feat: add Grocy kitchen ERP service

- Add grocy subdomain to domains.yml - Create Docker Compose template using LinuxServer image - Add Ansible task for service deployment - Configure Caddy reverse proxy with Authentik auth and API bypass - Add DNS record for grocy subdomain - Integrate with productivity services category 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-28 08:47:28 -06:00
parent a2ae9e5ff6
commit f71ded1a01
6 changed files with 76 additions and 1 deletions
--- a/dns.yml
+++ b/dns.yml
@@ -55,6 +55,8 @@
            ip: "152.53.36.98"
          - name: kanboard
            ip: "152.53.36.98"
+          - name: grocy
+            ip: "152.53.36.98"
      - name: nerder.land
        dns_records:
          - name: "forms"
--- a/group_vars/all/domains.yml
+++ b/group_vars/all/domains.yml
@@ -33,6 +33,7 @@ subdomains:
  gotify: "gotify.{{ primary_domain }}"  # Gotify notifications
  gotify_assistant: "gotify-assistant.{{ primary_domain }}"  # iGotify iOS assistant
  kanboard: "kanboard.{{ primary_domain }}"  # Kanboard project management
+  grocy: "grocy.{{ primary_domain }}"  # Grocy kitchen ERP

 # Email domains for notifications
 email_domains:
--- a/roles/docker/files/Caddyfile
+++ b/roles/docker/files/Caddyfile
@@ -44,6 +44,26 @@ kanboard.thesatelliteoflove.com {
    reverse_proxy kanboard:80
 }

+grocy.thesatelliteoflove.com {
+    # API endpoints bypass forward auth for mobile apps
+    handle /api/* {
+        reverse_proxy grocy:80
+    }
+    
+    # Web interface requires Authentik authentication
+    forward_auth authentik-server-1:9000 {
+        uri /outpost.goauthentik.io/auth/caddy
+        copy_headers {
+            X-authentik-username
+            X-authentik-groups  
+            X-authentik-email
+            X-authentik-name
+            X-authentik-uid
+        }
+    }
+    reverse_proxy grocy:80
+}
+
 phlog.thesatelliteoflove.com {
    reverse_proxy ghost-1-ghost-1:2368
 }
--- a/roles/docker/tasks/productivity/grocy.yml
+++ b/roles/docker/tasks/productivity/grocy.yml
@@ -0,0 +1,18 @@
+---
+- name: Create grocy directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/grocy
+
+- name: Template grocy compose file
+  ansible.builtin.template:
+    src: grocy-compose.yml.j2
+    dest: /opt/stacks/grocy/compose.yml
+
+- name: Deploy grocy stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/grocy
+    files:
+      - compose.yml
--- a/roles/docker/tasks/productivity/main.yml
+++ b/roles/docker/tasks/productivity/main.yml
@@ -36,3 +36,7 @@
 - name: Install kanboard
  import_tasks: kanboard.yml
  tags: kanboard
+
+- name: Install grocy
+  import_tasks: grocy.yml
+  tags: grocy
--- a/roles/docker/templates/grocy-compose.yml.j2
+++ b/roles/docker/templates/grocy-compose.yml.j2
@@ -0,0 +1,30 @@
+services:
+  grocy:
+    image: lscr.io/linuxserver/grocy:latest
+    container_name: grocy
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Denver
+    volumes:
+      - ./config:/config
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+    labels:
+      glance.name: Grocy
+      glance.icon: si:grocyapp
+      glance.url: https://{{ subdomains.grocy }}/
+      glance.description: Kitchen ERP and inventory management
+      glance.id: grocy
+      mag37.dockcheck.update: true
+
+volumes:
+  grocy_config:
+    driver: local
+
+networks:
+  default:
+    external: true
+    name: {{ docker.network_name }}