diff --git a/playbooks/02c-services-deploy.yml b/playbooks/02c-services-deploy.yml index 242cb52..c0046e1 100644 --- a/playbooks/02c-services-deploy.yml +++ b/playbooks/02c-services-deploy.yml @@ -2,19 +2,7 @@ - name: "Deploy services" hosts: asgard - vars: - versions: - database: - postgres: "15.0" - cloud: - nextcloud: "25-fpm" - git: - gitea: "1" - notes: - joplin: "2.9-beta" - tasks: - - import_tasks: tasks/services/c-deploy/00-hosts.yml - include_tasks: tasks/services/c-deploy/01-service-deploy.yml with_items: "{{ host_services }}" loop_control: diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/pod-database.template/database.password.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/pod-database.template/database.password.j2 deleted file mode 100644 index cc9d84a..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/pod-database.template/database.password.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].password }} diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.d/database.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.d/database.yml deleted file mode 100644 index cc5b7ac..0000000 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.d/database.yml +++ /dev/null @@ -1,16 +0,0 @@ -- block: - - - name: Create database password - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password" - mode: 0600 - register: database_password_file - - - name: Record changes - set_fact: - service_changed: true - when: - database_password_file is changed - - become_user: "{{ service_user_name }}" diff --git a/plays/services/main.yml b/plays/services/main.yml index 0db8415..460316a 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -87,3 +87,16 @@ vars: services_service_name: "lrproxy" tags: "always" + + - name: "deploy" + ansible.builtin.include_role: + name: "deploy/database" + apply: + tags: + - "services:{{ services_service_name }}" + - "services:deploy" + - "services:deploy:{{ services_service_name }}" + - "services:{{ services_service_name }}:deploy" + vars: + services_service_name: "database" + tags: "always" diff --git a/plays/services/roles/deploy/database/tasks/main.yml b/plays/services/roles/deploy/database/tasks/main.yml new file mode 100644 index 0000000..682d33e --- /dev/null +++ b/plays/services/roles/deploy/database/tasks/main.yml @@ -0,0 +1,60 @@ +- name: "set the user variables" + ansible.builtin.import_role: + name: "include" + vars_from: "user" + +- name: "set the version variables" + ansible.builtin.import_role: + name: "deploy/include" + vars_from: "versions" + +- block: + + - name: "configure postgres password" + ansible.builtin.template: + src: "./postgres/database.password.j2" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/database.password" + mode: 0600 + register: services_deploy_database_password_file + + - name: "configure systemd service" + ansible.builtin.template: + src: "./systemd/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + mode: 0644 + loop: + - "pod-database.service" + - "container-database-postgres.service" + register: services_deploy_database_systemd_files + + - name: "systemd user daemon reload" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_database_systemd_files.changed + + - name: "enable the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + enabled: true + scope: "user" + + - name: "start the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "started" + scope: "user" + register: services_deploy_database_service_start + + - name: "restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: restarted + scope: user + when: + (services_deploy_database_password_file.changed or + services_deploy_database_systemd_files.changed) and + not services_deploy_database_service_start.changed + + become_user: "{{ services_service_user_name }}" diff --git a/plays/services/roles/deploy/database/templates/postgres/database.password.j2 b/plays/services/roles/deploy/database/templates/postgres/database.password.j2 new file mode 100644 index 0000000..c6b591a --- /dev/null +++ b/plays/services/roles/deploy/database/templates/postgres/database.password.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].password }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/systemd/user/container-database-postgres.service.j2 b/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 similarity index 94% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/systemd/user/container-database-postgres.service.j2 rename to plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 index db8de81..abb8c3d 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/systemd/user/container-database-postgres.service.j2 +++ b/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 @@ -27,7 +27,7 @@ ExecStart=/usr/bin/podman run \ -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \ -v /var/lib/yggdrasil/data/pod-database/data/_data:/var/lib/postgresql/data \ --name=pod-database-postgres \ - docker.io/library/postgres:{{ versions.database.postgres }} + docker.io/library/postgres:{{ services_deploy_versions.database.postgres }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id PIDFile=%t/container-database-postgres.pid diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/systemd/user/pod-database.service.j2 b/plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 similarity index 100% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-database/.config/systemd/user/pod-database.service.j2 rename to plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 diff --git a/plays/services/roles/deploy/include/vars/versions.yml b/plays/services/roles/deploy/include/vars/versions.yml new file mode 100644 index 0000000..4af4663 --- /dev/null +++ b/plays/services/roles/deploy/include/vars/versions.yml @@ -0,0 +1,15 @@ +services_deploy_versions: + rproxy: + nginx: "stable" + www: + nginx: "stable" + lrproxy: + nginx: "stable" + database: + postgres: "15.0" + cloud: + nextcloud: "25-fpm" + git: + gitea: "1" + notes: + joplin: "2.9-beta" diff --git a/plays/services/roles/deploy/lrproxy/tasks/main.yml b/plays/services/roles/deploy/lrproxy/tasks/main.yml index 7ec7ce4..232f76b 100644 --- a/plays/services/roles/deploy/lrproxy/tasks/main.yml +++ b/plays/services/roles/deploy/lrproxy/tasks/main.yml @@ -3,6 +3,11 @@ name: "include" vars_from: "user" +- name: "set the version variables" + ansible.builtin.import_role: + name: "deploy/include" + vars_from: "versions" + - name: "set the rproxy variables" ansible.builtin.include_vars: file: "nginx.yml" diff --git a/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 index 5b87115..7b2bbee 100644 --- a/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 @@ -27,7 +27,7 @@ ExecStart=/usr/bin/podman run \ -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ -v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ --name=pod-lrproxy-nginx \ - docker.io/library/nginx:stable + docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id PIDFile=%t/container-lrproxy-nginx.pid diff --git a/plays/services/roles/deploy/rproxy/tasks/main.yml b/plays/services/roles/deploy/rproxy/tasks/main.yml index cc1d625..574f99b 100644 --- a/plays/services/roles/deploy/rproxy/tasks/main.yml +++ b/plays/services/roles/deploy/rproxy/tasks/main.yml @@ -3,6 +3,11 @@ name: "include" vars_from: "user" +- name: "set the version variables" + ansible.builtin.import_role: + name: "deploy/include" + vars_from: "versions" + - name: "set the rproxy variables" ansible.builtin.include_vars: file: "nginx.yml" diff --git a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 index ac236ba..0e56c60 100644 --- a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 @@ -29,7 +29,7 @@ ExecStart=/usr/bin/podman run \ -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ -v var-www-html:/var/www/html \ --name=pod-rproxy-nginx \ - docker.io/library/nginx:stable + docker.io/library/nginx:{{ services_deploy_versions.www.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id PIDFile=%t/container-rproxy-nginx.pid diff --git a/plays/services/roles/deploy/www/tasks/main.yml b/plays/services/roles/deploy/www/tasks/main.yml index 53a28a3..e575f2b 100644 --- a/plays/services/roles/deploy/www/tasks/main.yml +++ b/plays/services/roles/deploy/www/tasks/main.yml @@ -3,6 +3,11 @@ name: "include" vars_from: "user" +- name: "set the version variables" + ansible.builtin.import_role: + name: "deploy/include" + vars_from: "versions" + - name: "check if hugo is installed" ansible.builtin.stat: path: "/usr/local/bin/hugo" diff --git a/plays/services/roles/deploy/www/templates/systemd/container-www-nginx.service.j2 b/plays/services/roles/deploy/www/templates/systemd/container-www-nginx.service.j2 index 970b943..59ace03 100644 --- a/plays/services/roles/deploy/www/templates/systemd/container-www-nginx.service.j2 +++ b/plays/services/roles/deploy/www/templates/systemd/container-www-nginx.service.j2 @@ -24,7 +24,7 @@ ExecStart=/usr/bin/podman run \ -v /etc/resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \ --name=pod-www-nginx \ - docker.io/library/nginx:stable + docker.io/library/nginx:{{ services_deploy_versions.www.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id PIDFile=%t/container-www-nginx.pid