[role] add kitchenowl

roles/kitchenowl/README.md

@@ -0,0 +1,39 @@
+# Ansible Kitchenowl deployment with docker
+
+## Introduction
+
+KitchenOwl is a smart self-hosted grocery list and recipe manager. Easily add items to your shopping list before you go shopping. You can also create recipes and get suggestions on what you want to cook. Track your expenses so you know how much you've spent.
+
+- Native Mobile/Web/Desktop apps with a great design
+- Add items to your shopping list and sync them in real-time with multiple users
+- Partial offline support, so you don't lose track of what to buy even when there is no signal
+- Manage recipes and add them to your shopping list
+- Share recipes with friends and family
+- Create a meal plan to always know what you'll be eating
+- Manage balances and track expenses of your household
+
+Checkout more: https://github.com/tombursch/kitchenowl
+
+## Why docker
+
+Whilst I try to refrain from using docker, especially together with ansible, it is the recommended way of installation: https://docs.kitchenowl.org/latest/self-hosting/ .
+
+One could also decide to build from source, but I fear that the chance of brakage is higher than just using docker.
+
+### Notice
+
+This role does not care about creating a rootless docker installation and should primarily used inside a vm.
+
+Checkout https://docs.docker.com/engine/security/rootless/ or https://wiki.archlinux.org/title/Docker#Rootless_Docker_daemon for more information on rootless docker.
+
+## Variables
+
+See [defaults](./defaults/main.yml) for needed variables.
+
+### OIDC
+
+OIDC can be used as decribed in https://docs.kitchenowl.org/latest/self-hosting/oidc/ by enabling `kitchenowl_oidc` and using the respected variables.
+
+### Secrets
+
+Please use secrets as described in [README#Secrets](../../README.md#secrets)

roles/kitchenowl/defaults/main.yml

@@ -0,0 +1,10 @@
+kitchenowl_dockertag: "latest"
+kitchenowl_port: "80"
+kitchenowl_path: "/opt/kitchenowl"
+kitchenowl_jwt_secret: USESECRET
+kitchenowl_oidc:
+  enabled: false
+  front_url: <URL>
+  oidc_issuer: <URL>
+  oidc_client_id: <ID>
+  oidc_client_secret: <SECRET>

roles/kitchenowl/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: docker compose down
+  community.docker.docker_compose_v2:
+    project_src: "{{ kitchenowl_path }}"
+    state: absent
+
+- name: docker compose up
+  community.docker.docker_compose_v2:
+    project_src: "{{ kitchenowl_path }}"
+
+- name: docker compose stop
+  community.docker.docker_compose_v2:
+    project_src: "{{ kitchenowl_path }}"
+    state: stopped
+
+- name: docker compose restart
+  community.docker.docker_compose_v2:
+    project_src: "{{ kitchenowl_path }}"
+    state: restarted

roles/kitchenowl/tasks/main.yml

@@ -0,0 +1,41 @@
+- name: Install latest docker & docker-compose package
+  ansible.builtin.package:
+    name:
+      - docker
+      - docker-compose
+    state: present
+
+- name: Start and enable docker service
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true
+
+- name: Ensure kitchenowl directory exists
+  ansible.builtin.file:
+    path: "{{ kitchenowl_path }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Ensure latest kitchenowl image pulled
+  community.docker.docker_compose_v2_pull:
+    project_src: "{{ kitchenowl_path }}"
+  notify:
+    - docker compose down
+    - docker compose up
+
+- name: Ensure kitchenowl docker-compose.yaml
+  ansible.builtin.template:
+    src: docker-compose.j2
+    dest: "{{ kitchenowl_path }}/docker-compose.yml"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: docker compose up
+  register: output
+
+- name: Show results
+  ansible.builtin.debug:
+    var: output

roles/kitchenowl/templates/docker-compose.j2

@@ -0,0 +1,24 @@
+services:
+  front:
+    image: tombursch/kitchenowl-web:{{ kitchenowl_dockertag }}
+    restart: unless-stopped
+    ports:
+      - "{{ kitchenowl_port }}:80"
+    depends_on:
+      - back
+  back:
+    image: tombursch/kitchenowl-backend:{{ kitchenowl_dockertag }}
+    restart: unless-stopped
+    environment:
+      - JWT_SECRET_KEY={{ kitchenowl_jwt }}
+      {% if kitchenowl_oidc['enabled'] %}
+      - FRONT_URL={{ kitchenowl_oidc['front_url'] }}
+      - OIDC_ISSUER={{ kitchenowl_oidc['oidc_issuer'] }}
+      - OIDC_CLIENT_ID={{ kitchenowl_oidc['oidc_client_id'] }}
+      - OIDC_CLIENT_SECRET: {{ kitchenowl_oidc['oidc_client_secret'] }}
+      {% endif %}
+    volumes:
+      - kitchenowl_data:/data
+
+volumes:
+  kitchenowl_data: