[meta] babybuddy

ansible/playbooks/babybuddy/babybuddy.nginx

@@ -0,0 +1,36 @@
+server {
+    server_name {{ babybuddy_domain }};
+
+    listen 80;
+    listen [::]:80;
+
+    location / {
+      return https://$server_name$request_uri;
+    }
+}
+
+
+server {
+    server_name {{ babybuddy_domain }};
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_trusted_certificate   /etc/letsencrypt/live/{{ babybuddy_domain }}/chain.pem;
+    ssl_certificate           /etc/letsencrypt/live/{{ babybuddy_domain }}/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/{{ babybuddy_domain }}/privkey.pem;
+
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+    }
+}

ansible/playbooks/babybuddy/main.yml

@@ -0,0 +1,40 @@
+---
+- hosts: babybuddy
+  tasks:
+
+  - file:
+      path: /usr/share/babybuddy
+      state: directory
+
+  - docker_compose:
+      project_name: babybuddy
+      definition:
+        version: "2.1"
+        services:
+          babybuddy:
+            image: ghcr.io/linuxserver/babybuddy
+            container_name: babybuddy
+            environment:
+              - TZ=America/Los_Angeles
+            volumes:
+              - /usr/share/babybuddy:/config
+            ports:
+              - 8000:8000
+            restart: unless-stopped
+
+  - template:
+      src: babybuddy.nginx
+      dest: /etc/nginx/sites-available/babybuddy.conf
+    notify: Restart nginx
+  - file:
+      src: /etc/nginx/sites-available/babybuddy.conf
+      dest: /etc/nginx/sites-enabled/babybuddy.conf
+      state: link
+    notify: Restart nginx
+
+  handlers:
+
+    - name: Restart nginx
+      service:
+        name: nginx
+        state: restarted

ansible/playbooks/docker.yml

@@ -0,0 +1,48 @@
+# https://docs.docker.com/engine/install/debian/
+
+- hosts: docker
+  tasks:
+
+  - name: install dependencies
+    apt:
+      name:
+        - apt-transport-https
+        - ca-certificates
+        - curl
+        - gnupg-agent
+        - software-properties-common
+
+        # Needed for Ansible
+        - docker-compose
+        - python3-pip
+      state: present
+
+  - name: install python docker packages
+    pip:
+      name:
+        - docker
+        - docker-compose
+      state: latest
+
+  - name: add docker gpg key
+    apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+      state: present
+
+  - name: get docker release
+    command: lsb_release -cs
+    register: lsb_release
+
+  - name: add docker apt repo
+    apt_repository:
+      repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ lsb_release.stdout | trim}} stable
+      state: present
+
+  - name: install docker engine
+    apt:
+      update_cache: true
+      name:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+      state: present

ansible/ramble-hard.yml

@@ -0,0 +1,13 @@
+---
+- hosts: ramble-hard
+  tasks:
+
+  - name: add ssh keys
+    authorized_key:
+      user: root
+      key: https://github.com/kejadlen.keys
+
+- import_playbook: playbooks/docker.yml
+- import_playbook: playbooks/lets_encrypt/main.yml
+- import_playbook: playbooks/babybuddy/main.yml
+- import_playbook: playbooks/pixelfed/install.yml