ansible-edda/playbooks/roles/services/deploy/lrproxy/tasks/main.yml

148 lines
5.4 KiB
YAML
Raw Normal View History

2022-12-18 23:43:40 +01:00
---
2022-12-16 21:23:24 +01:00
- name: "set the user variables"
ansible.builtin.import_role:
2022-12-18 19:36:21 +01:00
name: "services/include"
2022-12-16 21:23:24 +01:00
vars_from: "user"
2022-12-16 23:42:57 +01:00
- name: "set the version variables"
ansible.builtin.import_role:
2022-12-18 19:36:21 +01:00
name: "services/deploy/include"
2022-12-16 23:42:57 +01:00
vars_from: "versions"
2022-12-16 21:23:24 +01:00
- name: "set the rproxy variables"
2022-12-16 21:49:50 +01:00
ansible.builtin.include_vars:
file: "nginx.yml"
2022-12-16 21:23:24 +01:00
- block:
- name: "create nginx conf.d"
ansible.builtin.file:
2022-12-18 23:43:40 +01:00
path: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
2022-12-16 21:23:24 +01:00
state: "directory"
mode: 0755
- name: "configure reverse proxy nginx"
ansible.builtin.copy:
2022-12-16 23:27:09 +01:00
src: "./config/{{ item }}"
2022-12-16 21:23:24 +01:00
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
mode: 0644
loop: "{{ services_rproxy_nginx_conf_d_files }}"
register: services_deploy_lrproxy_config_files
- name: "configure systemd service"
ansible.builtin.template:
2022-12-18 23:00:28 +01:00
src: "./systemd/{{ item }}.j2"
2022-12-16 21:23:24 +01:00
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
2022-12-16 21:23:24 +01:00
loop:
- "pod-lrproxy.service"
- "container-lrproxy-nginx.service"
register: services_deploy_lrproxy_systemd_files
- name: "systemd user daemon reload"
2022-12-16 22:16:23 +01:00
ansible.builtin.systemd:
2022-12-16 21:23:24 +01:00
daemon_reload: true
scope: "user"
when:
services_deploy_lrproxy_systemd_files.changed
- name: "generate diffie hellman ephemeral parameters"
2022-12-18 23:43:40 +01:00
ansible.builtin.command: >-
openssl dhparam
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
4096
2022-12-16 21:23:24 +01:00
args:
2022-12-18 23:43:40 +01:00
creates: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
2022-12-16 21:23:24 +01:00
register: services_deploy_lrproxy_dhparam
2023-02-12 19:37:33 +01:00
- block:
- name: "configure rsync-certificates service"
ansible.builtin.template:
src: "./systemd/{{ item }}.j2"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "rsync-certificates.service"
- "rsync-certificates.timer"
register: services_deploy_lrproxy_rsync_certificates_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_lrproxy_rsync_certificates_files.changed
- name: "enable rsync-certificates timer"
ansible.builtin.systemd:
name: "rsync-certificates.timer"
enabled: true
scope: "user"
register: services_deploy_lrproxy_rsync_certificates_timer
- name: "create the .ssh directory"
ansible.builtin.file:
path: "{{ services_service_user_home }}/.ssh"
state: "directory"
mode: 0700
- name: "generate ssh keypair for rsync"
community.crypto.openssh_keypair:
path: "\
{{ services_service_user_home }}/.ssh/\
{{ services_host_services.lrproxy.rproxy_host }}-\
{{ services_host_services.lrproxy.rproxy_user }}"
type: "ed25519"
register: services_deploy_lrproxy_keypair
- name: "configure public key on {{ services_host_services.lrproxy.rproxy_host }}"
ignore_unreachable: "{{ services_deploy_lrproxy_ignore_unreachable_rproxy }}"
2023-02-12 19:37:33 +01:00
delegate_to: "{{ services_host_services.lrproxy.rproxy_host }}"
become_user: "{{ services_host_services.lrproxy.rproxy_user }}"
ansible.posix.authorized_key:
user: "{{ services_host_services.lrproxy.rproxy_user }}"
state: "present"
key: "{{ services_deploy_lrproxy_keypair.public_key }}"
key_options: "\
command=\"rsync --server --sender -avz . \
{{ hostvars[services_host_services.lrproxy.rproxy_host].services_data_directory }}/\
{{ services_host_services.lrproxy.rproxy_user }}/etc-letsencrypt/\
\",from=\"{{ vpn_wireguard_address }}\",\
no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
when:
services_host_services.lrproxy.rproxy_host is defined
2022-12-16 21:23:24 +01:00
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
2022-12-16 21:23:24 +01:00
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
{{ services_service_user_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_lrproxy_service_active_state
2022-12-16 21:23:24 +01:00
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
2022-12-16 21:23:24 +01:00
when:
(services_deploy_lrproxy_config_files.changed or
services_deploy_lrproxy_systemd_files.changed or
2023-02-12 19:37:33 +01:00
services_deploy_lrproxy_rsync_certificates_files.changed or
2022-12-16 21:23:24 +01:00
services_deploy_lrproxy_rsync_certificates_timer.changed or
services_deploy_lrproxy_dhparam.changed or
services_deploy_lrproxy_keypair.changed) and
services_deploy_lrproxy_service_active_state.stdout == "active"
2022-12-16 21:23:24 +01:00
become_user: "{{ services_service_user_name }}"