From 67b6a9a3f9225a3a06a0876fa1956aaf2d979220 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sun, 30 Oct 2022 19:46:24 +0100 Subject: [PATCH] Try a fix for startup issues with reverse proxies --- .../systemd/user/container-rproxy-certbot.service.j2 | 4 ---- .../systemd/user/container-rproxy-certbot.timer.j2 | 4 +--- .../.config/systemd/user/pod-rproxy.service.j2 | 4 ++-- .../.config/systemd/user/pod-lrproxy.service.j2 | 4 ++-- .../systemd/user/rsync-certificates.service.j2 | 6 +----- .../.config/systemd/user/rsync-certificates.timer.j2 | 4 +--- .../services/deploy/service/03-pod.d/lrproxy.yml | 6 ++++++ .../services/deploy/service/03-pod.d/rproxy.yml | 6 ++++++ playbooks/tasks/services/deploy/service/03-pod.yml | 12 ++++++------ 9 files changed, 25 insertions(+), 25 deletions(-) diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 index e56fdb5..bf3f65e 100644 --- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 +++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 @@ -1,10 +1,6 @@ [Unit] Description=Podman container-rproxy-certbot.service Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-rproxy.service -After=pod-rproxy.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 index 3c555bd..69477d9 100644 --- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 +++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 @@ -1,8 +1,6 @@ [Unit] Description=Renew certificates with certbot Documentation=man:certbot(1) -Wants=network.target -After=network-online.target BindsTo=pod-rproxy.service After=pod-rproxy.service @@ -12,4 +10,4 @@ Persistent=true RandomizedDelaySec=1h [Install] -WantedBy=timers.target +WantedBy=pod-rproxy.service diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 index 199cb14..2bfdd0a 100644 --- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 +++ b/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 @@ -3,8 +3,8 @@ Description=Podman pod-rproxy.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -Requires=container-rproxy-nginx.service container-rproxy-certbot.timer -Before=container-rproxy-nginx.service container-rproxy-certbot.timer +Requires=container-rproxy-nginx.service +Before=container-rproxy-nginx.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 index 61d0b0c..cb884a7 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/pod-lrproxy.service.j2 @@ -3,8 +3,8 @@ Description=Podman pod-lrproxy.service Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -Requires=container-lrproxy-nginx.service rsync-certificates.timer -Before=container-lrproxy-nginx.service rsync-certificates.timer +Requires=container-lrproxy-nginx.service +Before=container-lrproxy-nginx.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 index dbef3c4..f521d81 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.service.j2 @@ -1,11 +1,7 @@ [Unit] Description=Podman rsync-certificates.service Documentation=man:rsync(1) -Wants=network.target -After=network-online.target -BindsTo=pod-lrproxy.service -After=pod-lrproxy.service [Service] -ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt Type=oneshot +ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 index f96b56d..b3f69ff 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/rsync-certificates.timer.j2 @@ -1,8 +1,6 @@ [Unit] Description=Rsync certificates obtained by certbot Documentation=man:rsync(1) -Wants=network.target -After=network-online.target BindsTo=pod-lrproxy.service After=pod-lrproxy.service @@ -12,4 +10,4 @@ Persistent=true RandomizedDelaySec=1h [Install] -WantedBy=timers.target +WantedBy=pod-lrproxy.service diff --git a/playbooks/tasks/services/deploy/service/03-pod.d/lrproxy.yml b/playbooks/tasks/services/deploy/service/03-pod.d/lrproxy.yml index 1fb2f85..977b419 100644 --- a/playbooks/tasks/services/deploy/service/03-pod.d/lrproxy.yml +++ b/playbooks/tasks/services/deploy/service/03-pod.d/lrproxy.yml @@ -40,6 +40,12 @@ key: "{{ rsync_keypair.public_key }}" key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding + - name: Enable rsync-certificates timer + systemd: + name: rsync-certificates.timer + enabled: yes + scope: user + - name: Record changes set_fact: service_changed: true diff --git a/playbooks/tasks/services/deploy/service/03-pod.d/rproxy.yml b/playbooks/tasks/services/deploy/service/03-pod.d/rproxy.yml index 2dbf0d8..e93bfca 100644 --- a/playbooks/tasks/services/deploy/service/03-pod.d/rproxy.yml +++ b/playbooks/tasks/services/deploy/service/03-pod.d/rproxy.yml @@ -25,6 +25,12 @@ creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem" register: dhparam + - name: Enable container-rproxy-certbot timer + systemd: + name: container-rproxy-certbot.timer + enabled: yes + scope: user + - name: Record changes set_fact: service_changed: true diff --git a/playbooks/tasks/services/deploy/service/03-pod.yml b/playbooks/tasks/services/deploy/service/03-pod.yml index d058f9a..a33360d 100644 --- a/playbooks/tasks/services/deploy/service/03-pod.yml +++ b/playbooks/tasks/services/deploy/service/03-pod.yml @@ -22,12 +22,6 @@ when: local_service_path.stat.exists - - include_tasks: "{{ item }}" - with_first_found: - - files: - - "03-pod.d/{{ service_name }}.yml" - skip: true - - name: Create systemd directory for user {{ service_user_name }} file: path: "{{ service_home }}/.config/systemd" @@ -56,6 +50,12 @@ when: systemd_pod_service_files is changed + - include_tasks: "{{ item }}" + with_first_found: + - files: + - "03-pod.d/{{ service_name }}.yml" + skip: true + - name: Enable the {{ service_name }} service systemd: name: "pod-{{ service_name }}.service"