From d64234c4ef1091ed47d2e55397c865744b9a5097 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Mon, 29 Dec 2025 16:21:30 +0100
Subject: [PATCH] feat(playbooks/snipe_it): add playbook

---
 README.md              |  1 +
 playbooks/snipe_it.md  |  7 ++++++
 playbooks/snipe_it.yml | 56 ++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/snipe_it.md

diff --git a/README.md b/README.md
index 35ffb02..ef7ab84 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ concise area of concern.
 - [`keycloak`](playbooks/keycloak.md)
 - [`gitea`](playbooks/gitea.md)
 - [`phpldapadmin`](playbooks/phpldapadmin.md)
+- [`snipe_it`](playbooks/snipe_it.md)
 - [`vaultwarden`](playbooks/vaultwarden.md)
 
 ## License
diff --git a/playbooks/snipe_it.md b/playbooks/snipe_it.md
new file mode 100644
index 0000000..8b555dd
--- /dev/null
+++ b/playbooks/snipe_it.md
@@ -0,0 +1,7 @@
+# `finallycoffee.services.snipe_it` ansible playbook
+
+## Feature toggles
+
+- `snipe_it_configure_mariadb` (default `true`)
+- `snipe_it_configure_lego_rfc2136` (default `false`)
+- `snipe_it_configure_caddy_reverse_proxy` (default `false`)
diff --git a/playbooks/snipe_it.yml b/playbooks/snipe_it.yml
index 6554bfd..61a7b0c 100644
--- a/playbooks/snipe_it.yml
+++ b/playbooks/snipe_it.yml
@@ -1,6 +1,58 @@
 ---
-- name: Install and configure Snipe-IT
+- import_playbook: finallycoffee.base.lego_certificate
+  when: snipe_it_configure_lego_rfc2136 | default(false)
+  vars:
+    target_domains:
+      - "{{ snipe_it_domain }}"
+    target_acme_zone: "{{ acme_domain }}"
+    target_acme_account_email: "{{ snipe_it_lego_acme_account_email }}"
+    target_dns_server: "{{ dns_server }}"
+    target_dns_tsig_key: "{{ dns_tsig_keydata }}"
+    target_dns_additional_records: "{{ snipe_it_dns_records }}"
+    target_hosts: >-2
+      {{ snipe_it_lego_hosts | default(snipe_it_hosts | default('snipe_it')) }}
+    target_become: >-2
+      {{ snipe_it_lego_become | default(snipe_it_become | default(false)) }}
+    target_gather_facts: >-2
+      {{ snipe_it_lego_gather_facts | default(false) }}
+  tags:
+    - snipe-it
+    - snipe-it-lego
+
+- name: Set up snipe-it, an asset management system
   hosts: "{{ snipe_it_hosts | default('snipe_it') }}"
-  become: "{{ snipe_it_become | default(true, false) }}"
+  become: "{{ snipe_it_become | default(false) }}"
   roles:
+    - role: finallycoffee.databases.mariadb
+      when: snipe_it_configure_mariadb | default(true, true)
+      vars:
+        mariadb_root_password: "{{ snipe_it_builtin_database_root_pass }}"
+        mariadb_database: "{{ snipe_it_config_db_database }}"
+        mariadb_username: "{{ snipe_it_config_db_username }}"
+        mariadb_password: "{{ snipe_it_config_db_password }}"
+        mariadb_container_name: "snipe-it-mysql"
+        mariadb_container_ports: "{{ snipe_it_builtin_database_container_ports }}"
+        mariadb_base_path: "/databases/snipe-it/mariadb"
+      tags:
+        - snipe-it
+        - snipe-it-mariadb
     - role: finallycoffee.services.snipe_it
+      tags:
+        - snipe-it
+
+- import_playbook: finallycoffee.base.caddy_reverse_proxy
+  when: snipe_it_configure_caddy_reverse_proxy | default(false)
+  vars:
+    caddy_site_name: "{{ snipe_it_domain }}"
+    caddy_reverse_proxy_backend_addr: "http://{{ snipe_it_host_bind_addr }}"
+    caddy_reverse_proxy_extra_config: >-2
+      {{ snipe_it_caddy_reverse_proxy_extra_config | default('') }}
+    target_hosts: >-2
+      {{ snipe_it_caddy_hosts | default(snipe_it_hosts | default('snipe_it')) }}
+    target_become: >-2
+      {{ snipe_it_caddy_become | default(snipe_it_become | default(false)) }}
+    target_gather_facts: >-2
+      {{ snipe_it_caddy_gather_facts | default(false) }}
+  tags:
+    - snipe-it
+    - snipe-it-caddy