Deploy baby-buddy

ansible/main.yml

@@ -70,6 +70,7 @@
     - authentik
     - minio
     - ntfy
+    - baby_buddy
 
 - hosts: ingress
   roles:

ansible/roles/baby_buddy/files/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  baby-buddy:
+    image: lscr.io/linuxserver/babybuddy:latest
+    restart: unless-stopped
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ={{ timezone }}
+      - DATABASE_URL=postgres://baby-buddy:baby-buddy@db/baby-buddy
+      - ALLOWED_HOSTS=baby-buddy.jakehoward.tech
+      - CSRF_COOKIE_SECURE=True
+      - SECRET_KEY={{ vault_secret_key }}
+      - SECURE_PROXY_SSL_HEADER=True
+      - SESSION_COOKIE_SECURE=True
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.baby-buddy.rule=Host(`baby-buddy.jakehoward.tech`)
+      - traefik.http.routers.baby-buddy.middlewares=tailscale-only@file
+    volumes:
+      - "{{ app_data_dir }}/baby-buddy:/config"
+    depends_on:
+      - db
+    networks:
+      - default
+      - traefik
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/postgres/baby-buddy:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=baby-buddy
+      - POSTGRES_USER=baby-buddy
+
+networks:
+  traefik:
+    external: true

ansible/roles/baby_buddy/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart baby-buddy
+  shell:
+    chdir: /opt/baby-buddy
+    cmd: "{{ docker_update_command }}"

ansible/roles/baby_buddy/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/baby-buddy
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/baby-buddy/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart baby-buddy

ansible/roles/baby_buddy/vars/vault.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+31663462633839636531393633633938376534316230626362353733653862623964626232333265
+3733313066313639363131353963373431363761383537300a613662393631623832613537363034
+30623931653839636361646231386465383333343535646436656565663137303166366533353866
+3634643437303034330a646236353831363638633835666239383430636532396466623461303535
+31383238633430393935653366646666303066316232643733366264353034626461613038323834
+35383961316663356136363562646636313133346438343965383931353336643434303938373766
+303432363965616134613933643635626565

terraform/jakehoward.tech.tf

@@ -269,6 +269,14 @@ resource "cloudflare_record" "jakehowardtech_uptime" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "jakehowardtech_baby-buddy" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "baby-buddy"
+  value   = cloudflare_record.sys_domain_pve_private.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "@"