From 5db9f9f254c42eecf21a1197825498210a1b5dfe Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 19 Aug 2023 11:28:31 +0200
Subject: [PATCH] add kitchenowl stack

---
 ansible/inventory/group_vars/all.yml         |  2 +
 ansible/playbooks/stacks.yml                 |  1 +
 ansible/roles/kitchenowl/docker-stack.yml.j2 | 45 ++++++++++++++++++++
 ansible/roles/kitchenowl/tasks/main.yml      |  5 +++
 ansible/roles/kitchenowl/vars/main.yml       |  7 +++
 5 files changed, 60 insertions(+)
 create mode 100644 ansible/roles/kitchenowl/docker-stack.yml.j2
 create mode 100644 ansible/roles/kitchenowl/tasks/main.yml
 create mode 100644 ansible/roles/kitchenowl/vars/main.yml

diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml
index edaf58b..4d994f0 100644
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@@ -45,6 +45,8 @@ nfs_shares:
     path: /mnt/data/elasticsearch/data
   - name: grafana_data
     path: /mnt/data/grafana/data
+  - name: kitchenowl_data
+    path: /mnt/data/kitchenowl/data
 
 database_passwords:
   nextcloud: !vault |
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index 770cd12..2c1b813 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -19,3 +19,4 @@
     - {role: nextcloud, tags: nextcloud}
     - {role: syncthing, tags: syncthing}
     - {role: monitoring, tags: monitoring}
+    - {role: kitchenowl, tags: kitchenowl}
diff --git a/ansible/roles/kitchenowl/docker-stack.yml.j2 b/ansible/roles/kitchenowl/docker-stack.yml.j2
new file mode 100644
index 0000000..a4117ba
--- /dev/null
+++ b/ansible/roles/kitchenowl/docker-stack.yml.j2
@@ -0,0 +1,45 @@
+# vi: ft=yaml
+version: '3.7'
+
+networks:
+  traefik:
+    external: true
+  kitchenowl:
+
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/kitchenowl/data"
+
+services:
+  front:
+    image: tombursch/kitchenowl-web:v0.4.8
+    depends_on:
+      - back
+    networks:
+      - traefik
+      - kitchenowl
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.kitchenowl.entrypoints=websecure
+        - traefik.http.routers.kitchenowl.rule=Host(`boodschappen.kun.is`)
+        - traefik.http.routers.kitchenowl.tls=true
+        - traefik.http.routers.kitchenowl.tls.certresolver=letsencrypt
+        - traefik.http.routers.kitchenowl.service=kitchenowl
+        - traefik.http.services.kitchenowl.loadbalancer.server.port=80
+        - traefik.docker.network=traefik
+  back:
+    image: tombursch/kitchenowl:v75
+    networks:
+      - kitchenowl
+    environment:
+      - JWT_SECRET_KEY={{ jwt_secret_key }}
+    volumes:
+      - type: volume
+        source: data
+        target: /data
+        volume:
+          nocopy: true
diff --git a/ansible/roles/kitchenowl/tasks/main.yml b/ansible/roles/kitchenowl/tasks/main.yml
new file mode 100644
index 0000000..67a45e9
--- /dev/null
+++ b/ansible/roles/kitchenowl/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Deploy Docker stack
+  docker_stack:
+    name: kitchenowl
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
diff --git a/ansible/roles/kitchenowl/vars/main.yml b/ansible/roles/kitchenowl/vars/main.yml
new file mode 100644
index 0000000..4317036
--- /dev/null
+++ b/ansible/roles/kitchenowl/vars/main.yml
@@ -0,0 +1,7 @@
+jwt_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  37376338663532376135613331303737626633666138643132316336306164393134633639303865
+  3134613830323335663466373262316262353464323535300a636163633439323035643033623363
+  36316361656133663235333834343233363134313938656664356538366166653336656562623664
+  3332393330616636630a646139393937313932373963623764346134323635336539346562346635
+  36613637396133383664323561666464346336386233363434653765356334633831