdatavol

- name: kanboard configuration file
  copy:
    content: |
      <?php
      {% if kanboard_use_ldap %}

      // Enable LDAP authentication (false by default)
      define('LDAP_AUTH', true);

      // LDAP server hostname
      define('LDAP_SERVER', '{{ ldap_uri }}');

      // LDAP properties
      define('LDAP_USER_BASE_DN', 'ou=People,{{ ldap_base_dn }}');
      define('LDAP_USER_FILTER', 'uid=%s');

      {% endif %}

      // Enable captcha after 3 authentication failure
      define('BRUTEFORCE_CAPTCHA', 10);

      // Lock the account after 6 authentication failure
      define('BRUTEFORCE_LOCKDOWN', 50);

      // Lock account duration in minutes
      define('BRUTEFORCE_LOCKDOWN_DURATION', 30);

    dest: "{{ kbdatavol.volume.Mountpoint }}/config.php"
  register: kb_config

- name: start container
  docker_container:
    image: kanboard/kanboard
    pull: yes
    name: "{{ kanboard_container_name }}"
    ports:
    volumes:
      - kanboard_data:/var/www/app/data
      - kanboard_plugins:/var/www/app/plugins
    env:
    networks:
      - name: "{{ docker_network_name }}"

- name: copy frontend config
  copy:
    content: |
      server {
      listen 80;
      server_name kanban.mau.ro;
      root   /www;
      index  index.html index.htm;
      rewrite ^ https://$http_host$request_uri? permanent;
      include conf.d/enabled-http/certbot.conf;
      }

      server {
      listen 443 ssl;
      server_name kanban.mau.ro;
      root   /www;
      index  index.html index.htm;
      location / {
          proxy_set_header Host $http_host;
          proxy_pass https://{{ kanboard_container_name }};
      }
      include conf.d/enabled-https/certbot.conf;
      }
    dest: "{{ frontend_mountpoint_config }}/kanboard.conf"
  register: fe_config

- name: restart frontend
  docker_container:
    name: "{{ frontend_container_name }}"
    restart: yes
  when: fe_config is changed

- name: restart kanboard
  docker_container:
    name: "{{ kanboard_container_name }}"
    restart: yes
  when: kb_config is changed