Deploy baby-buddy

2024-11-16 17:36:57 +00:00 · 2024-11-16 17:36:57 +00:00 · e1ee73e0fa
commit e1ee73e0fa
parent b48f31cc86
6 changed files with 77 additions and 0 deletions
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -70,6 +70,7 @@
    - authentik
    - minio
    - ntfy
+    - baby_buddy

 - hosts: ingress
  roles:
--- a/ansible/roles/baby_buddy/files/docker-compose.yml
+++ b/ansible/roles/baby_buddy/files/docker-compose.yml
@ -0,0 +1,38 @@
+services:
+  baby-buddy:
+    image: lscr.io/linuxserver/babybuddy:latest
+    restart: unless-stopped
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ={{ timezone }}
+      - DATABASE_URL=postgres://baby-buddy:baby-buddy@db/baby-buddy
+      - ALLOWED_HOSTS=baby-buddy.jakehoward.tech
+      - CSRF_COOKIE_SECURE=True
+      - SECRET_KEY={{ vault_secret_key }}
+      - SECURE_PROXY_SSL_HEADER=True
+      - SESSION_COOKIE_SECURE=True
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.baby-buddy.rule=Host(`baby-buddy.jakehoward.tech`)
+      - traefik.http.routers.baby-buddy.middlewares=tailscale-only@file
+    volumes:
+      - "{{ app_data_dir }}/baby-buddy:/config"
+    depends_on:
+      - db
+    networks:
+      - default
+      - traefik
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/postgres/baby-buddy:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=baby-buddy
+      - POSTGRES_USER=baby-buddy
+
+networks:
+  traefik:
+    external: true
--- a/ansible/roles/baby_buddy/handlers/main.yml
+++ b/ansible/roles/baby_buddy/handlers/main.yml
@ -0,0 +1,4 @@
+- name: restart baby-buddy
+  shell:
+    chdir: /opt/baby-buddy
+    cmd: "{{ docker_update_command }}"
--- a/ansible/roles/baby_buddy/tasks/main.yml
+++ b/ansible/roles/baby_buddy/tasks/main.yml
@ -0,0 +1,18 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/baby-buddy
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/baby-buddy/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart baby-buddy
--- a/ansible/roles/baby_buddy/vars/vault.yml
+++ b/ansible/roles/baby_buddy/vars/vault.yml
@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+31663462633839636531393633633938376534316230626362353733653862623964626232333265
+3733313066313639363131353963373431363761383537300a613662393631623832613537363034
+30623931653839636361646231386465383333343535646436656565663137303166366533353866
+3634643437303034330a646236353831363638633835666239383430636532396466623461303535
+31383238633430393935653366646666303066316232643733366264353034626461613038323834
+35383961316663356136363562646636313133346438343965383931353336643434303938373766
+303432363965616134613933643635626565
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@ -269,6 +269,14 @@ resource "cloudflare_record" "jakehowardtech_uptime" {
  ttl     = 1
 }

+resource "cloudflare_record" "jakehowardtech_baby-buddy" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "baby-buddy"
+  value   = cloudflare_record.sys_domain_pve_private.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "@"