Unify rproxy and lrproxy
This commit is contained in:
parent
5fb63e1a28
commit
3d8a7aa582
@ -1 +0,0 @@
|
||||
../../../rproxy/files/config/nginx.conf
|
@ -1,26 +0,0 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
services_all_services:
|
||||
type: "dict"
|
||||
elem: "dict"
|
||||
required: true
|
@ -1,102 +0,0 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
vars_from: "user"
|
||||
|
||||
- name: "set the version variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/deploy/include"
|
||||
vars_from: "versions"
|
||||
|
||||
- name: "set the rproxy variables"
|
||||
ansible.builtin.include_vars:
|
||||
file: "nginx.yml"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "create nginx conf.d"
|
||||
ansible.builtin.file:
|
||||
path: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "configure reverse proxy nginx"
|
||||
ansible.builtin.copy:
|
||||
src: "./config/{{ item }}"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- "nginx.conf"
|
||||
- "stream.conf"
|
||||
- "nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
|
||||
- "nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
||||
- "nginx-conf.d/git.wojciechkozlowski.eu.conf"
|
||||
- "nginx-conf.d/music.wojciechkozlowski.eu.conf"
|
||||
- "nginx-conf.d/notes.wojciechkozlowski.eu.conf"
|
||||
register: services_deploy_lrproxy_config_files
|
||||
|
||||
- name: "configure systemd service"
|
||||
ansible.builtin.template:
|
||||
src: "./systemd/{{ item }}"
|
||||
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
||||
mode: 0600
|
||||
loop:
|
||||
- "pod-lrproxy.service"
|
||||
- "container-lrproxy-nginx.service"
|
||||
- "container-lrproxy-certbot.service"
|
||||
- "container-lrproxy-certbot.timer"
|
||||
register: services_deploy_lrproxy_systemd_files
|
||||
|
||||
- name: "systemd user daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "user"
|
||||
when:
|
||||
services_deploy_lrproxy_systemd_files.changed
|
||||
|
||||
- name: "enable container-lrproxy-certbot timer"
|
||||
ansible.builtin.systemd:
|
||||
name: "container-lrproxy-certbot.timer"
|
||||
enabled: true
|
||||
scope: "user"
|
||||
register: services_deploy_lrproxy_certbot_timer
|
||||
|
||||
- name: "generate diffie hellman ephemeral parameters"
|
||||
ansible.builtin.command: >-
|
||||
openssl dhparam
|
||||
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
|
||||
4096
|
||||
args:
|
||||
creates: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
register: services_deploy_lrproxy_dhparam
|
||||
|
||||
- name: "get uid"
|
||||
ansible.builtin.getent:
|
||||
database: "passwd"
|
||||
key: "{{ services_service_user_name }}"
|
||||
|
||||
- name: "get service status"
|
||||
ansible.builtin.command: >-
|
||||
systemctl --user show --property ActiveState --value
|
||||
{{ services_service_user_name }}.service
|
||||
environment:
|
||||
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
|
||||
changed_when: false
|
||||
register: services_deploy_lrproxy_service_active_state
|
||||
|
||||
- name: "restart the service"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-{{ services_service_name }}.service"
|
||||
state: "restarted"
|
||||
scope: "user"
|
||||
when:
|
||||
(services_deploy_lrproxy_config_files.changed or
|
||||
services_deploy_lrproxy_systemd_files.changed or
|
||||
services_deploy_lrproxy_certbot_timer.changed or
|
||||
services_deploy_lrproxy_dhparam.changed) and
|
||||
services_deploy_lrproxy_service_active_state.stdout == "active"
|
||||
|
||||
become_user: "{{ services_service_user_name }}"
|
@ -1,24 +0,0 @@
|
||||
[Unit]
|
||||
Description=Podman container-lrproxy-certbot.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-lrproxy-certbot.pid %t/container-lrproxy-certbot.ctr-id
|
||||
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-lrproxy-certbot.pid \
|
||||
--cidfile %t/container-lrproxy-certbot.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-lrproxy.pod-id \
|
||||
--replace \
|
||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-lrproxy-certbot \
|
||||
docker.io/certbot/certbot --non-interactive renew
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-certbot.ctr-id
|
||||
Type=oneshot
|
@ -1,14 +0,0 @@
|
||||
[Unit]
|
||||
Description=Renew certificates with certbot
|
||||
Documentation=man:certbot(1)
|
||||
BindsTo=pod-lrproxy.service
|
||||
After=pod-lrproxy.service
|
||||
DefaultDependencies=no
|
||||
|
||||
[Timer]
|
||||
OnCalendar=Fri *-*-* 06:00:00
|
||||
Persistent=true
|
||||
RandomizedDelaySec=1h
|
||||
|
||||
[Install]
|
||||
WantedBy=pod-lrproxy.service
|
@ -1,40 +0,0 @@
|
||||
[Unit]
|
||||
Description=Podman container-lrproxy-nginx.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
BindsTo=pod-lrproxy.service
|
||||
After=pod-lrproxy.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-lrproxy-nginx.pid \
|
||||
--cidfile %t/container-lrproxy-nginx.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-lrproxy.pod-id \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
{{ services_rproxy_nginx_add_hosts }} \
|
||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v ./.config/pod-lrproxy/stream.conf:/etc/nginx/stream.conf:ro \
|
||||
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-lrproxy-nginx \
|
||||
docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
|
||||
PIDFile=%t/container-lrproxy-nginx.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -1,24 +0,0 @@
|
||||
[Unit]
|
||||
Description=Podman pod-lrproxy.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
Requires=container-lrproxy-nginx.service
|
||||
Before=container-lrproxy-nginx.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id
|
||||
PIDFile=%t/pod-lrproxy.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -1 +0,0 @@
|
||||
../../rproxy/vars/nginx.yml
|
@ -1,44 +1,58 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
- name: "{{ services_service_name }} : set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
vars_from: "user"
|
||||
|
||||
- name: "set the version variables"
|
||||
- name: "{{ services_service_name }} : set the version variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/deploy/include"
|
||||
vars_from: "versions"
|
||||
|
||||
- name: "set the rproxy variables"
|
||||
- name: "{{ services_service_name }} : set the rproxy variables"
|
||||
ansible.builtin.include_vars:
|
||||
file: "nginx.yml"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "create nginx conf.d"
|
||||
- name: "{{ services_service_name }} : create nginx conf.d"
|
||||
ansible.builtin.file:
|
||||
path: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "configure reverse proxy nginx"
|
||||
- name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
|
||||
ansible.builtin.copy:
|
||||
src: "./config/{{ item }}"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||
src: "./config/nginx.conf"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
|
||||
mode: 0644
|
||||
loop:
|
||||
- "nginx.conf"
|
||||
- "stream.conf"
|
||||
- "nginx-conf.d/http-default.conf"
|
||||
- "nginx-conf.d/wojciechkozlowski.eu.conf"
|
||||
- "nginx-conf.d/www.wojciechkozlowski.eu.conf"
|
||||
register: services_deploy_rproxy_config_files
|
||||
register: services_deploy_rproxy_generic_config
|
||||
|
||||
- name: "configure systemd service"
|
||||
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
||||
dest: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"
|
||||
mode: 0644
|
||||
register: services_deploy_rproxy_stream_config
|
||||
|
||||
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "\
|
||||
{{ services_service_user_home }}/.config/\
|
||||
{{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}"
|
||||
mode: 0644
|
||||
loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
|
||||
register: services_deploy_rproxy_subdomain_config_files
|
||||
|
||||
- name: "{{ services_service_name }} : configure systemd service"
|
||||
ansible.builtin.template:
|
||||
src: "./systemd/{{ item }}"
|
||||
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
||||
dest: "\
|
||||
{{ services_service_user_home }}/.config/systemd/user/\
|
||||
{{ item | replace('rproxy', services_service_name) }}"
|
||||
mode: 0600
|
||||
loop:
|
||||
- "pod-rproxy.service"
|
||||
@ -47,21 +61,21 @@
|
||||
- "container-rproxy-certbot.timer"
|
||||
register: services_deploy_rproxy_systemd_files
|
||||
|
||||
- name: "systemd user daemon reload"
|
||||
- name: "{{ services_service_name }} : systemd user daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "user"
|
||||
when:
|
||||
services_deploy_rproxy_systemd_files.changed
|
||||
|
||||
- name: "enable container-rproxy-certbot timer"
|
||||
- name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"
|
||||
ansible.builtin.systemd:
|
||||
name: "container-rproxy-certbot.timer"
|
||||
name: "container-{{ services_service_name }}-certbot.timer"
|
||||
enabled: true
|
||||
scope: "user"
|
||||
register: services_deploy_rproxy_certbot_timer
|
||||
|
||||
- name: "generate diffie hellman ephemeral parameters"
|
||||
- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
|
||||
ansible.builtin.command: >-
|
||||
openssl dhparam
|
||||
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
|
||||
@ -71,12 +85,12 @@
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
register: services_deploy_rproxy_dhparam
|
||||
|
||||
- name: "get uid"
|
||||
- name: "{{ services_service_name }} : get uid"
|
||||
ansible.builtin.getent:
|
||||
database: "passwd"
|
||||
key: "{{ services_service_user_name }}"
|
||||
|
||||
- name: "get service status"
|
||||
- name: "{{ services_service_name }} : get service status"
|
||||
ansible.builtin.command: >-
|
||||
systemctl --user show --property ActiveState --value
|
||||
{{ services_service_user_name }}.service
|
||||
@ -85,13 +99,15 @@
|
||||
changed_when: false
|
||||
register: services_deploy_rproxy_service_active_state
|
||||
|
||||
- name: "restart the service"
|
||||
- name: "{{ services_service_name }} : restart the service"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-{{ services_service_name }}.service"
|
||||
state: "restarted"
|
||||
scope: "user"
|
||||
when:
|
||||
(services_deploy_rproxy_config_files.changed or
|
||||
(services_deploy_rproxy_generic_config.changed or
|
||||
services_deploy_rproxy_stream_config.changed or
|
||||
services_deploy_rproxy_subdomain_config_files.changed or
|
||||
services_deploy_rproxy_systemd_files.changed or
|
||||
services_deploy_rproxy_certbot_timer.changed or
|
||||
services_deploy_rproxy_dhparam.changed) and
|
||||
|
@ -1,24 +1,24 @@
|
||||
[Unit]
|
||||
Description=Podman container-rproxy-certbot.service
|
||||
Description=Podman container-{{ services_service_name }}-certbot.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
|
||||
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
|
||||
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-rproxy-certbot.pid \
|
||||
--cidfile %t/container-rproxy-certbot.ctr-id \
|
||||
--conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
|
||||
--cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-rproxy.pod-id \
|
||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||
--replace \
|
||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-rproxy-certbot \
|
||||
--name=pod-{{ services_service_name }}-certbot \
|
||||
docker.io/certbot/certbot --non-interactive renew
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
|
||||
Type=oneshot
|
||||
|
@ -1,8 +1,8 @@
|
||||
[Unit]
|
||||
Description=Renew certificates with certbot
|
||||
Documentation=man:certbot(1)
|
||||
BindsTo=pod-rproxy.service
|
||||
After=pod-rproxy.service
|
||||
BindsTo=pod-{{ services_service_name }}.service
|
||||
After=pod-{{ services_service_name }}.service
|
||||
DefaultDependencies=no
|
||||
|
||||
[Timer]
|
||||
@ -11,4 +11,4 @@ Persistent=true
|
||||
RandomizedDelaySec=1h
|
||||
|
||||
[Install]
|
||||
WantedBy=pod-rproxy.service
|
||||
WantedBy=pod-{{ services_service_name }}.service
|
||||
|
@ -1,39 +1,39 @@
|
||||
[Unit]
|
||||
Description=Podman container-rproxy-nginx.service
|
||||
Description=Podman container-{{ services_service_name }}-nginx.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
BindsTo=pod-rproxy.service
|
||||
After=pod-rproxy.service
|
||||
BindsTo=pod-{{ services_service_name }}.service
|
||||
After=pod-{{ services_service_name }}.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
||||
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-rproxy-nginx.pid \
|
||||
--cidfile %t/container-rproxy-nginx.ctr-id \
|
||||
--conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
|
||||
--cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-rproxy.pod-id \
|
||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
{{ services_rproxy_nginx_add_hosts }} \
|
||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v ./.config/pod-rproxy/stream.conf:/etc/nginx/stream.conf:ro \
|
||||
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \
|
||||
-v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||
-v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-rproxy-nginx \
|
||||
--name=pod-{{ services_service_name }}-nginx \
|
||||
docker.io/library/nginx:{{ services_deploy_versions.www.nginx }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
||||
PIDFile=%t/container-rproxy-nginx.pid
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id
|
||||
PIDFile=%t/container-{{ services_service_name }}-nginx.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
|
@ -1,23 +1,23 @@
|
||||
[Unit]
|
||||
Description=Podman pod-rproxy.service
|
||||
Description=Podman pod-{{ services_service_name }}.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
Requires=container-rproxy-nginx.service
|
||||
Before=container-rproxy-nginx.service
|
||||
Requires=container-{{ services_service_name }}-nginx.service
|
||||
Before=container-{{ services_service_name }}-nginx.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id
|
||||
PIDFile=%t/pod-rproxy.pid
|
||||
ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||
PIDFile=%t/pod-{{ services_service_name }}.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
||||
--name=pod-www-nginx \
|
||||
docker.io/library/nginx:{{ services_deploy_versions.www.nginx }}
|
||||
|
@ -43,6 +43,46 @@
|
||||
loop_var: "services_service_name"
|
||||
tags: "always"
|
||||
|
||||
- name: "deploy rproxy"
|
||||
ansible.builtin.include_role:
|
||||
name: "services/deploy/rproxy"
|
||||
apply:
|
||||
tags:
|
||||
- "services:rproxy"
|
||||
- "services:deploy"
|
||||
- "services:deploy:rproxy"
|
||||
- "services:rproxy:deploy"
|
||||
vars:
|
||||
services_service_name: "rproxy"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/rproxy/stream.conf"
|
||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
|
||||
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf"
|
||||
when: "'rproxy' in services_host_services"
|
||||
tags: "always"
|
||||
|
||||
- name: "deploy lrproxy"
|
||||
ansible.builtin.include_role:
|
||||
name: "services/deploy/rproxy"
|
||||
apply:
|
||||
tags:
|
||||
- "services:lrproxy"
|
||||
- "services:deploy"
|
||||
- "services:deploy:lrproxy"
|
||||
- "services:lrproxy:deploy"
|
||||
vars:
|
||||
services_service_name: "lrproxy"
|
||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/lrproxy/stream.conf"
|
||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf"
|
||||
- "files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf"
|
||||
when: "'lrproxy' in services_host_services"
|
||||
tags: "always"
|
||||
|
||||
- name: "deploy"
|
||||
ansible.builtin.include_role:
|
||||
name: "services/deploy/{{ services_service_name }}"
|
||||
@ -52,7 +92,11 @@
|
||||
- "services:deploy"
|
||||
- "services:deploy:{{ services_service_name }}"
|
||||
- "services:{{ services_service_name }}:deploy"
|
||||
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
|
||||
loop: "{{
|
||||
services_host_services | dict2items |
|
||||
rejectattr('key', '==', 'rproxy') |
|
||||
rejectattr('key', '==', 'lrproxy') |
|
||||
map(attribute='key') }}"
|
||||
loop_control:
|
||||
loop_var: "services_service_name"
|
||||
tags: "always"
|
||||
|
Loading…
Reference in New Issue
Block a user