|missytake 0616460412||4 months ago|
|README.md||1 year ago|
|backup.sh||1 year ago|
|brand-logo.png||1 year ago|
|client-setup.md||1 year ago|
|config.php||1 year ago|
|docker-compose.yml||4 months ago|
|traefik.toml||1 year ago|
Reading the Install Instructions I realized that we can setup kanboard with
docker-compose, thereby having already a nice documented setup. But we would
need to modify the docker-compose template at
a bit for our purpose:
All the plugins can apparently be installed in the web interface.
First I created a DNS entry for todo.0x90.space, with the ip address 18.104.22.168.
Then I destroyed and undefined the docker VM and deleted the bildungsstreik DNS record pointing towards it, to use it for this service. I also deleted the entries in the internal KVM network:
tech@lilith:~$ sudo virsh destroy docker Domain docker destroyed tech@lilith:~$ sudo virsh undefine docker Domain docker has been undefined tech@lilith:~$ sudo virsh net-update intern delete ip-dhcp-host "<host mac='52:54:00:d6:33:7' name='docker' ip='192.168.73.7'/>" --config Updated network intern persistent config tech@lilith:~/serverconf$ sudo virsh net-update intern delete ip-dhcp-host "<host name='docker' ip='2a01:4f8:10b:2e62::7'/>" --parent-index 1 --config --live Updated network intern persistent config and live state
I realized to late that there is a script for this, but I basically did the same steps manually.
Then I tried to create the new VM:
tech@lilith:~/serverconf$ cat create-public.sh #!/bin/sh echo -n 'Hostname: ' read hostname echo -n 'IP: ' read ip ip_hex=$(printf %x $ip) virsh net-update intern add-last ip-dhcp-host "<host mac='52:54:00:d6:33:$ip_hex' name='$hostname' ip='192.168.73.$ip' />" --config --live virsh net-update intern add-last ip-dhcp-host "<host name='$hostname' ip='2a01:4f8:10b:2e62::$ip_hex' />" --parent-index 1 --config --live sudo cp -f /var/lib/libvirt/images/public.qcow2 /var/lib/libvirt/images/$hostname.qcow2 virt-install --name $hostname --import --vcpus 1 --ram 2048 --disk /var/lib/libvirt/images/$hostname.qcow2 --network "network=intern,mac=52:54:00:d6:33:$ip_hex" --graphics none --noautoconsole --os-variant debian9 virsh autostart $hostname tech@lilith:~/serverconf$ ./create-public.sh Hostname: kanboard IP: 7 error: failed to connect to the hypervisor error: error from service: CheckAuthorization: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. ^C tech@lilith:~/serverconf$ sudo ./create-public.sh Hostname: kanboard IP: 7 error: Failed to update network intern error: Requested operation is not valid: there is an existing dhcp host entry in network 'intern' that matches "<host mac='52:54:00:d6:33:7' name='kanboard' ip='192.168.73.7'/>" Updated network intern persistent config and live state Starting install... ERROR error from service: ListActivatableNames: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start kanboard otherwise, please restart your installation. error: failed to get domain 'kanboard' error: Domain not found: no domain with matching name 'kanboard'
As this failed, I decided to restart libvirt on lilith, as this is not uncommon
after such a long uptime:
sudo service libvirtd restart. After that, the
domain creation went fine. I could perfectly login with
ssh firstname.lastname@example.org -p 42022 -i .ssh/id_rsa.
Then I executed these (optimizable) commands to install docker and docker-compose on the machine:
sudo apt update sudo apt upgrade -y # this triggered a grub update. I kept the current configuration and installed it to /dev/vda. sudo apt install -y curl sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo apt-get install -y \ apt-transport-https \ ca-certificates \ gnupg2 \ software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/debian \ $(lsb_release -cs) \ stable" sudo apt update sudo apt install -y docker-ce sudo usermod -aG docker tech
Then I had to logout and login again to update the group changes.
I cloned this repository to /opt/kanboard:
tech@docker:/opt$ sudo git clone https://git.links-tech.org/links-tech/kanboard Cloning into 'kanboard'... remote: Enumerating objects: 8, done. remote: Counting objects: 100% (8/8), done. remote: Compressing objects: 100% (8/8), done. remote: Total 8 (delta 1), reused 0 (delta 0) Unpacking objects: 100% (8/8), done. tech@docker:/opt$ sudo chown -R tech:tech kanboard/ tech@docker:/opt$ cd kanboard/
I generated passwords for the DB into links-tech/kanboard/env and copied them to /opt/kanboard/.env.
To create the files necessary for traefik, I executed these commands:
touch acme.json chmod 600 acme.json
Then I started the containers with
docker-compose up -d, e voilà! I could
login as 'admin' under https://todo.0x90.space.
First I changed the admin password and save it under links-tech/kanboard/admin.
For E-Mail configuration, I manually created the config.php and added some values. I saved them in pass at links-tech/kanboard/config.php. I pulled the changes and restarted the containers to apply the effects:
git pull docker-compose down --remove-orphans docker-compose up -d
I sent an E-Mail invite to myself to test whether it works. It didn't; neither did any of the other email configuration options. E-Mails don't work for now.
I followed the serverconf/doc/backup-new.md guide to set up backups.
Data I want to backup:
The backup script needs root, otherwise it can't read the docker volumes.
I created /root/.ssh/id_rsa without a passphrase. I added it to /home/tech/authorized_keys on cyberbackup, with the necessary restrictions. I created the /home/tech/repositories-borg/kanboard directory on cyberbackup. I added the ssh config like in the guide.
I installed borgbackup on the kanboard machine.
I created a borg repo with
borg init backup:repositories.borg/kanboard --encryption=repokey and generated the password to links-tech/kanboard/backup.
I wrote the backup.sh script in this repo,
git pulled it to the kanboard
host, changed the permissions to
700 root:root and added the passphrase from
Then I realized that the passphrase wasn't generated with -n and contained escape characters; borg key change-passphrase didn't work unfortunately. So I did this to fix it:
pass generate links-tech/kanboard/backup 60 -n
Now I could run the script and confirm the success afterwards:
root@docker:/opt/kanboard# /opt/kanboard/backup.sh Stopping kanboard_kanboard_1 ... done Stopping kanboard_traefik_1 ... done Starting kanboard ... done Starting traefik ... done root@docker:/opt/kanboard# borg list backup:repositories-borg/kanboard Enter passphrase for key ssh://backup/./repositories-borg/kanboard: backup20190718 Thu, 2019-07-18 15:37:23
crontab -e as root and added the following line:
20 2 * * * /opt/kanboard/backup.sh
To restore, you can probably do something like this, but I didn't test it yet:
# If the service is still running, stop it. cd /opt/kanboard docker-compose stop # Remove the current data, so you get a clean overwrite with the restore. rm -rf /var/lib/docker/volumes/kanboard_kanboard_data /var/lib/docker/volumes/kanboard_kb_database # You need to go to / to restore it, because borg remembers the paths. cd / # Extract the backup. You can pass the password as environment variable: export BORG_PASSPHRASE='password' borg extract backup:repositories-borg/kanboard::thebackupyouwant # Now you can restart the service and check whether it works as expected. cd /home/tech/gitea docker-compose start
To be able to install plugins, I added the following lines to the config.php (in this repository):
// Enable/disable plugin installation from the user interface: define('PLUGIN_INSTALLER', true); // Default is true
Then I could install the following 3 plugins through the web interface:
I also wanted to install the GitHub frontend plugin, but it isn't maintained anymore and not available from the web installer.