From f89b2b4884fa4eb4822c4fbb5e4ef2567faafe3a Mon Sep 17 00:00:00 2001
From: Philipp Rothmann <philipprothmann@posteo.de>
Date: Wed, 13 Jul 2022 14:36:22 +0200
Subject: [PATCH] add config.php

---
 .env.sample     |  2 ++
 abra.sh         |  1 +
 compose.yml     | 45 +++++++++++++++++++++++++++++++++------------
 config.php.tmpl | 14 ++++++++++++++
 4 files changed, 50 insertions(+), 12 deletions(-)
 create mode 100644 abra.sh
 create mode 100644 config.php.tmpl

diff --git a/.env.sample b/.env.sample
index 9ea02c2..37722ee 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,3 +6,5 @@ DOMAIN=kanboard.example.com
 #EXTRA_DOMAINS=', `www.kanboard.example.com`'
 
 LETS_ENCRYPT_ENV=production
+
+SECRET_DB_PASSWORD_VERSION=v1
diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..c06ec69
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export CONFIG_PHP_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 478fea5..21ce886 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,16 +3,19 @@ version: "3.8"
 
 services:
   app:
-    image: kanboard/kanboard:latest
+    image: kanboard/kanboard:v1.2.22
     volumes:
       - kanboard_data:/var/www/app/data
       - kanboard_plugins:/var/www/app/plugins
       - kanboard_ssl:/etc/nginx/ssl
-    environment:
-      DATABASE_URL: mysql://kanboard:kanboard-secret@db/kanboard
+    secrets:
+      - db_password
     networks:
       - proxy
       - internal
+    configs:
+      - source: config_php
+        target: /var/www/app/config.php
     deploy:
       restart_policy:
         condition: on-failure
@@ -35,26 +38,44 @@ services:
       start_period: 1m
 
   db:
-    image: mariadb:latest
-    command: --default-authentication-plugin=mysql_native_password
+    image: postgres:13-alpine
+    secrets:
+      - db_password
     environment:
-      MYSQL_ROOT_PASSWORD: secret
-      MYSQL_DATABASE: kanboard
-      MYSQL_USER: kanboard
-      MYSQL_PASSWORD: kanboard-secret
+      - POSTGRES_DB=kanboard
+      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
+      - POSTGRES_USER=kanboard
     networks:
       - internal
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "kanboard"]
     volumes:
-      - db:/var/lib/mysql
+      - postgres:/var/lib/postgresql/data
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"
 
 networks:
   proxy:
     external: true
   internal:
 
-
 volumes:
   kanboard_data:
   kanboard_plugins:
   kanboard_ssl:
-  db:
+  postgres:
+
+configs:
+  config_php:
+    name: ${STACK_NAME}_config_php_${CONFIG_PHP_VERSION}
+    file: config.php.tmpl
+    template_driver: golang
+
+secrets:
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
diff --git a/config.php.tmpl b/config.php.tmpl
new file mode 100644
index 0000000..6aba588
--- /dev/null
+++ b/config.php.tmpl
@@ -0,0 +1,14 @@
+<?php
+
+defined('ENABLE_URL_REWRITE') or define('ENABLE_URL_REWRITE', true);
+defined('LOG_DRIVER') or define('LOG_DRIVER', 'system');
+
+// Plugins
+define('PLUGIN_INSTALLER', true);
+
+// Database Config
+define('DB_DRIVER', 'postgres');
+define('DB_USERNAME', 'kanboard');
+define('DB_PASSWORD', '{{ secret "db_password" }}');
+define('DB_HOSTNAME', 'db');
+define('DB_NAME', 'kanboard');