diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/cloud.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/cloud.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/git.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/git.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/music.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/notes.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/nginx-conf.d/notes.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/stream.conf b/playbooks/files/services/deploy/lrproxy/stream.conf similarity index 100% rename from playbooks/roles/services/deploy/lrproxy/files/config/stream.conf rename to playbooks/files/services/deploy/lrproxy/stream.conf diff --git a/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/http-default.conf b/playbooks/files/services/deploy/rproxy/nginx-conf.d/http-default.conf similarity index 100% rename from playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/http-default.conf rename to playbooks/files/services/deploy/rproxy/nginx-conf.d/http-default.conf diff --git a/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/www.wojciechkozlowski.eu.conf b/playbooks/files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf similarity index 100% rename from playbooks/roles/services/deploy/rproxy/files/config/nginx-conf.d/www.wojciechkozlowski.eu.conf rename to playbooks/files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf diff --git a/playbooks/roles/services/deploy/rproxy/files/config/stream.conf b/playbooks/files/services/deploy/rproxy/stream.conf similarity index 100% rename from playbooks/roles/services/deploy/rproxy/files/config/stream.conf rename to playbooks/files/services/deploy/rproxy/stream.conf diff --git a/playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf b/playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf deleted file mode 120000 index 82305bc..0000000 --- a/playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf +++ /dev/null @@ -1 +0,0 @@ -../../../rproxy/files/config/nginx.conf \ No newline at end of file diff --git a/playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml b/playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml deleted file mode 100644 index 8ae8103..0000000 --- a/playbooks/roles/services/deploy/lrproxy/meta/argument_specs.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -argument_specs: - main: - options: - ansible_hostname: - type: "str" - required: true - services_root_directory: - type: "str" - required: true - services_home_directory: - type: "str" - required: true - services_data_directory: - type: "str" - required: true - services_containers_directory: - type: "str" - required: true - services_service_name: - type: "str" - required: true - services_all_services: - type: "dict" - elem: "dict" - required: true diff --git a/playbooks/roles/services/deploy/lrproxy/tasks/main.yml b/playbooks/roles/services/deploy/lrproxy/tasks/main.yml deleted file mode 100644 index 752363d..0000000 --- a/playbooks/roles/services/deploy/lrproxy/tasks/main.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- -- name: "set the user variables" - ansible.builtin.import_role: - name: "services/include" - vars_from: "user" - -- name: "set the version variables" - ansible.builtin.import_role: - name: "services/deploy/include" - vars_from: "versions" - -- name: "set the rproxy variables" - ansible.builtin.include_vars: - file: "nginx.yml" - -- block: - - - name: "create nginx conf.d" - ansible.builtin.file: - path: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d" - state: "directory" - mode: 0755 - - - name: "configure reverse proxy nginx" - ansible.builtin.copy: - src: "./config/{{ item }}" - dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" - mode: 0644 - loop: - - "nginx.conf" - - "stream.conf" - - "nginx-conf.d/archive.music.wojciechkozlowski.eu.conf" - - "nginx-conf.d/cloud.wojciechkozlowski.eu.conf" - - "nginx-conf.d/git.wojciechkozlowski.eu.conf" - - "nginx-conf.d/music.wojciechkozlowski.eu.conf" - - "nginx-conf.d/notes.wojciechkozlowski.eu.conf" - register: services_deploy_lrproxy_config_files - - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-lrproxy.service" - - "container-lrproxy-nginx.service" - - "container-lrproxy-certbot.service" - - "container-lrproxy-certbot.timer" - register: services_deploy_lrproxy_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_lrproxy_systemd_files.changed - - - name: "enable container-lrproxy-certbot timer" - ansible.builtin.systemd: - name: "container-lrproxy-certbot.timer" - enabled: true - scope: "user" - register: services_deploy_lrproxy_certbot_timer - - - name: "generate diffie hellman ephemeral parameters" - ansible.builtin.command: >- - openssl dhparam - --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem - 4096 - args: - creates: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem" - register: services_deploy_lrproxy_dhparam - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - {{ services_service_user_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_lrproxy_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_lrproxy_config_files.changed or - services_deploy_lrproxy_systemd_files.changed or - services_deploy_lrproxy_certbot_timer.changed or - services_deploy_lrproxy_dhparam.changed) and - services_deploy_lrproxy_service_active_state.stdout == "active" - - become_user: "{{ services_service_user_name }}" diff --git a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.service b/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.service deleted file mode 100644 index 31fd869..0000000 --- a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=Podman container-lrproxy-certbot.service -Documentation=man:podman-generate-systemd(1) -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/container-lrproxy-certbot.pid %t/container-lrproxy-certbot.ctr-id -ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-lrproxy-certbot.pid \ - --cidfile %t/container-lrproxy-certbot.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-lrproxy.pod-id \ - --replace \ - -v /etc/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt \ - -v var-lib-letsencrypt:/var/lib/letsencrypt \ - -v var-www-html:/var/www/html \ - --name=pod-lrproxy-certbot \ - docker.io/certbot/certbot --non-interactive renew -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-certbot.ctr-id -Type=oneshot diff --git a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.timer b/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.timer deleted file mode 100644 index 544012c..0000000 --- a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-certbot.timer +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Renew certificates with certbot -Documentation=man:certbot(1) -BindsTo=pod-lrproxy.service -After=pod-lrproxy.service -DefaultDependencies=no - -[Timer] -OnCalendar=Fri *-*-* 06:00:00 -Persistent=true -RandomizedDelaySec=1h - -[Install] -WantedBy=pod-lrproxy.service diff --git a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service b/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service deleted file mode 100644 index 0371458..0000000 --- a/playbooks/roles/services/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service +++ /dev/null @@ -1,40 +0,0 @@ -[Unit] -Description=Podman container-lrproxy-nginx.service -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-lrproxy.service -After=pod-lrproxy.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-lrproxy-nginx.pid \ - --cidfile %t/container-lrproxy-nginx.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-lrproxy.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - -dt \ - {{ services_rproxy_nginx_add_hosts }} \ - -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v ./.config/pod-lrproxy/stream.conf:/etc/nginx/stream.conf:ro \ - -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ - -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ - -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ - -v var-www-html:/var/www/html \ - --name=pod-lrproxy-nginx \ - docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id -PIDFile=%t/container-lrproxy-nginx.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/lrproxy/templates/systemd/pod-lrproxy.service b/playbooks/roles/services/deploy/lrproxy/templates/systemd/pod-lrproxy.service deleted file mode 100644 index 35b36db..0000000 --- a/playbooks/roles/services/deploy/lrproxy/templates/systemd/pod-lrproxy.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=Podman pod-lrproxy.service -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Requires=container-lrproxy-nginx.service -Before=container-lrproxy-nginx.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile' -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id -PIDFile=%t/pod-lrproxy.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/lrproxy/vars/nginx.yml b/playbooks/roles/services/deploy/lrproxy/vars/nginx.yml deleted file mode 120000 index b95be74..0000000 --- a/playbooks/roles/services/deploy/lrproxy/vars/nginx.yml +++ /dev/null @@ -1 +0,0 @@ -../../rproxy/vars/nginx.yml \ No newline at end of file diff --git a/playbooks/roles/services/deploy/rproxy/tasks/main.yml b/playbooks/roles/services/deploy/rproxy/tasks/main.yml index 6289fd8..82eeab5 100644 --- a/playbooks/roles/services/deploy/rproxy/tasks/main.yml +++ b/playbooks/roles/services/deploy/rproxy/tasks/main.yml @@ -1,44 +1,58 @@ --- -- name: "set the user variables" +- name: "{{ services_service_name }} : set the user variables" ansible.builtin.import_role: name: "services/include" vars_from: "user" -- name: "set the version variables" +- name: "{{ services_service_name }} : set the version variables" ansible.builtin.import_role: name: "services/deploy/include" vars_from: "versions" -- name: "set the rproxy variables" +- name: "{{ services_service_name }} : set the rproxy variables" ansible.builtin.include_vars: file: "nginx.yml" - block: - - name: "create nginx conf.d" + - name: "{{ services_service_name }} : create nginx conf.d" ansible.builtin.file: path: "\ {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d" state: "directory" mode: 0755 - - name: "configure reverse proxy nginx" + - name: "{{ services_service_name }} : generic nginx reverse proxy configuration" ansible.builtin.copy: - src: "./config/{{ item }}" - dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" + src: "./config/nginx.conf" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf" mode: 0644 - loop: - - "nginx.conf" - - "stream.conf" - - "nginx-conf.d/http-default.conf" - - "nginx-conf.d/wojciechkozlowski.eu.conf" - - "nginx-conf.d/www.wojciechkozlowski.eu.conf" - register: services_deploy_rproxy_config_files + register: services_deploy_rproxy_generic_config - - name: "configure systemd service" + - name: "{{ services_service_name }} : stream nginx reverse proxy configuration" + ansible.builtin.copy: + src: "{{ services_deploy_rproxy_nginx_stream_config }}" + dest: "\ + {{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf" + mode: 0644 + register: services_deploy_rproxy_stream_config + + - name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration" + ansible.builtin.copy: + src: "{{ item }}" + dest: "\ + {{ services_service_user_home }}/.config/\ + {{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}" + mode: 0644 + loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}" + register: services_deploy_rproxy_subdomain_config_files + + - name: "{{ services_service_name }} : configure systemd service" ansible.builtin.template: src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + dest: "\ + {{ services_service_user_home }}/.config/systemd/user/\ + {{ item | replace('rproxy', services_service_name) }}" mode: 0600 loop: - "pod-rproxy.service" @@ -47,21 +61,21 @@ - "container-rproxy-certbot.timer" register: services_deploy_rproxy_systemd_files - - name: "systemd user daemon reload" + - name: "{{ services_service_name }} : systemd user daemon reload" ansible.builtin.systemd: daemon_reload: true scope: "user" when: services_deploy_rproxy_systemd_files.changed - - name: "enable container-rproxy-certbot timer" + - name: "{{ services_service_name }} : enable container-{{ services_service_name }}-certbot timer" ansible.builtin.systemd: - name: "container-rproxy-certbot.timer" + name: "container-{{ services_service_name }}-certbot.timer" enabled: true scope: "user" register: services_deploy_rproxy_certbot_timer - - name: "generate diffie hellman ephemeral parameters" + - name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters" ansible.builtin.command: >- openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem @@ -71,12 +85,12 @@ {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem" register: services_deploy_rproxy_dhparam - - name: "get uid" + - name: "{{ services_service_name }} : get uid" ansible.builtin.getent: database: "passwd" key: "{{ services_service_user_name }}" - - name: "get service status" + - name: "{{ services_service_name }} : get service status" ansible.builtin.command: >- systemctl --user show --property ActiveState --value {{ services_service_user_name }}.service @@ -85,13 +99,15 @@ changed_when: false register: services_deploy_rproxy_service_active_state - - name: "restart the service" + - name: "{{ services_service_name }} : restart the service" ansible.builtin.systemd: name: "pod-{{ services_service_name }}.service" state: "restarted" scope: "user" when: - (services_deploy_rproxy_config_files.changed or + (services_deploy_rproxy_generic_config.changed or + services_deploy_rproxy_stream_config.changed or + services_deploy_rproxy_subdomain_config_files.changed or services_deploy_rproxy_systemd_files.changed or services_deploy_rproxy_certbot_timer.changed or services_deploy_rproxy_dhparam.changed) and diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service index 1f97c1e..f8ed97c 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service @@ -1,24 +1,24 @@ [Unit] -Description=Podman container-rproxy-certbot.service +Description=Podman container-{{ services_service_name }}-certbot.service Documentation=man:podman-generate-systemd(1) OnFailure=status-mail@%n.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id +ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-rproxy-certbot.pid \ - --cidfile %t/container-rproxy-certbot.ctr-id \ + --conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \ + --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \ --cgroups=no-conmon \ - --pod-id-file %t/pod-rproxy.pod-id \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ --replace \ - -v /etc/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \ + -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ -v var-lib-letsencrypt:/var/lib/letsencrypt \ -v var-www-html:/var/www/html \ - --name=pod-rproxy-certbot \ + --name=pod-{{ services_service_name }}-certbot \ docker.io/certbot/certbot --non-interactive renew -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id Type=oneshot diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer index dd32cba..c7ba3ed 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer @@ -1,8 +1,8 @@ [Unit] Description=Renew certificates with certbot Documentation=man:certbot(1) -BindsTo=pod-rproxy.service -After=pod-rproxy.service +BindsTo=pod-{{ services_service_name }}.service +After=pod-{{ services_service_name }}.service DefaultDependencies=no [Timer] @@ -11,4 +11,4 @@ Persistent=true RandomizedDelaySec=1h [Install] -WantedBy=pod-rproxy.service +WantedBy=pod-{{ services_service_name }}.service diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service index 7674226..e534276 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service @@ -1,39 +1,39 @@ [Unit] -Description=Podman container-rproxy-nginx.service +Description=Podman container-{{ services_service_name }}-nginx.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -BindsTo=pod-rproxy.service -After=pod-rproxy.service +BindsTo=pod-{{ services_service_name }}.service +After=pod-{{ services_service_name }}.service OnFailure=status-mail@%n.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id +ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/container-rproxy-nginx.pid \ - --cidfile %t/container-rproxy-nginx.ctr-id \ + --conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \ + --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \ --cgroups=no-conmon \ - --pod-id-file %t/pod-rproxy.pod-id \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ {{ services_rproxy_nginx_add_hosts }} \ - -v /etc/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v ./.config/pod-rproxy/stream.conf:/etc/nginx/stream.conf:ro \ - -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ - -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ + -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ + -v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \ + -v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \ + -v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ + -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ -v var-www-html:/var/www/html \ - --name=pod-rproxy-nginx \ + --name=pod-{{ services_service_name }}-nginx \ docker.io/library/nginx:{{ services_deploy_versions.www.nginx }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id -PIDFile=%t/container-rproxy-nginx.pid +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id +PIDFile=%t/container-{{ services_service_name }}-nginx.pid Type=forking [Install] diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service index 137a92e..8668eb4 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service @@ -1,23 +1,23 @@ [Unit] -Description=Podman pod-rproxy.service +Description=Podman pod-{{ services_service_name }}.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -Requires=container-rproxy-nginx.service -Before=container-rproxy-nginx.service +Requires=container-{{ services_service_name }}-nginx.service +Before=container-{{ services_service_name }}-nginx.service OnFailure=status-mail@%n.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile' -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id -PIDFile=%t/pod-rproxy.pid +ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace +ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile' +ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10 +ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id +PIDFile=%t/pod-{{ services_service_name }}.pid Type=forking [Install] diff --git a/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service b/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service index 59ace03..30025b5 100644 --- a/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service +++ b/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service @@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - -v /etc/resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \ --name=pod-www-nginx \ docker.io/library/nginx:{{ services_deploy_versions.www.nginx }} diff --git a/playbooks/services.yml b/playbooks/services.yml index c576c6e..0486e6d 100644 --- a/playbooks/services.yml +++ b/playbooks/services.yml @@ -43,6 +43,46 @@ loop_var: "services_service_name" tags: "always" + - name: "deploy rproxy" + ansible.builtin.include_role: + name: "services/deploy/rproxy" + apply: + tags: + - "services:rproxy" + - "services:deploy" + - "services:deploy:rproxy" + - "services:rproxy:deploy" + vars: + services_service_name: "rproxy" + services_deploy_rproxy_nginx_stream_config: "files/services/deploy/rproxy/stream.conf" + services_deploy_rproxy_nginx_subdomain_config_files: + - "files/services/deploy/rproxy/nginx-conf.d/http-default.conf" + - "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf" + - "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf" + when: "'rproxy' in services_host_services" + tags: "always" + + - name: "deploy lrproxy" + ansible.builtin.include_role: + name: "services/deploy/rproxy" + apply: + tags: + - "services:lrproxy" + - "services:deploy" + - "services:deploy:lrproxy" + - "services:lrproxy:deploy" + vars: + services_service_name: "lrproxy" + services_deploy_rproxy_nginx_stream_config: "files/services/deploy/lrproxy/stream.conf" + services_deploy_rproxy_nginx_subdomain_config_files: + - "files/services/deploy/lrproxy/nginx-conf.d/archive.music.wojciechkozlowski.eu.conf" + - "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf" + - "files/services/deploy/lrproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf" + - "files/services/deploy/lrproxy/nginx-conf.d/music.wojciechkozlowski.eu.conf" + - "files/services/deploy/lrproxy/nginx-conf.d/notes.wojciechkozlowski.eu.conf" + when: "'lrproxy' in services_host_services" + tags: "always" + - name: "deploy" ansible.builtin.include_role: name: "services/deploy/{{ services_service_name }}" @@ -52,7 +92,11 @@ - "services:deploy" - "services:deploy:{{ services_service_name }}" - "services:{{ services_service_name }}:deploy" - loop: "{{ services_host_services | dict2items | map(attribute='key') }}" + loop: "{{ + services_host_services | dict2items | + rejectattr('key', '==', 'rproxy') | + rejectattr('key', '==', 'lrproxy') | + map(attribute='key') }}" loop_control: loop_var: "services_service_name" tags: "always"