ansible-edda/playbooks/roles/services/deploy/rproxy/tasks/main.yml

---
- name: "{{ services_service_name }} : set the user variables"
  ansible.builtin.import_role:
    name: "services/include"
    vars_from: "user"

- name: "{{ services_service_name }} : set the rproxy variables"
  ansible.builtin.include_vars:
    file: "nginx.yml"

- block:

    - name: "{{ services_service_name }} : create nginx conf.d"
      ansible.builtin.file:
        path: "\
          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
        state: "directory"
        mode: 0755

    - name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
      ansible.builtin.copy:
        src: "./config/nginx.conf"
        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
        mode: 0644
      register: services_deploy_rproxy_generic_config

    - name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
      ansible.builtin.copy:
        src: "{{ services_deploy_rproxy_nginx_stream_config }}"
        dest: "\
          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"
        mode: 0644
      register: services_deploy_rproxy_stream_config

    - name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: "\
          {{ services_service_user_home }}/.config/\
          {{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}"
        mode: 0644
      loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
      register: services_deploy_rproxy_subdomain_config_files

    - name: "{{ services_service_name }} : configure systemd service"
      ansible.builtin.template:
        src: "./systemd/{{ item }}"
        dest: "\
          {{ services_service_user_home }}/.config/systemd/user/\
          {{ item | replace('rproxy', services_service_name) }}"
        mode: 0600
      loop:
        - "pod-rproxy.service"
        - "container-rproxy-nginx.service"
        - "container-rproxy-certbot.service"
        - "container-rproxy-certbot.timer"
      register: services_deploy_rproxy_systemd_files

    - name: "{{ services_service_name }} : systemd user daemon reload"
      ansible.builtin.systemd:
        daemon_reload: true
        scope: "user"
      when:
        services_deploy_rproxy_systemd_files.changed

    - name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"
      ansible.builtin.systemd:
        name: "container-{{ services_service_name }}-certbot.timer"
        enabled: true
        scope: "user"
      register: services_deploy_rproxy_certbot_timer

    - name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
      ansible.builtin.command: >-
        openssl dhparam
        --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
        4096
      args:
        creates: "\
          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
      register: services_deploy_rproxy_dhparam

    - name: "{{ services_service_name }} : get uid"
      ansible.builtin.getent:
        database: "passwd"
        key: "{{ services_service_user_name }}"

    - name: "{{ services_service_name }} : get service status"
      ansible.builtin.command: >-
        systemctl --user show --property ActiveState --value
        {{ services_service_user_name }}.service
      environment:
        XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
      changed_when: false
      register: services_deploy_rproxy_service_active_state

    - name: "{{ services_service_name }} : restart the service"
      ansible.builtin.systemd:
        name: "pod-{{ services_service_name }}.service"
        state: "restarted"
        scope: "user"
      when:
        (services_deploy_rproxy_generic_config.changed or
        services_deploy_rproxy_stream_config.changed or
        services_deploy_rproxy_subdomain_config_files.changed or
        services_deploy_rproxy_systemd_files.changed or
        services_deploy_rproxy_certbot_timer.changed or
        services_deploy_rproxy_dhparam.changed) and
        services_deploy_rproxy_service_active_state.stdout == "active"

  become_user: "{{ services_service_user_name }}"
Introduce yamllint 2022-12-18 23:43:40 +01:00			`---`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : set the user variables"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.import_role:`
Merge subdirectories 2022-12-18 19:36:21 +01:00			`name: "services/include"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`vars_from: "user"`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : set the rproxy variables"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.include_vars:`
			`file: "nginx.yml"`

			`- block:`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : create nginx conf.d"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.file:`
Introduce yamllint 2022-12-18 23:43:40 +01:00			`path: "\`
			`{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`state: "directory"`
			`mode: 0755`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : generic nginx reverse proxy configuration"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.copy:`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`src: "./config/nginx.conf"`
			`dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`mode: 0644`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`register: services_deploy_rproxy_generic_config`

			`- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"`
			`ansible.builtin.copy:`
			`src: "{{ services_deploy_rproxy_nginx_stream_config }}"`
			`dest: "\`
			`{{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"`
			`mode: 0644`
			`register: services_deploy_rproxy_stream_config`

			`- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"`
			`ansible.builtin.copy:`
			`src: "{{ item }}"`
			`dest: "\`
			`{{ services_service_user_home }}/.config/\`
			`{{ services_service_user_name }}/nginx-conf.d/{{ item \| basename }}"`
			`mode: 0644`
			`loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"`
			`register: services_deploy_rproxy_subdomain_config_files`
Port rproxy service 2022-12-16 21:49:50 +01:00
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : configure systemd service"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.template:`
Drop the jinja file extension 2023-07-08 10:04:37 +02:00			`src: "./systemd/{{ item }}"`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`dest: "\`
			`{{ services_service_user_home }}/.config/systemd/user/\`
			`{{ item \| replace('rproxy', services_service_name) }}"`
Change permissions of service systemd files 2022-12-17 00:39:25 +01:00			`mode: 0600`
Port rproxy service 2022-12-16 21:49:50 +01:00			`loop:`
			`- "pod-rproxy.service"`
			`- "container-rproxy-nginx.service"`
			`- "container-rproxy-certbot.service"`
			`- "container-rproxy-certbot.timer"`
			`register: services_deploy_rproxy_systemd_files`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : systemd user daemon reload"`
Port www service 2022-12-16 22:16:23 +01:00			`ansible.builtin.systemd:`
Port rproxy service 2022-12-16 21:49:50 +01:00			`daemon_reload: true`
			`scope: "user"`
			`when:`
			`services_deploy_rproxy_systemd_files.changed`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.systemd:`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`name: "container-{{ services_service_name }}-certbot.timer"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`enabled: true`
			`scope: "user"`
			`register: services_deploy_rproxy_certbot_timer`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"`
Introduce yamllint 2022-12-18 23:43:40 +01:00			`ansible.builtin.command: >-`
			`openssl dhparam`
			`--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem`
			`4096`
Port rproxy service 2022-12-16 21:49:50 +01:00			`args:`
Introduce yamllint 2022-12-18 23:43:40 +01:00			`creates: "\`
			`{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`register: services_deploy_rproxy_dhparam`

Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : get uid"`
Separate service start/stop from main playbook 2023-02-11 16:23:31 +01:00			`ansible.builtin.getent:`
			`database: "passwd"`
			`key: "{{ services_service_user_name }}"`
Port rproxy service 2022-12-16 21:49:50 +01:00
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : get service status"`
Separate service start/stop from main playbook 2023-02-11 16:23:31 +01:00			`ansible.builtin.command: >-`
			`systemctl --user show --property ActiveState --value`
			`{{ services_service_user_name }}.service`
			`environment:`
			`XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"`
			`changed_when: false`
			`register: services_deploy_rproxy_service_active_state`
Port rproxy service 2022-12-16 21:49:50 +01:00
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`- name: "{{ services_service_name }} : restart the service"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`ansible.builtin.systemd:`
			`name: "pod-{{ services_service_name }}.service"`
Change permissions of service systemd files 2022-12-17 00:39:25 +01:00			`state: "restarted"`
			`scope: "user"`
Port rproxy service 2022-12-16 21:49:50 +01:00			`when:`
Unify rproxy and lrproxy 2023-07-17 22:31:05 +02:00			`(services_deploy_rproxy_generic_config.changed or`
			`services_deploy_rproxy_stream_config.changed or`
			`services_deploy_rproxy_subdomain_config_files.changed or`
Port rproxy service 2022-12-16 21:49:50 +01:00			`services_deploy_rproxy_systemd_files.changed or`
			`services_deploy_rproxy_certbot_timer.changed or`
			`services_deploy_rproxy_dhparam.changed) and`
Separate service start/stop from main playbook 2023-02-11 16:23:31 +01:00			`services_deploy_rproxy_service_active_state.stdout == "active"`
Port rproxy service 2022-12-16 21:49:50 +01:00
			`become_user: "{{ services_service_user_name }}"`