libretic/ansible-role-docker_kanboard
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Premier commit

Browse source
This commit is contained in:
Navas 2022-04-30 13:01:01 +02:00
commit df204a7b66
10 changed files with 174 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
README.md Normal file
View file

@ -0,0 +1,59 @@
# Role : docker_kanboard
## Services fournis
- main.yml : Installation de kanboard sur un serveur docker_host -
Kanboard est configuré en lien avec un annuaire LDAP pour l'authentification
- configure_reverse_proxy.yml : Configuration d'un reverse proxy préalablement installé par le role reverse_proxy
## Variables
Fournir les variables suivantes. Par exemple :
```yaml
docker_kanboard_fqdn: kanboard.libretic.fr
docker_kanboard_data_dir: /data1
docker_kanboard_service_id: kanboard
docker_kanboard_rp_cert: LE
docker_kanboard_rp_docker_host: machine.domaine.local
docker_kanboard_ldap_server: mon-serveur-ldap.domaine.local
docker_kanboard_ldab_binddn: uid=compte-service-kanboard,ou=comptes-de-service,dc=domaine,dc=local
docker_kanboard_ldap_bindpwd: mdp_du_compte_de_service
docker_kanboard_ldap_users_base: ou=utilisateurs,dc=domaine,dc=local
docker_kanboard_ldap_users_filter: uid=%s
docker_kanboard_ldap_group_admin_dn: cn=administrateurs-kanboard,ou=groupes,dc=domaine,dc=local
docker_kanboard_ldap_group_manager_dn: cn=managers-kanboard,ou=groupes,dc=domaine,dc=local
docker_kanboard_ldap_groups_base: ou=groupes,dc=domaine,dc=local
docker_kanboard_ldap_groups_filter: "(&(objectClass=groupOfUniqueNames)(cn=%s*))"
docker_kanboard_mail_from: nepasrepondre@libretic.fr
docker_kanboard_mail_server: smtp-server.domaine.local
docker_kanboard_mail_helo: machine.domaine.local
```
| Option | Valeur par défaut | Description |
|---------------------------------------|-------------------|-------------------------------------------------------------------------------------------|
| docker_kanboard_fqdn | | Le nom de domaine pour lequel le service kanboard répond |
| docker_kanboard_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
| docker_kanboard_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
| docker_kanboard_ssh_port | 222 | Le numero de port local pour l'accès à kanboard par ssh |
| docker_kanboard_rp_docker_host | | pour configure_reverse_proxy.yml: fqdn de la machine contenant le conteneur docker |
| docker_kanboard_rp_cert | LE | Type de certificat pour le reverse proxy (LE = letsencrypt) |
| docker_kanboard_ldap_server | | Adresse du serveur LDAP |
| docker_kanboard_ldab_binddn | | DN du compte de service de connexion à l'annuaire LDAP |
| docker_kanboard_ldap_bindpwd | | Mot de passe du compte de service de connexion à l'annuaire LDAP |
| docker_kanboard_ldap_users_base | | DN du noeud de départ pour la recherche des utilisateurs |
| docker_kanboard_ldap_users_filter | | Filtre de recherche des utilisateurs |
| docker_kanboard_ldap_group_admin_dn | | DN du groupe des administrateurs de kanboard |
| docker_kanboard_ldap_group_manager_dn | | DN du groupe des managers de kanboard |
| docker_kanboard_ldap_groups_base | | DN du noeud de départ pour la recherche des groupes |
| docker_kanboard_ldap_groups_filter | | Filtre de recherche des groupes |
| docker_kanboard_mail_from | | Adresse email émettrice des messages envoyés par kanboard |
| docker_kanboard_mail_server | | Adresse du serveur SMTP pour l'envoi de mails |
| docker_kanboard_mail_helo | | fqdn présenté pour le helo smtp |

1
defaults/main.yml Normal file
View file

@ -0,0 +1 @@
docker_kanboard_rp_cert: LE

10
handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
- name: docker-compose-up
shell: |
docker-compose up -d
args:
chdir: /opt/{{ docker_kanboard_service_id }}/
- name: reverse-proxy-reload
service:
name: apache2
state: reloaded

11
tasks/configure_reverse_proxy.yml Normal file
View file

@ -0,0 +1,11 @@
- name: prepare reverse_proxy
template:
src: "{{ item }}"
dest: /etc/apache2/vhosts.d/{{ docker_kanboard_fqdn }}/
with_items:
- 0_vhost.conf
- 1_vhost_additional.conf
- 2_mds_exclusion.conf
notify: reverse-proxy-reload

15
tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
- name: docker directory
file:
path: /opt/{{ docker_kanboard_service_id }}/
state: directory
- name: prepare docker-compose.yml
template:
src: "{{ item }}"
dest: /opt/{{ docker_kanboard_service_id }}/
with_items:
- docker-compose.yml
- config.php
notify: docker-compose-up

2
templates/0_vhost.conf Normal file
View file

@ -0,0 +1,2 @@
# {{ ansible_managed }}
Use vhost_HTTPS_Generic {{ docker_kanboard_fqdn }} {{ docker_kanboard_rp_cert }} http {{ docker_kanboard_rp_docker_host }} info OpenAccessPolicy BlockCrawlerIndexing On

1
templates/1_vhost_additional.conf Normal file
View file

@ -0,0 +1 @@
# {{ ansible_managed }}

2
templates/2_mds_exclusion.conf Normal file
View file

@ -0,0 +1,2 @@
# {{ ansible_managed }}

50
templates/config.php Normal file
View file

@ -0,0 +1,50 @@
<?php
//
// {{ ansible_managed }}
//
defined('ENABLE_URL_REWRITE') or define('ENABLE_URL_REWRITE', true);
defined('LOG_DRIVER') or define('LOG_DRIVER', 'system');
// LDAP Configuration
define('LDAP_AUTH', true);
define('LDAP_SERVER', '{{ docker_kanboard_ldap_server }}');
define('LDAP_PORT', 389);
define('LDAP_BIND_TYPE', 'proxy');
define('LDAP_USERNAME', '{{ docker_kanboard_ldab_binddn }}');
define('LDAP_PASSWORD', '{{ docker_kanboard_ldap_bindpwd }}');
define('LDAP_USER_BASE_DN', '{{ docker_kanboard_ldap_users_base }}');
define('LDAP_USER_FILTER', '{{ docker_kanboard_ldap_users_filter }}');
define('LDAP_GROUP_ADMIN_DN', '{{ docker_kanboard_ldap_group_admin_dn }}');
define('LDAP_GROUP_MANAGER_DN', '{{ docker_kanboard_ldap_group_manager_dn }}');
define('LDAP_GROUP_PROVIDER', true);
define('LDAP_GROUP_BASE_DN', '{{ docker_kanboard_ldap_groups_base }}');
define('LDAP_GROUP_FILTER', '{{ docker_kanboard_ldap_groups_filter }}');
// Enable/disable email configuration from the user interface
define('MAIL_CONFIGURATION', true);
// E-mail address used for the "From" header (notifications)
define('MAIL_FROM', '{{ docker_kanboard_mail_from }}');
// Mail transport to use: "smtp", "sendmail" or "mail" (PHP mail function)
define('MAIL_TRANSPORT', 'smtp');
// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', '{{ docker_kanboard_mail_server }}');
define('MAIL_SMTP_PORT', 25);
define('MAIL_SMTP_USERNAME', '');
define('MAIL_SMTP_PASSWORD', '');
define('MAIL_SMTP_HELO_NAME', '{{ docker_kanboard_mail_helo }}'); // valid: null (default), or FQDN
define('MAIL_SMTP_ENCRYPTION', null); // Valid values are "null", "ssl" or "tls"
// Enable captcha after 3 authentication failure
define('BRUTEFORCE_CAPTCHA', 3);
// Lock the account after 6 authentication failure
define('BRUTEFORCE_LOCKDOWN', 6);
// Lock account duration in minute
define('BRUTEFORCE_LOCKDOWN_DURATION', 15);

23
templates/docker-compose.yml Normal file
View file

@ -0,0 +1,23 @@
# {{ ansible_managed }}
version: '3.1'
services:
kanboard:
image: kanboard/kanboard:latest
volumes:
- ./config.php:/var/www/app/config.php
- {{ docker_kanboard_data_dir }}/{{ docker_kanboard_service_id }}/kanboard_data:/var/www/app/data
- {{ docker_kanboard_data_dir }}/{{ docker_kanboard_service_id }}/kanboard_plugins:/var/www/app/plugins
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.{{ docker_kanboard_service_id }}.entrypoints=web"
- "traefik.http.routers.{{ docker_kanboard_service_id }}.rule=Host(`{{ docker_kanboard_fqdn }}`)"
- "traefik.http.services.{{ docker_kanboard_service_id }}.loadbalancer.server.port=80"
networks:
- traefik
networks:
traefik:
external: true