Try a fix for startup issues with reverse proxies

This commit is contained in:
Wojciech Kozlowski 2022-10-30 19:46:24 +01:00
parent 0d37e5ae4d
commit 67b6a9a3f9
9 changed files with 25 additions and 25 deletions

View File

@ -1,10 +1,6 @@
[Unit]
Description=Podman container-rproxy-certbot.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-rproxy.service
After=pod-rproxy.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n

View File

@ -1,8 +1,6 @@
[Unit]
Description=Renew certificates with certbot
Documentation=man:certbot(1)
Wants=network.target
After=network-online.target
BindsTo=pod-rproxy.service
After=pod-rproxy.service
@ -12,4 +10,4 @@ Persistent=true
RandomizedDelaySec=1h
[Install]
WantedBy=timers.target
WantedBy=pod-rproxy.service

View File

@ -3,8 +3,8 @@ Description=Podman pod-rproxy.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Requires=container-rproxy-nginx.service container-rproxy-certbot.timer
Before=container-rproxy-nginx.service container-rproxy-certbot.timer
Requires=container-rproxy-nginx.service
Before=container-rproxy-nginx.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n

View File

@ -3,8 +3,8 @@ Description=Podman pod-lrproxy.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Requires=container-lrproxy-nginx.service rsync-certificates.timer
Before=container-lrproxy-nginx.service rsync-certificates.timer
Requires=container-lrproxy-nginx.service
Before=container-lrproxy-nginx.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n

View File

@ -1,11 +1,7 @@
[Unit]
Description=Podman rsync-certificates.service
Documentation=man:rsync(1)
Wants=network.target
After=network-online.target
BindsTo=pod-lrproxy.service
After=pod-lrproxy.service
[Service]
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt
Type=oneshot
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt

View File

@ -1,8 +1,6 @@
[Unit]
Description=Rsync certificates obtained by certbot
Documentation=man:rsync(1)
Wants=network.target
After=network-online.target
BindsTo=pod-lrproxy.service
After=pod-lrproxy.service
@ -12,4 +10,4 @@ Persistent=true
RandomizedDelaySec=1h
[Install]
WantedBy=timers.target
WantedBy=pod-lrproxy.service

View File

@ -40,6 +40,12 @@
key: "{{ rsync_keypair.public_key }}"
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
- name: Enable rsync-certificates timer
systemd:
name: rsync-certificates.timer
enabled: yes
scope: user
- name: Record changes
set_fact:
service_changed: true

View File

@ -25,6 +25,12 @@
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
register: dhparam
- name: Enable container-rproxy-certbot timer
systemd:
name: container-rproxy-certbot.timer
enabled: yes
scope: user
- name: Record changes
set_fact:
service_changed: true

View File

@ -22,12 +22,6 @@
when:
local_service_path.stat.exists
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "03-pod.d/{{ service_name }}.yml"
skip: true
- name: Create systemd directory for user {{ service_user_name }}
file:
path: "{{ service_home }}/.config/systemd"
@ -56,6 +50,12 @@
when:
systemd_pod_service_files is changed
- include_tasks: "{{ item }}"
with_first_found:
- files:
- "03-pod.d/{{ service_name }}.yml"
skip: true
- name: Enable the {{ service_name }} service
systemd:
name: "pod-{{ service_name }}.service"