Add Tandoor service (#169)

* add tandoor service

* changed doc

* Update docs/services/tandoor.md

Fix alignment

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/services/tandoor.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update docs/services/tandoor.md

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update templates/group_vars_mash_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update templates/group_vars_mash_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* resolved notes

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

docs/services/tandoor.md

@@ -0,0 +1,53 @@
+# Tandoor
+
+[Tandoor](https://docs.tandoor.dev/) is a self-hosted recipe manager, that this playbook can install, powered by the [ansible-role-tandoor](https://github.com/IUCCA/ansible-role-tandoor) Ansible role.
+
+
+## Dependencies
+
+This service requires the following other services:
+- a [Postgres](postgres.md) database
+- a [Traefik](traefik.md) reverse-proxy server
+
+
+## Configuration
+
+To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
+
+```yaml
+########################################################################
+#                                                                      #
+# tandoor                                                              #
+#                                                                      #
+########################################################################
+
+tandoor_enabled: true
+
+tandoor_hostname: tandoor.example.com
+
+# path prefix is not supported at the moment
+#tandoor_path_prefix: /tandoor
+
+########################################################################
+#                                                                      #
+# /tandoor                                                             #
+#                                                                      #
+########################################################################
+```
+
+### URL
+
+In the example configuration above, we configure the service to be hosted at `https://tandoor.example.com/`.
+
+### Authentication
+
+On first use (see [Usage](#usage) below), you'll be asked to create the first administrator user.
+
+You can create additional users from the web UI after that.
+
+
+## Usage
+
+After installation, you can go to the Tandoor URL, as defined in `tandoor_hostname` and `tandoor_path_prefix`.
+
+As mentioned in [Authentication](#authentication) above, you'll be asked to create the first administrator user the first time you open the web UI.

docs/supported-services.md

@@ -70,6 +70,7 @@
 | [Ansible Semaphore](https://www.ansible-semaphore.com/) | A responsive web UI for running Ansible playbooks  | [Link](services/semaphore.md) |
 | [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable [Git](https://git-scm.com/) server for the command line | [Link](services/soft-serve.md) |
 | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) |
+| [Tandoor](https://docs.tandoor.dev/) | The recipe manager that allows you to manage your ever growing collection of digital recipes.| [Link](services/tandoor.md)
 | [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/) | An open source server agent to help you collect metrics from your stacks, sensors, and systems. | [Link](services/telegraf.md) |
 | [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) |
 | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) |

templates/group_vars_mash_servers

@@ -537,6 +537,13 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
     {{ ({'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']} if syncthing_enabled else omit) }}
   # /role-specific:syncthing
 
+  # role-specific:tandoor
+  - |-
+    {{ ({'name': (tandoor_api_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'tandoor']} if tandoor_enabled else omit) }}
+  - |-
+    {{ ({'name': (tandoor_frontend_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'tandoor']} if tandoor_enabled else omit) }}
+  # /role-specific:tandoor
+
   # role-specific:telegraf
   - |-
     {{ ({'name': (telegraf_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'telegraf']} if telegraf_enabled else omit) }}
@@ -896,6 +903,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized:
     }}
   # /role-specific:semaphore
 
+  # role-specific:tandoor
+  - |-
+    {{
+      ({
+        'name': tandoor_database_name,
+        'username': tandoor_database_username,
+        'password': tandoor_database_password,
+      } if tandoor_enabled and tandoor_database_hostname == devture_postgres_identifier else omit)
+    }}
+  # /role-specific:tandoor
+
 devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}"
 
 ########################################################################
@@ -2439,6 +2457,16 @@ hubsite_service_syncthing_description: "Sync your files"
 hubsite_service_syncthing_priority: 1000
 # /role-specific:syncthing
 
+# role-specific:tandoor
+# tandoor
+hubsite_service_tandoor_enabled: "{{ tandoor_enabled }}"
+hubsite_service_tandoor_name: tandoor
+hubsite_service_tandoor_url: "https://{{ tandoor_hostname }}{{ tandoor_path_prefix }}"
+hubsite_service_tandoor_logo_location: "{{ role_path }}/assets/tandoor.png"
+hubsite_service_tandoor_description: "The recipe manager that allows you to manage your ever growing collection of digital recipes."
+hubsite_service_tandoor_priority: 1000
+# /role-specific:tandoor
+
 # role-specific:uptime_kuma
 # Uptime Kuma
 hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}"
@@ -2784,6 +2812,19 @@ mash_playbook_hubsite_service_list_auto_itemized:
     }}
   # /role-specific:syncthing
 
+  # role-specific:tandoor
+  - |-
+    {{
+      ({
+        'name': hubsite_service_tandoor_name,
+        'url': hubsite_service_tandoor_url,
+        'logo_location': hubsite_service_tandoor_logo_location,
+        'description': hubsite_service_tandoor_description,
+        'priority': hubsite_service_tandoor_priority,
+      } if hubsite_service_tandoor_enabled else omit)
+    }}
+  # /role-specific:tandoor
+
   # role-specific:vaultwarden
   - |-
     {{
@@ -4490,6 +4531,77 @@ syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certRes
 # /role-specific:syncthing
 
 
+
+
+########################################################################
+#                                                                      #
+# tandoor                                                              #
+#                                                                      #
+########################################################################
+
+tandoor_enabled: false
+
+tandoor_identifier: "{{ mash_playbook_service_identifier_prefix }}tandoor"
+
+tandoor_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}tandoor"
+
+tandoor_uid: "{{ mash_playbook_uid }}"
+tandoor_gid: "{{ mash_playbook_gid }}"
+
+tandoor_systemd_required_services_list_auto: |
+  {{
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier else [])
+  }}
+
+tandoor_systemd_wanted_services_list_auto: |
+  {{
+    ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and tandoor_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay')) else [])
+  }}
+
+tandoor_api_container_additional_networks_auto: |
+  {{
+    (
+      ([devture_postgres_container_network] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier and tandoor_container_network != devture_postgres_container_network else [])
+      +
+      ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and tandoor_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay') and tandoor_container_network != exim_relay_container_network) else [])
+    ) | unique
+  }}
+
+tandoor_frontend_container_additional_networks_auto: |
+  {{
+    ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+  }}
+
+tandoor_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
+tandoor_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
+tandoor_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+tandoor_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+tandoor_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
+tandoor_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
+tandoor_database_username: "tandoor"
+tandoor_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.tandoor', rounds=655555) | to_uuid }}"
+
+tandoor_environment_variable_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.tandoor', rounds=655555) | to_uuid }}"
+
+# role-specific:exim_relay
+tandoor_config_parameter_mail_smtphost: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
+tandoor_config_parameter_mail_smtpport: "{{ 8025 if exim_relay_enabled else '' }}"
+tandoor_config_parameter_mail_smtpsecure: ''
+tandoor_config_parameter_mail_smtpauth: false
+tandoor_config_parameter_mail_from_address: "{{ (exim_relay_sender_address | split('@'))[0] if exim_relay_enabled else '' }}"
+tandoor_config_parameter_mail_domain: "{{ (exim_relay_sender_address | split('@'))[1] if exim_relay_enabled else '' }}"
+# /role-specific:exim_relay
+
+########################################################################
+#                                                                      #
+# /tandoor                                                             #
+#                                                                      #
+########################################################################
+
+
+
+
 # role-specific:telegraf
 ########################################################################
 #                                                                      #

templates/requirements.yml

@@ -320,6 +320,10 @@
   version: v1.0.0-4
   name: systemd_service_manager
   activation_prefix: ""
+- src: git+https://github.com/IUCCA/ansible-role-tandoor.git
+  version: v1.5.14-0
+  name: tandoor
+  activation_prefix: tandoor_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-telegraf.git
   version: v1.27.1-2
   name: telegraf

templates/setup.yml

@@ -338,6 +338,10 @@
     - role: galaxy/syncthing
     # /role-specific:syncthing
 
+    # role-specific:tandoor
+    - role: galaxy/tandoor
+    # /role-specific:tandoor
+
     # role-specific:telegraf
     - role: galaxy/telegraf
     # /role-specific:telegraf