diff --git a/playbooks/tasks/services/c-deploy/00-hosts.yml b/playbooks/tasks/services/c-deploy/00-hosts.yml deleted file mode 100644 index 3dc13fd..0000000 --- a/playbooks/tasks/services/c-deploy/00-hosts.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Reset reverse proxy hosts variable - set_fact: - service_rproxy_hosts: - -- name: Collect reverse proxy hosts - set_fact: - service_rproxy_hosts: "{{ service_rproxy_hosts }} --add-host=pod-{{ item.key }}:{{ item.value.address }}" - with_items: "{{ services | dict2items }}" - -- debug: - msg: "{{ service_rproxy_hosts }}" diff --git a/playbooks/tasks/services/c-deploy/01-service-deploy.yml b/playbooks/tasks/services/c-deploy/01-service-deploy.yml index bb3dd3d..7fb99aa 100644 --- a/playbooks/tasks/services/c-deploy/01-service-deploy.yml +++ b/playbooks/tasks/services/c-deploy/01-service-deploy.yml @@ -1,5 +1,3 @@ - block: - - import_tasks: ../vars.yml - - import_tasks: ../vars-user.yml - import_tasks: service-deploy/service.yml tags: "{{ service_name }}" diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.yml index f924b08..28a6f56 100644 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.yml +++ b/playbooks/tasks/services/c-deploy/service-deploy/service.yml @@ -1,11 +1,5 @@ - block: - - name: Create service configuration directory for {{ service_user_name }} - file: - path: "{{ service_home }}/.config/{{ service_user_name }}" - state: directory - mode: 0755 - - name: Check if service configuration exists become: no delegate_to: localhost diff --git a/playbooks/tasks/services/vars.yml b/playbooks/tasks/services/vars.yml deleted file mode 100644 index 487cc5f..0000000 --- a/playbooks/tasks/services/vars.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Set service variables - set_fact: - service_user_name: "pod-{{ service_name }}" - -- name: Set service variables - set_fact: - service_home: "/var/lib/{{ ansible_hostname }}/home/{{ service_user_name }}" - -- name: Set service variables - set_fact: - local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}" - -- name: Print service variables - debug: - msg: - - "service_name: {{ service_name }}" - - "service_user_name: {{ service_user_name }}" - - "service_home: {{ service_home }}" - - "local_service_home: {{ local_service_home }}" diff --git a/plays/services/roles/deploy/lrproxy/files/setup b/plays/services/roles/deploy/lrproxy/files/setup new file mode 120000 index 0000000..259d6d9 --- /dev/null +++ b/plays/services/roles/deploy/lrproxy/files/setup @@ -0,0 +1 @@ +../../rproxy/files/setup \ No newline at end of file diff --git a/plays/services/roles/deploy/lrproxy/tasks/main.yml b/plays/services/roles/deploy/lrproxy/tasks/main.yml new file mode 100644 index 0000000..8818ef7 --- /dev/null +++ b/plays/services/roles/deploy/lrproxy/tasks/main.yml @@ -0,0 +1,107 @@ +- name: "set the user variables" + ansible.builtin.import_role: + name: "include" + vars_from: "user" + +- name: "set the rproxy variables" + ansible.builtin.import_role: + name: "deploy/rproxy" + tasks_from: "" + vars_from: "nginx" + +- block: + + - name: "create nginx conf.d" + ansible.builtin.file: + path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d" + state: "directory" + mode: 0755 + + - name: "configure reverse proxy nginx" + ansible.builtin.copy: + src: "setup/{{ item }}" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" + mode: 0644 + loop: "{{ services_rproxy_nginx_conf_d_files }}" + register: services_deploy_lrproxy_config_files + + - name: "configure systemd service" + ansible.builtin.template: + src: "./systemd/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + mode: 0644 + loop: + - "pod-lrproxy.service" + - "container-lrproxy-nginx.service" + - "rsync-certificates.service" + - "rsync-certificates.timer" + register: services_deploy_lrproxy_systemd_files + + - name: "systemd user daemon reload" + systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_lrproxy_systemd_files.changed + + - name: "enable rsync-certificates timer" + ansible.builtin.systemd: + name: "rsync-certificates.timer" + enabled: true + scope: "user" + register: services_deploy_lrproxy_rsync_certificates_timer + + - name: "generate diffie hellman ephemeral parameters" + ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096" + args: + creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem" + register: services_deploy_lrproxy_dhparam + + - name: "create the .ssh directory" + ansible.builtin.file: + path: "{{ services_service_user_home }}/.ssh" + state: "directory" + mode: 0700 + + - name: "generate ssh keypair for rsync" + community.crypto.openssh_keypair: + path: "{{ services_service_user_home }}/.ssh/valkyrie-pod-rproxy" + type: "ed25519" + register: services_deploy_lrproxy_keypair + + - name: "configure public key on valkyrie" + delegate_to: valkyrie + become_user: pod-rproxy + ansible.posix.authorized_key: + user: "pod-rproxy" + state: "present" + key: "{{ services_deploy_lrproxy_keypair.public_key }}" + key_options: "command=\"rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding" + + - name: "enable the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + enabled: true + scope: "user" + + - name: "start the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "started" + scope: "user" + register: services_deploy_lrproxy_service_start + + - name: "restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: restarted + scope: user + when: + (services_deploy_lrproxy_config_files.changed or + services_deploy_lrproxy_systemd_files.changed or + services_deploy_lrproxy_rsync_certificates_timer.changed or + services_deploy_lrproxy_dhparam.changed or + services_deploy_lrproxy_keypair.changed) and + not services_deploy_lrproxy_service_start.changed + + become_user: "{{ services_service_user_name }}" diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 similarity index 96% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2 rename to plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 index 351ff30..5b87115 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 @@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - {{ service_rproxy_hosts }} \ + {{ services_rproxy_nginx_add_hosts }} \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 similarity index 100% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 rename to plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 similarity index 73% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 rename to plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 index a64bccd..4fe197d 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 @@ -8,5 +8,5 @@ Type=oneshot ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \ -avz \ --delete \ - {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \ + {{ hostvars['valkyrie'].vpn_wireguard_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.timer.j2 similarity index 100% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 rename to plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.timer.j2 diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf b/plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/cloud.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf rename to plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/cloud.wojciechkozlowski.eu.conf diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf b/plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/git.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf rename to plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/git.wojciechkozlowski.eu.conf diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf b/plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/notes.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf rename to plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/notes.wojciechkozlowski.eu.conf diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/wojciechkozlowski.eu.conf b/plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/wojciechkozlowski.eu.conf rename to plays/services/roles/deploy/rproxy/files/setup/nginx-conf.d/wojciechkozlowski.eu.conf diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx.conf b/plays/services/roles/deploy/rproxy/files/setup/nginx.conf similarity index 100% rename from playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx.conf rename to plays/services/roles/deploy/rproxy/files/setup/nginx.conf diff --git a/plays/services/roles/deploy/rproxy/vars/nginx.yml b/plays/services/roles/deploy/rproxy/vars/nginx.yml new file mode 100644 index 0000000..ed0c1e9 --- /dev/null +++ b/plays/services/roles/deploy/rproxy/vars/nginx.yml @@ -0,0 +1,15 @@ +services_all_services: "{{ + services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | + flatten | items2dict }}" +services_rproxy_nginx_add_hosts: "\ + {% set add_host_list = [] %}\ + {% for service in ( services_all_services | dict2items ) %}\ + {{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.address) }}\ + {% endfor %}\ + {{ add_host_list | join(' ') }}" +services_rproxy_nginx_conf_d_files: + - "nginx.conf" + - "nginx-conf.d/cloud.wojciechkozlowski.eu.conf" + - "nginx-conf.d/git.wojciechkozlowski.eu.conf" + - "nginx-conf.d/notes.wojciechkozlowski.eu.conf" + - "nginx-conf.d/wojciechkozlowski.eu.conf" diff --git a/plays/services/roles/include/vars/group.yml b/plays/services/roles/include/vars/group.yml deleted file mode 100644 index c424d7f..0000000 --- a/plays/services/roles/include/vars/group.yml +++ /dev/null @@ -1,9 +0,0 @@ -services_all_services: "{{ - services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | - flatten | items2dict }}" -services_rproxy_add_hosts: "\ - {% set add_host_list = [] %}\ - {% for service in ( services_all_services | dict2items ) %}\ - {{ add_host_list.append('--add-host-' ~ service.key ~ ':' ~ service.value.address) }}\ - {% endfor %}\ - {{ add_host_list | join(' ') }}" diff --git a/plays/services/roles/setup/user/tasks/include/directories.yml b/plays/services/roles/setup/user/tasks/include/directories.yml index 3470ceb..a58bbc8 100644 --- a/plays/services/roles/setup/user/tasks/include/directories.yml +++ b/plays/services/roles/setup/user/tasks/include/directories.yml @@ -27,6 +27,12 @@ - block: + - name: "{{ services_service_name }} : directories : create service configuration directory" + ansible.builtin.file: + path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}" + state: "directory" + mode: 0755 + - name: "{{ services_service_name }} : directories : create systemd directory" ansible.builtin.file: path: "{{ services_service_user_home }}/.config/systemd/user"