diff --git a/ansible/main.yml b/ansible/main.yml index 86d183a..92e6127 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -70,6 +70,7 @@ - authentik - minio - ntfy + - baby_buddy - hosts: ingress roles: diff --git a/ansible/roles/baby_buddy/files/docker-compose.yml b/ansible/roles/baby_buddy/files/docker-compose.yml new file mode 100644 index 0000000..3a09283 --- /dev/null +++ b/ansible/roles/baby_buddy/files/docker-compose.yml @@ -0,0 +1,38 @@ +services: + baby-buddy: + image: lscr.io/linuxserver/babybuddy:latest + restart: unless-stopped + environment: + - PUID={{ docker_user.id }} + - PGID={{ docker_user.id }} + - TZ={{ timezone }} + - DATABASE_URL=postgres://baby-buddy:baby-buddy@db/baby-buddy + - ALLOWED_HOSTS=baby-buddy.jakehoward.tech + - CSRF_COOKIE_SECURE=True + - SECRET_KEY={{ vault_secret_key }} + - SECURE_PROXY_SSL_HEADER=True + - SESSION_COOKIE_SECURE=True + labels: + - traefik.enable=true + - traefik.http.routers.baby-buddy.rule=Host(`baby-buddy.jakehoward.tech`) + - traefik.http.routers.baby-buddy.middlewares=tailscale-only@file + volumes: + - "{{ app_data_dir }}/baby-buddy:/config" + depends_on: + - db + networks: + - default + - traefik + + db: + image: postgres:14-alpine + restart: unless-stopped + volumes: + - /mnt/speed/dbs/postgres/baby-buddy:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=baby-buddy + - POSTGRES_USER=baby-buddy + +networks: + traefik: + external: true diff --git a/ansible/roles/baby_buddy/handlers/main.yml b/ansible/roles/baby_buddy/handlers/main.yml new file mode 100644 index 0000000..118372f --- /dev/null +++ b/ansible/roles/baby_buddy/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart baby-buddy + shell: + chdir: /opt/baby-buddy + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/baby_buddy/tasks/main.yml b/ansible/roles/baby_buddy/tasks/main.yml new file mode 100644 index 0000000..7c85ba0 --- /dev/null +++ b/ansible/roles/baby_buddy/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/baby-buddy + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/baby-buddy/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart baby-buddy diff --git a/ansible/roles/baby_buddy/vars/vault.yml b/ansible/roles/baby_buddy/vars/vault.yml new file mode 100644 index 0000000..04eabd8 --- /dev/null +++ b/ansible/roles/baby_buddy/vars/vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +31663462633839636531393633633938376534316230626362353733653862623964626232333265 +3733313066313639363131353963373431363761383537300a613662393631623832613537363034 +30623931653839636361646231386465383333343535646436656565663137303166366533353866 +3634643437303034330a646236353831363638633835666239383430636532396466623461303535 +31383238633430393935653366646666303066316232643733366264353034626461613038323834 +35383961316663356136363562646636313133346438343965383931353336643434303938373766 +303432363965616134613933643635626565 diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index f2196d0..92a8b63 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -269,6 +269,14 @@ resource "cloudflare_record" "jakehowardtech_uptime" { ttl = 1 } +resource "cloudflare_record" "jakehowardtech_baby-buddy" { + zone_id = cloudflare_zone.jakehowardtech.id + name = "baby-buddy" + value = cloudflare_record.sys_domain_pve_private.hostname + type = "CNAME" + ttl = 1 +} + resource "cloudflare_record" "jakehowardtech_caa" { zone_id = cloudflare_zone.jakehowardtech.id name = "@"