kanban and silverbullet

author: Elizabeth Hunt <me@liz.coffee> 2025-04-06 11:29:24 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-04-06 11:29:24 -0700
commit: b7e54ba5fa27ed77d00b146547653508d9952812 (patch)
tree: fb95569994eee86f3acba745bf5c7039d151ed1e
parent: 5c341236ccc69cced155d84b3e227a5c7a1f34d1 (diff)
download: infra-b7e54ba5fa27ed77d00b146547653508d9952812.tar.gz
infra-b7e54ba5fa27ed77d00b146547653508d9952812.zip
9 files changed, 87 insertions, 0 deletions
diff --git a/group_vars/silverbullet.yml b/group_vars/silverbullet.yml
new file mode 100644
index 0000000..d24cb47
--- /dev/null
+++ b/group_vars/silverbullet.yml
@@ -0,0 +1,4 @@
+---
+
+silverbullet_base: "{{ swarm_base }}/silverbullet"
+silverbullet_domain: "notes.{{ domain }}"
diff --git a/inventory b/inventory
index ce96e4d..b55db99 100644
--- a/inventory
+++ b/inventory
@@ -46,3 +46,6 @@ swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh a
 
 [kanboard]
 swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
+
+[silverbullet]
+swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/kanban.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/kanban.conf
new file mode 100644
index 0000000..b668310
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/kanban.conf
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name kanban.liz.coffee;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/notes.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/notes.conf
new file mode 100644
index 0000000..f7937dd
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/notes.conf
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name notes.liz.coffee;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/playbooks/roles/silverbullet/tasks/main.yml b/playbooks/roles/silverbullet/tasks/main.yml
new file mode 100644
index 0000000..2b66f61
--- /dev/null
+++ b/playbooks/roles/silverbullet/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Build silverbullet compose dirs
+  ansible.builtin.file:
+    state: directory
+    dest: '{{ silverbullet_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'directory'
+
+- name: Build silverbullet compose files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ silverbullet_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'file'
+
+- name: Deploy silverbullet stack
+  ansible.builtin.command:
+    cmd: "docker stack deploy -c {{ silverbullet_base }}/stacks/docker-compose.yml silverbullet"
diff --git a/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml b/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..21fe0ff
--- /dev/null
+++ b/playbooks/roles/silverbullet/templates/stacks/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3.2'
+
+services:
+  silverbullet:
+    image: ghcr.io/silverbulletmd/silverbullet
+    restart: unless-stopped
+    environment:
+    - SB_USER={{ silverbullet_password }}
+    volumes:
+      - {{ silverbullet_base }}/volumes/data:/space
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.silverbullet.tls=true
+        - traefik.http.routers.silverbullet.tls.certResolver=letsencrypt
+        - traefik.http.routers.silverbullet.rule=Host(`{{ silverbullet_domain }}`)
+        - traefik.http.routers.silverbullet.entrypoints=websecure
+        - traefik.http.services.silverbullet.loadbalancer.server.port=3000
+
+networks:
+  proxy:
+    external: true
diff --git a/playbooks/roles/silverbullet/templates/volumes/data/.gitkeep b/playbooks/roles/silverbullet/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/silverbullet/templates/volumes/data/.gitkeep
diff --git a/playbooks/silverbullet.yml b/playbooks/silverbullet.yml
new file mode 100644
index 0000000..fbf0007
--- /dev/null
+++ b/playbooks/silverbullet.yml
@@ -0,0 +1,7 @@
+---
+
+- name: SilverBullet setup
+  hosts: silverbullet
+  become: true
+  roles:
+    - silverbullet
diff --git a/secrets.txt b/secrets.txt
index 2f5e99f..f070218 100644
--- a/secrets.txt
+++ b/secrets.txt
@@ -8,3 +8,4 @@ pihole_webpwd
 headscale_oidc_secret
 headscale_user_auth_key
 kanboard_ldap_password
+silverbullet_password
author	Elizabeth Hunt <me@liz.coffee>	2025-04-06 11:29:24 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-04-06 11:29:24 -0700
commit	b7e54ba5fa27ed77d00b146547653508d9952812 (patch)
tree	fb95569994eee86f3acba745bf5c7039d151ed1e
parent	5c341236ccc69cced155d84b3e227a5c7a1f34d1 (diff)
download	infra-b7e54ba5fa27ed77d00b146547653508d9952812.tar.gz infra-b7e54ba5fa27ed77d00b146547653508d9952812.zip