Try a fix for startup issues with reverse proxies
This commit is contained in:
parent
0d37e5ae4d
commit
67b6a9a3f9
@ -1,10 +1,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Podman container-rproxy-certbot.service
|
Description=Podman container-rproxy-certbot.service
|
||||||
Documentation=man:podman-generate-systemd(1)
|
Documentation=man:podman-generate-systemd(1)
|
||||||
Wants=network.target
|
|
||||||
After=network-online.target
|
|
||||||
BindsTo=pod-rproxy.service
|
|
||||||
After=pod-rproxy.service
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Renew certificates with certbot
|
Description=Renew certificates with certbot
|
||||||
Documentation=man:certbot(1)
|
Documentation=man:certbot(1)
|
||||||
Wants=network.target
|
|
||||||
After=network-online.target
|
|
||||||
BindsTo=pod-rproxy.service
|
BindsTo=pod-rproxy.service
|
||||||
After=pod-rproxy.service
|
After=pod-rproxy.service
|
||||||
|
|
||||||
@ -12,4 +10,4 @@ Persistent=true
|
|||||||
RandomizedDelaySec=1h
|
RandomizedDelaySec=1h
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=timers.target
|
WantedBy=pod-rproxy.service
|
||||||
|
@ -3,8 +3,8 @@ Description=Podman pod-rproxy.service
|
|||||||
Documentation=man:podman-generate-systemd(1)
|
Documentation=man:podman-generate-systemd(1)
|
||||||
Wants=network.target
|
Wants=network.target
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
Requires=container-rproxy-nginx.service container-rproxy-certbot.timer
|
Requires=container-rproxy-nginx.service
|
||||||
Before=container-rproxy-nginx.service container-rproxy-certbot.timer
|
Before=container-rproxy-nginx.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
@ -3,8 +3,8 @@ Description=Podman pod-lrproxy.service
|
|||||||
Documentation=man:podman-generate-systemd(1)
|
Documentation=man:podman-generate-systemd(1)
|
||||||
Wants=network.target
|
Wants=network.target
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
Requires=container-lrproxy-nginx.service rsync-certificates.timer
|
Requires=container-lrproxy-nginx.service
|
||||||
Before=container-lrproxy-nginx.service rsync-certificates.timer
|
Before=container-lrproxy-nginx.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
@ -1,11 +1,7 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Podman rsync-certificates.service
|
Description=Podman rsync-certificates.service
|
||||||
Documentation=man:rsync(1)
|
Documentation=man:rsync(1)
|
||||||
Wants=network.target
|
|
||||||
After=network-online.target
|
|
||||||
BindsTo=pod-lrproxy.service
|
|
||||||
After=pod-lrproxy.service
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt
|
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Rsync certificates obtained by certbot
|
Description=Rsync certificates obtained by certbot
|
||||||
Documentation=man:rsync(1)
|
Documentation=man:rsync(1)
|
||||||
Wants=network.target
|
|
||||||
After=network-online.target
|
|
||||||
BindsTo=pod-lrproxy.service
|
BindsTo=pod-lrproxy.service
|
||||||
After=pod-lrproxy.service
|
After=pod-lrproxy.service
|
||||||
|
|
||||||
@ -12,4 +10,4 @@ Persistent=true
|
|||||||
RandomizedDelaySec=1h
|
RandomizedDelaySec=1h
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=timers.target
|
WantedBy=pod-lrproxy.service
|
||||||
|
@ -40,6 +40,12 @@
|
|||||||
key: "{{ rsync_keypair.public_key }}"
|
key: "{{ rsync_keypair.public_key }}"
|
||||||
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
|
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
|
||||||
|
|
||||||
|
- name: Enable rsync-certificates timer
|
||||||
|
systemd:
|
||||||
|
name: rsync-certificates.timer
|
||||||
|
enabled: yes
|
||||||
|
scope: user
|
||||||
|
|
||||||
- name: Record changes
|
- name: Record changes
|
||||||
set_fact:
|
set_fact:
|
||||||
service_changed: true
|
service_changed: true
|
||||||
|
@ -25,6 +25,12 @@
|
|||||||
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
|
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
|
||||||
register: dhparam
|
register: dhparam
|
||||||
|
|
||||||
|
- name: Enable container-rproxy-certbot timer
|
||||||
|
systemd:
|
||||||
|
name: container-rproxy-certbot.timer
|
||||||
|
enabled: yes
|
||||||
|
scope: user
|
||||||
|
|
||||||
- name: Record changes
|
- name: Record changes
|
||||||
set_fact:
|
set_fact:
|
||||||
service_changed: true
|
service_changed: true
|
||||||
|
@ -22,12 +22,6 @@
|
|||||||
when:
|
when:
|
||||||
local_service_path.stat.exists
|
local_service_path.stat.exists
|
||||||
|
|
||||||
- include_tasks: "{{ item }}"
|
|
||||||
with_first_found:
|
|
||||||
- files:
|
|
||||||
- "03-pod.d/{{ service_name }}.yml"
|
|
||||||
skip: true
|
|
||||||
|
|
||||||
- name: Create systemd directory for user {{ service_user_name }}
|
- name: Create systemd directory for user {{ service_user_name }}
|
||||||
file:
|
file:
|
||||||
path: "{{ service_home }}/.config/systemd"
|
path: "{{ service_home }}/.config/systemd"
|
||||||
@ -56,6 +50,12 @@
|
|||||||
when:
|
when:
|
||||||
systemd_pod_service_files is changed
|
systemd_pod_service_files is changed
|
||||||
|
|
||||||
|
- include_tasks: "{{ item }}"
|
||||||
|
with_first_found:
|
||||||
|
- files:
|
||||||
|
- "03-pod.d/{{ service_name }}.yml"
|
||||||
|
skip: true
|
||||||
|
|
||||||
- name: Enable the {{ service_name }} service
|
- name: Enable the {{ service_name }} service
|
||||||
systemd:
|
systemd:
|
||||||
name: "pod-{{ service_name }}.service"
|
name: "pod-{{ service_name }}.service"
|
||||||
|
Loading…
Reference in New Issue
Block a user