Unify rproxy and lrproxy

playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf

@@ -1 +0,0 @@
-../../../rproxy/files/config/nginx.conf

playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml

@@ -1,26 +0,0 @@
----
-argument_specs:
-  main:
-    options:
-      ansible_hostname:
-        type: "str"
-        required: true
-      services_root_directory:
-        type: "str"
-        required: true
-      services_home_directory:
-        type: "str"
-        required: true
-      services_data_directory:
-        type: "str"
-        required: true
-      services_containers_directory:
-        type: "str"
-        required: true
-      services_service_name:
-        type: "str"
-        required: true
-      services_all_services:
-        type: "dict"
-        elem: "dict"
-        required: true

playbooks/roles/services/deploy/lrproxy/tasks/main.yml

@@ -1,102 +0,0 @@
----
-- name: "set the user variables"
-  ansible.builtin.import_role:
-    name: "services/include"
-    vars_from: "user"
-
-- name: "set the version variables"
-  ansible.builtin.import_role:
-    name: "services/deploy/include"
-    vars_from: "versions"
-
-- name: "set the rproxy variables"
-  ansible.builtin.include_vars:
-    file: "nginx.yml"
-
-- block:
-
-    - name: "create nginx conf.d"
-      ansible.builtin.file:
-        path: "\
-          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
-        state: "directory"
-        mode: 0755
-
-    - name: "configure reverse proxy nginx"
-      ansible.builtin.copy:
-        src: "./config/{{ item }}"
-        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
-        mode: 0644
-      loop:
-        - "nginx.conf"
-        - "stream.conf"
-        - "nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
-        - "nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
-        - "nginx-conf.d/git.wojciechkozlowski.eu.conf"
-        - "nginx-conf.d/music.wojciechkozlowski.eu.conf"
-        - "nginx-conf.d/notes.wojciechkozlowski.eu.conf"
-      register: services_deploy_lrproxy_config_files
-
-    - name: "configure systemd service"
-      ansible.builtin.template:
-        src: "./systemd/{{ item }}"
-        dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
-        mode: 0600
-      loop:
-        - "pod-lrproxy.service"
-        - "container-lrproxy-nginx.service"
-        - "container-lrproxy-certbot.service"
-        - "container-lrproxy-certbot.timer"
-      register: services_deploy_lrproxy_systemd_files
-
-    - name: "systemd user daemon reload"
-      ansible.builtin.systemd:
-        daemon_reload: true
-        scope: "user"
-      when:
-        services_deploy_lrproxy_systemd_files.changed
-
-    - name: "enable container-lrproxy-certbot timer"
-      ansible.builtin.systemd:
-        name: "container-lrproxy-certbot.timer"
-        enabled: true
-        scope: "user"
-      register: services_deploy_lrproxy_certbot_timer
-
-    - name: "generate diffie hellman ephemeral parameters"
-      ansible.builtin.command: >-
-        openssl dhparam
-        --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
-        4096
-      args:
-        creates: "\
-          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
-      register: services_deploy_lrproxy_dhparam
-
-    - name: "get uid"
-      ansible.builtin.getent:
-        database: "passwd"
-        key: "{{ services_service_user_name }}"
-
-    - name: "get service status"
-      ansible.builtin.command: >-
-        systemctl --user show --property ActiveState --value
-        {{ services_service_user_name }}.service
-      environment:
-        XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
-      changed_when: false
-      register: services_deploy_lrproxy_service_active_state
-
-    - name: "restart the service"
-      ansible.builtin.systemd:
-        name: "pod-{{ services_service_name }}.service"
-        state: "restarted"
-        scope: "user"
-      when:
-        (services_deploy_lrproxy_config_files.changed or
-        services_deploy_lrproxy_systemd_files.changed or
-        services_deploy_lrproxy_certbot_timer.changed or
-        services_deploy_lrproxy_dhparam.changed) and
-        services_deploy_lrproxy_service_active_state.stdout == "active"
-
-  become_user: "{{ services_service_user_name }}"

playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.service

@@ -1,24 +0,0 @@
-[Unit]
-Description=Podman container-lrproxy-certbot.service
-Documentation=man:podman-generate-systemd(1)
-OnFailure=status-mail@%n.service
-
-[Service]
-Environment=PODMAN_SYSTEMD_UNIT=%n
-TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/container-lrproxy-certbot.pid %t/container-lrproxy-certbot.ctr-id
-ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
-ExecStart=/usr/bin/podman run \
-                          --conmon-pidfile %t/container-lrproxy-certbot.pid \
-                          --cidfile %t/container-lrproxy-certbot.ctr-id \
-                          --cgroups=no-conmon \
-                          --pod-id-file %t/pod-lrproxy.pod-id \
-                          --replace \
-                          -v /etc/resolv.conf:/etc/resolv.conf:ro \
-                          -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt \
-                          -v var-lib-letsencrypt:/var/lib/letsencrypt \
-                          -v var-www-html:/var/www/html \
-                          --name=pod-lrproxy-certbot \
-                          docker.io/certbot/certbot --non-interactive renew
-ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-certbot.ctr-id
-Type=oneshot

playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.timer

@@ -1,14 +0,0 @@
-[Unit]
-Description=Renew certificates with certbot
-Documentation=man:certbot(1)
-BindsTo=pod-lrproxy.service
-After=pod-lrproxy.service
-DefaultDependencies=no
-
-[Timer]
-OnCalendar=Fri *-*-* 06:00:00
-Persistent=true
-RandomizedDelaySec=1h
-
-[Install]
-WantedBy=pod-lrproxy.service

playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service

@@ -1,40 +0,0 @@
-[Unit]
-Description=Podman container-lrproxy-nginx.service
-Documentation=man:podman-generate-systemd(1)
-Wants=network.target
-After=network-online.target
-BindsTo=pod-lrproxy.service
-After=pod-lrproxy.service
-OnFailure=status-mail@%n.service
-
-[Service]
-Environment=PODMAN_SYSTEMD_UNIT=%n
-Restart=on-failure
-TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
-ExecStart=/usr/bin/podman run \
-                          --conmon-pidfile %t/container-lrproxy-nginx.pid \
-                          --cidfile %t/container-lrproxy-nginx.ctr-id \
-                          --cgroups=no-conmon \
-                          --pod-id-file %t/pod-lrproxy.pod-id \
-                          --replace \
-                          --label "io.containers.autoupdate=image" \
-                          -dt \
-                          {{ services_rproxy_nginx_add_hosts }} \
-                          -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-                          -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-                          -v ./.config/pod-lrproxy/stream.conf:/etc/nginx/stream.conf:ro \
-                          -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-                          -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-                          -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-                          -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-                          -v var-www-html:/var/www/html \
-                          --name=pod-lrproxy-nginx \
-                          docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
-ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
-ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
-PIDFile=%t/container-lrproxy-nginx.pid
-Type=forking
-
-[Install]
-WantedBy=multi-user.target default.target

playbooks/roles/services/deploy/lrproxy/templates/systemd/pod-lrproxy.service

@@ -1,24 +0,0 @@
-[Unit]
-Description=Podman pod-lrproxy.service
-Documentation=man:podman-generate-systemd(1)
-Wants=network.target
-After=network-online.target
-Requires=container-lrproxy-nginx.service
-Before=container-lrproxy-nginx.service
-OnFailure=status-mail@%n.service
-
-[Service]
-Environment=PODMAN_SYSTEMD_UNIT=%n
-Restart=on-failure
-TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id
-ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile'
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id
-PIDFile=%t/pod-lrproxy.pid
-Type=forking
-
-[Install]
-WantedBy=multi-user.target default.target

playbooks/roles/services/deploy/lrproxy/vars/nginx.yml

@@ -1 +0,0 @@
-../../rproxy/vars/nginx.yml

playbooks/roles/services/deploy/rproxy/tasks/main.yml

@@ -1,44 +1,58 @@
 ---
-- name: "set the user variables"
+- name: "{{ services_service_name }} : set the user variables"
   ansible.builtin.import_role:
     name: "services/include"
     vars_from: "user"
 
-- name: "set the version variables"
+- name: "{{ services_service_name }} : set the version variables"
   ansible.builtin.import_role:
     name: "services/deploy/include"
     vars_from: "versions"
 
-- name: "set the rproxy variables"
+- name: "{{ services_service_name }} : set the rproxy variables"
   ansible.builtin.include_vars:
     file: "nginx.yml"
 
 - block:
 
-    - name: "create nginx conf.d"
+    - name: "{{ services_service_name }} : create nginx conf.d"
       ansible.builtin.file:
         path: "\
           {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
         state: "directory"
         mode: 0755
 
-    - name: "configure reverse proxy nginx"
+    - name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
       ansible.builtin.copy:
-        src: "./config/{{ item }}"
-        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
+        src: "./config/nginx.conf"
+        dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
         mode: 0644
-      loop:
-        - "nginx.conf"
-        - "stream.conf"
-        - "nginx-conf.d/http-default.conf"
-        - "nginx-conf.d/wojciechkozlowski.eu.conf"
-        - "nginx-conf.d/www.wojciechkozlowski.eu.conf"
-      register: services_deploy_rproxy_config_files
+      register: services_deploy_rproxy_generic_config
 
-    - name: "configure systemd service"
+    - name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
+      ansible.builtin.copy:
+        src: "{{ services_deploy_rproxy_nginx_stream_config }}"
+        dest: "\
+          {{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"
+        mode: 0644
+      register: services_deploy_rproxy_stream_config
+
+    - name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "\
+          {{ services_service_user_home }}/.config/\
+          {{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}"
+        mode: 0644
+      loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
+      register: services_deploy_rproxy_subdomain_config_files
+
+    - name: "{{ services_service_name }} : configure systemd service"
       ansible.builtin.template:
         src: "./systemd/{{ item }}"
-        dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
+        dest: "\
+          {{ services_service_user_home }}/.config/systemd/user/\
+          {{ item | replace('rproxy', services_service_name) }}"
         mode: 0600
       loop:
         - "pod-rproxy.service"
@@ -47,21 +61,21 @@
         - "container-rproxy-certbot.timer"
       register: services_deploy_rproxy_systemd_files
 
-    - name: "systemd user daemon reload"
+    - name: "{{ services_service_name }} : systemd user daemon reload"
       ansible.builtin.systemd:
         daemon_reload: true
         scope: "user"
       when:
         services_deploy_rproxy_systemd_files.changed
 
-    - name: "enable container-rproxy-certbot timer"
+    - name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer"
       ansible.builtin.systemd:
-        name: "container-rproxy-certbot.timer"
+        name: "container-{{ services_service_name }}-certbot.timer"
         enabled: true
         scope: "user"
       register: services_deploy_rproxy_certbot_timer
 
-    - name: "generate diffie hellman ephemeral parameters"
+    - name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
       ansible.builtin.command: >-
         openssl dhparam
         --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
@@ -71,12 +85,12 @@
           {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
       register: services_deploy_rproxy_dhparam
 
-    - name: "get uid"
+    - name: "{{ services_service_name }} : get uid"
       ansible.builtin.getent:
         database: "passwd"
         key: "{{ services_service_user_name }}"
 
-    - name: "get service status"
+    - name: "{{ services_service_name }} : get service status"
       ansible.builtin.command: >-
         systemctl --user show --property ActiveState --value
         {{ services_service_user_name }}.service
@@ -85,13 +99,15 @@
       changed_when: false
       register: services_deploy_rproxy_service_active_state
 
-    - name: "restart the service"
+    - name: "{{ services_service_name }} : restart the service"
       ansible.builtin.systemd:
         name: "pod-{{ services_service_name }}.service"
         state: "restarted"
         scope: "user"
       when:
-        (services_deploy_rproxy_config_files.changed or
+        (services_deploy_rproxy_generic_config.changed or
+        services_deploy_rproxy_stream_config.changed or
+        services_deploy_rproxy_subdomain_config_files.changed or
         services_deploy_rproxy_systemd_files.changed or
         services_deploy_rproxy_certbot_timer.changed or
         services_deploy_rproxy_dhparam.changed) and

playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service

@@ -1,24 +1,24 @@
 [Unit]
-Description=Podman container-rproxy-certbot.service
+Description=Podman container-{{ services_service_name }}-certbot.service
 Documentation=man:podman-generate-systemd(1)
 OnFailure=status-mail@%n.service
 
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
+ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
 ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
 ExecStart=/usr/bin/podman run \
-                          --conmon-pidfile %t/container-rproxy-certbot.pid \
-                          --cidfile %t/container-rproxy-certbot.ctr-id \
+                          --conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
+                          --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
                           --cgroups=no-conmon \
-                          --pod-id-file %t/pod-rproxy.pod-id \
+                          --pod-id-file %t/pod-{{ services_service_name }}.pod-id \
                           --replace \
-                          -v /etc/resolv.conf:/etc/resolv.conf:ro \
-                          -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
+                          -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
+                          -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
                           -v var-lib-letsencrypt:/var/lib/letsencrypt \
                           -v var-www-html:/var/www/html \
-                          --name=pod-rproxy-certbot \
+                          --name=pod-{{ services_service_name }}-certbot \
                           docker.io/certbot/certbot --non-interactive renew
-ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
 Type=oneshot

playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer

@@ -1,8 +1,8 @@
 [Unit]
 Description=Renew certificates with certbot
 Documentation=man:certbot(1)
-BindsTo=pod-rproxy.service
-After=pod-rproxy.service
+BindsTo=pod-{{ services_service_name }}.service
+After=pod-{{ services_service_name }}.service
 DefaultDependencies=no
 
 [Timer]
@@ -11,4 +11,4 @@ Persistent=true
 RandomizedDelaySec=1h
 
 [Install]
-WantedBy=pod-rproxy.service
+WantedBy=pod-{{ services_service_name }}.service

playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service

@@ -1,39 +1,39 @@
 [Unit]
-Description=Podman container-rproxy-nginx.service
+Description=Podman container-{{ services_service_name }}-nginx.service
 Documentation=man:podman-generate-systemd(1)
 Wants=network.target
 After=network-online.target
-BindsTo=pod-rproxy.service
-After=pod-rproxy.service
+BindsTo=pod-{{ services_service_name }}.service
+After=pod-{{ services_service_name }}.service
 OnFailure=status-mail@%n.service
 
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
+ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id
 ExecStart=/usr/bin/podman run \
-                          --conmon-pidfile %t/container-rproxy-nginx.pid \
-                          --cidfile %t/container-rproxy-nginx.ctr-id \
+                          --conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
+                          --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
                           --cgroups=no-conmon \
-                          --pod-id-file %t/pod-rproxy.pod-id \
+                          --pod-id-file %t/pod-{{ services_service_name }}.pod-id \
                           --replace \
                           --label "io.containers.autoupdate=image" \
                           -dt \
                           {{ services_rproxy_nginx_add_hosts }} \
-                          -v /etc/resolv.conf:/etc/resolv.conf:ro \
-                          -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-                          -v ./.config/pod-rproxy/stream.conf:/etc/nginx/stream.conf:ro \
-                          -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-                          -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-                          -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
+                          -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
+                          -v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \
+                          -v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \
+                          -v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \
+                          -v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
+                          -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
                           -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
                           -v var-www-html:/var/www/html \
-                          --name=pod-rproxy-nginx \
+                          --name=pod-{{ services_service_name }}-nginx \
                           docker.io/library/nginx:{{ services_deploy_versions.www.nginx }}
-ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
-ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
-PIDFile=%t/container-rproxy-nginx.pid
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id
+PIDFile=%t/container-{{ services_service_name }}-nginx.pid
 Type=forking
 
 [Install]

playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service

@@ -1,23 +1,23 @@
 [Unit]
-Description=Podman pod-rproxy.service
+Description=Podman pod-{{ services_service_name }}.service
 Documentation=man:podman-generate-systemd(1)
 Wants=network.target
 After=network-online.target
-Requires=container-rproxy-nginx.service
-Before=container-rproxy-nginx.service
+Requires=container-{{ services_service_name }}-nginx.service
+Before=container-{{ services_service_name }}-nginx.service
 OnFailure=status-mail@%n.service
 
 [Service]
 Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id
-ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile'
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id
-PIDFile=%t/pod-rproxy.pid
+ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
+ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
+PIDFile=%t/pod-{{ services_service_name }}.pid
 Type=forking
 
 [Install]

playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service

@@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
                           --replace \
                           --label "io.containers.autoupdate=image" \
                           -dt \
-                          -v /etc/resolv.conf:/etc/resolv.conf:ro \
+                          -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
                           -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
                           --name=pod-www-nginx \
                           docker.io/library/nginx:{{ services_deploy_versions.www.nginx }}

playbooks/services.yml

@@ -43,6 +43,46 @@
         loop_var: "services_service_name"
       tags: "always"
 
+    - name: "deploy rproxy"
+      ansible.builtin.include_role:
+        name: "services/deploy/rproxy"
+        apply:
+          tags:
+            - "services:rproxy"
+            - "services:deploy"
+            - "services:deploy:rproxy"
+            - "services:rproxy:deploy"
+      vars:
+        services_service_name: "rproxy"
+        services_deploy_rproxy_nginx_stream_config: "files/services/deploy/rproxy/stream.conf"
+        services_deploy_rproxy_nginx_subdomain_config_files:
+          - "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
+          - "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
+          - "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf"
+      when: "'rproxy' in services_host_services"
+      tags: "always"
+
+    - name: "deploy lrproxy"
+      ansible.builtin.include_role:
+        name: "services/deploy/rproxy"
+        apply:
+          tags:
+            - "services:lrproxy"
+            - "services:deploy"
+            - "services:deploy:lrproxy"
+            - "services:lrproxy:deploy"
+      vars:
+        services_service_name: "lrproxy"
+        services_deploy_rproxy_nginx_stream_config: "files/services/deploy/lrproxy/stream.conf"
+        services_deploy_rproxy_nginx_subdomain_config_files:
+          - "files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
+          - "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
+          - "files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf"
+          - "files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf"
+          - "files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf"
+      when: "'lrproxy' in services_host_services"
+      tags: "always"
+
     - name: "deploy"
       ansible.builtin.include_role:
         name: "services/deploy/{{ services_service_name }}"
@@ -52,7 +92,11 @@
             - "services:deploy"
             - "services:deploy:{{ services_service_name }}"
             - "services:{{ services_service_name }}:deploy"
-      loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
+      loop: "{{
+        services_host_services | dict2items |
+        rejectattr('key', '==', 'rproxy') |
+        rejectattr('key', '==', 'lrproxy') |
+        map(attribute='key') }}"
       loop_control:
         loop_var: "services_service_name"
       tags: "always"