blumeops/ansible/roles/miniflux/tasks/main.yml

---
# Miniflux installation and configuration
#
# Prerequisites:
#   - PostgreSQL role has run (creates database, user, and ~/.miniflux-db-password)
#   - 1Password CLI authenticated on control machine
#
# First run:
#   mise run provision-indri -- --tags miniflux -e miniflux_create_admin=1

- name: Install miniflux via homebrew
  community.general.homebrew:
    name: miniflux
    state: present

# === Fetch passwords from 1Password ===
# These are skipped when running full playbook (pre_tasks sets them)
# but run when using --tags miniflux

- name: Fetch miniflux database password from 1Password
  ansible.builtin.command:
    cmd: op --vault {{ miniflux_op_vault }} item get {{ miniflux_op_item }} --fields password --reveal
  delegate_to: localhost
  register: miniflux_db_password_result
  changed_when: false
  no_log: true
  when: miniflux_db_password is not defined

- name: Set database password fact
  ansible.builtin.set_fact:
    miniflux_db_password: "{{ miniflux_db_password_result.stdout }}"
  no_log: true
  when: miniflux_db_password is not defined

- name: Fetch miniflux admin password from 1Password (for first run)
  ansible.builtin.command:
    cmd: op --vault {{ miniflux_op_vault }} item get {{ miniflux_op_item }} --fields admin-password --reveal
  delegate_to: localhost
  register: miniflux_admin_password_result
  changed_when: false
  no_log: true
  when: miniflux_create_admin | int == 1

- name: Set admin password fact
  ansible.builtin.set_fact:
    miniflux_admin_password: "{{ miniflux_admin_password_result.stdout }}"
  no_log: true
  when: miniflux_create_admin | int == 1

# === Deploy configuration ===

- name: Deploy miniflux configuration
  ansible.builtin.template:
    src: miniflux.conf.j2
    dest: "{{ miniflux_config_file }}"
    mode: '0600'
  notify: restart miniflux
  no_log: true

- name: Ensure miniflux service is started
  ansible.builtin.command: brew services start miniflux
  register: brew_start
  changed_when: "'Successfully started' in brew_start.stdout"
  failed_when: false
Add PostgreSQL and Miniflux services to tailnet (#16) ## Summary - Add PostgreSQL 18 as a new service at `pg.tail8d86e.ts.net:5432` - Add Miniflux RSS/Atom feed reader at `feed.tail8d86e.ts.net` - Both services managed via homebrew/brew services - Pulumi ACL tags added (tag:pg, tag:feed) - Alloy log collection configured for both services - Zettelkasten documentation updated ## Manual Setup Required Before running ansible, the following steps are needed on indri: ### 1. Apply Pulumi tags ```bash mise run tailnet-up ``` Then apply tags to indri in Tailscale admin console. ### 2. Create 1Password entries - miniflux PostgreSQL user password - miniflux admin password (for first run) ### 3. Set PostgreSQL user password (after ansible installs postgres) ```bash ssh indri '/opt/homebrew/opt/postgresql@18/bin/psql -c "ALTER USER miniflux PASSWORD '\''your-password'\'';"' ``` ### 4. Create password files on indri ```bash ssh indri 'echo "your-db-password" > ~/.miniflux-db-password && chmod 600 ~/.miniflux-db-password' ssh indri 'echo "your-admin-password" > ~/.miniflux-admin-password && chmod 600 ~/.miniflux-admin-password' ``` ### 5. Create ~/.pgpass for borgmatic ```bash ssh indri 'echo "localhost:5432:miniflux:miniflux:YOUR_PASSWORD" > ~/.pgpass && chmod 600 ~/.pgpass' ``` ### 6. Run ansible with first-run admin creation ```bash mise run provision-indri -- -e miniflux_create_admin=1 ``` ### 7. Update borgmatic config Add to `~/.config/borgmatic/config.yaml` on indri: ```yaml postgresql_databases: - name: miniflux hostname: localhost port: 5432 username: miniflux ``` ### 8. Cleanup after first run ```bash ssh indri 'rm ~/.miniflux-admin-password' ``` ## Test plan - [ ] Run `mise run tailnet-up` and verify Pulumi changes - [ ] Apply tags to indri in Tailscale admin - [ ] Run `mise run provision-indri -- --check --diff` for dry run - [ ] Run `mise run provision-indri -- -e miniflux_create_admin=1` - [ ] Approve services in Tailscale admin - [ ] Verify PostgreSQL: `ssh indri '/opt/homebrew/opt/postgresql@18/bin/pg_isready'` - [ ] Verify Miniflux: `curl https://feed.tail8d86e.ts.net/healthcheck` - [ ] Run `mise run indri-services-check` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/16 2026-01-16 12:30:20 -08:00			`---`
			`# Miniflux installation and configuration`
			`#`
			`# Prerequisites:`
			`# - PostgreSQL role has run (creates database, user, and ~/.miniflux-db-password)`
			`# - 1Password CLI authenticated on control machine`
			`#`
			`# First run:`
			`# mise run provision-indri -- --tags miniflux -e miniflux_create_admin=1`

			`- name: Install miniflux via homebrew`
			`community.general.homebrew:`
			`name: miniflux`
			`state: present`

			`# === Fetch passwords from 1Password ===`
			`# These are skipped when running full playbook (pre_tasks sets them)`
			`# but run when using --tags miniflux`

			`- name: Fetch miniflux database password from 1Password`
			`ansible.builtin.command:`
			`cmd: op --vault {{ miniflux_op_vault }} item get {{ miniflux_op_item }} --fields password --reveal`
			`delegate_to: localhost`
			`register: miniflux_db_password_result`
			`changed_when: false`
			`no_log: true`
			`when: miniflux_db_password is not defined`

			`- name: Set database password fact`
			`ansible.builtin.set_fact:`
			`miniflux_db_password: "{{ miniflux_db_password_result.stdout }}"`
			`no_log: true`
			`when: miniflux_db_password is not defined`

			`- name: Fetch miniflux admin password from 1Password (for first run)`
			`ansible.builtin.command:`
			`cmd: op --vault {{ miniflux_op_vault }} item get {{ miniflux_op_item }} --fields admin-password --reveal`
			`delegate_to: localhost`
			`register: miniflux_admin_password_result`
			`changed_when: false`
			`no_log: true`
			`when: miniflux_create_admin \| int == 1`

			`- name: Set admin password fact`
			`ansible.builtin.set_fact:`
			`miniflux_admin_password: "{{ miniflux_admin_password_result.stdout }}"`
			`no_log: true`
			`when: miniflux_create_admin \| int == 1`

			`# === Deploy configuration ===`

			`- name: Deploy miniflux configuration`
			`ansible.builtin.template:`
			`src: miniflux.conf.j2`
			`dest: "{{ miniflux_config_file }}"`
			`mode: '0600'`
			`notify: restart miniflux`
			`no_log: true`

			`- name: Ensure miniflux service is started`
			`ansible.builtin.command: brew services start miniflux`
			`register: brew_start`
			`changed_when: "'Successfully started' in brew_start.stdout"`
			`failed_when: false`