diff --git a/group_vars/asgard/vars.yml b/group_vars/asgard/vars.yml index 80a04a3..3648023 100644 --- a/group_vars/asgard/vars.yml +++ b/group_vars/asgard/vars.yml @@ -26,6 +26,11 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items | # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- +services_root_directory: "/var/lib/{{ ansible_hostname }}" +services_home_directory: "{{ services_root_directory }}/home" +services_data_directory: "{{ services_root_directory }}/data" +services_containers_directory: "{{ services_root_directory }}/containers" + services_all_hosts: "{{ groups['asgard'] }}" services_all_services: "{{ services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | diff --git a/host_vars/yggdrasil/vars.yml b/host_vars/yggdrasil/vars.yml index 73472f9..a13555f 100644 --- a/host_vars/yggdrasil/vars.yml +++ b/host_vars/yggdrasil/vars.yml @@ -31,9 +31,31 @@ vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}" vpn_wireguard_routing_table: 66 +# -------------------------------------------------------------------------------------------------- +# backup:snapshots +# -------------------------------------------------------------------------------------------------- +backups_snapshots_sanoid_system_datasets: + - name: "bpool/BOOT" + templates: ["system"] + recursive: true + children_only: true + - name: "rpool/ROOT" + templates: ["system"] + recursive: true + children_only: true + - name: "rpool/home" + templates: ["system", "home"] + recursive: true + children_only: true + # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- +services_root_dataset: "rpool{{ services_root_directory }}" +services_home_dataset: "rpool{{ services_home_directory }}" +services_data_dataset: "rpool{{ services_data_directory }}" +services_containers_dataset: "rpool{{ services_containers_directory }}" + services_host_services: lrproxy: address: "{{ vpn_bridge_prefix }}.2" @@ -47,3 +69,18 @@ services_host_services: tcp: ["{{ services.git.ssh_port }}"] notes: address: "{{ vpn_bridge_prefix }}.6" + +# -------------------------------------------------------------------------------------------------- +# services:backups +# -------------------------------------------------------------------------------------------------- +services_backups_datasets_root: "rpool/var/lib/yggdrasil/data" +services_backups_datasets: "\ + {% set datasets = {} %}\ + {% for service in services_host_services.keys() %}\ + {{ datasets.update({ ( 'pod-' ~ service ): None }) }}\ + {% endfor %}\ + {{ datasets }}" +services_backups_snapshots_syncoid: + datasets_root: "hpool/backup/yggdrasil/data" + default_recursive: true + default_skip_parent: true diff --git a/plays/services/roles/datasets/system/meta/argument_specs.yml b/plays/services/roles/datasets/system/meta/argument_specs.yml index be04257..231ac8a 100644 --- a/plays/services/roles/datasets/system/meta/argument_specs.yml +++ b/plays/services/roles/datasets/system/meta/argument_specs.yml @@ -4,3 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_dataset: + type: "str" + required: true + services_home_dataset: + type: "str" + required: true + services_data_dataset: + type: "str" + required: true + services_containers_dataset: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true diff --git a/plays/services/roles/datasets/system/tasks/main.yml b/plays/services/roles/datasets/system/tasks/main.yml index ff76d72..107a8d6 100644 --- a/plays/services/roles/datasets/system/tasks/main.yml +++ b/plays/services/roles/datasets/system/tasks/main.yml @@ -7,12 +7,12 @@ - name: "create services root dataset" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}" + name: "{{ services_root_dataset }}" state: "present" - name: "create containers zvol" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/containers" + name: "{{ services_containers_dataset }}" state: "present" extra_zfs_properties: volsize: "100G" @@ -21,7 +21,7 @@ - name: "format containers zvol" community.general.filesystem: - dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" + dev: "/dev/{{ services_containers_dataset }}" fstype: "ext4" register: services_datasets_system_zvol_format @@ -29,12 +29,12 @@ - name: "get containers zvol uuid" ansible.builtin.command: >- - blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers + blkid -s UUID -o value /dev/{{ services_containers_dataset }} register: services_datasets_system_zvol_uuid - name: "system : add fstab entry and mount containers zvol" ansible.posix.mount: - path: "/var/lib/{{ ansible_hostname }}/containers" + path: "{{ services_containers_directory }}" src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}" fstype: "ext4" state: "mounted" @@ -44,14 +44,14 @@ - name: "create data root dataset" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/data" + name: "{{ services_data_dataset }}" state: "present" extra_zfs_properties: canmount: "off" - name: "create home root dataset" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/home" + name: "{{ services_home_dataset }}" state: "present" extra_zfs_properties: canmount: "off" diff --git a/plays/services/roles/datasets/user/meta/argument_specs.yml b/plays/services/roles/datasets/user/meta/argument_specs.yml index f50c4e7..3e3b173 100644 --- a/plays/services/roles/datasets/user/meta/argument_specs.yml +++ b/plays/services/roles/datasets/user/meta/argument_specs.yml @@ -7,3 +7,15 @@ argument_specs: services_service_name: type: "str" required: true + services_root_dataset: + type: "str" + required: true + services_home_dataset: + type: "str" + required: true + services_data_dataset: + type: "str" + required: true + services_home_directory: + type: "str" + required: true diff --git a/plays/services/roles/datasets/user/tasks/main.yml b/plays/services/roles/datasets/user/tasks/main.yml index fb4d1bb..74be8aa 100644 --- a/plays/services/roles/datasets/user/tasks/main.yml +++ b/plays/services/roles/datasets/user/tasks/main.yml @@ -5,7 +5,7 @@ - name: "{{ services_service_name }} : create home dataset" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" + name: "{{ services_home_dataset }}/{{ services_service_user_name }}" state: "present" register: services_datasets_user_zfs_home @@ -19,7 +19,7 @@ - name: "{{ services_service_name }} : create data dataset" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" + name: "{{ services_data_dataset }}/{{ services_service_user_name }}" state: "present" extra_zfs_properties: canmount: "off" @@ -31,7 +31,7 @@ - name: "{{ services_service_name }} : create volume datasets" community.general.zfs: - name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}" + name: "{{ services_data_dataset }}/{{ services_service_user_name }}/{{ item.key }}" state: "present" extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}" loop: "{{ services_volumes[services_service_name] | dict2items }}" diff --git a/plays/services/roles/deploy/cloud/meta/argument_specs.yml b/plays/services/roles/deploy/cloud/meta/argument_specs.yml index 77fe1a4..d4b2ae4 100644 --- a/plays/services/roles/deploy/cloud/meta/argument_specs.yml +++ b/plays/services/roles/deploy/cloud/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 index 08d728d..c0cb4ab 100644 --- a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 @@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ --add-host=pod-database:{{ services_all_services['database'].address }} \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ - -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ - -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ + -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-cron \ docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \ /cron.sh diff --git a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 index 5e59215..175df20 100644 --- a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 @@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ --add-host=pod-database:{{ services_all_services['database'].address }} \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ - -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ - -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ + -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ -v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \ -v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \ -v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \ diff --git a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 index 96d67e8..9a7117f 100644 --- a/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 @@ -20,10 +20,10 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ - -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ + -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ + -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-nginx \ docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10 diff --git a/plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 index 95fa260..4727efb 100644 --- a/plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > /var/lib/{{ ansible_hostname }}/containers/pod-cloud/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id PIDFile=%t/pod-cloud.pid diff --git a/plays/services/roles/deploy/database/meta/argument_specs.yml b/plays/services/roles/deploy/database/meta/argument_specs.yml index 9b743ac..f0dfe9e 100644 --- a/plays/services/roles/deploy/database/meta/argument_specs.yml +++ b/plays/services/roles/deploy/database/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 b/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 index abb8c3d..790574b 100644 --- a/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 +++ b/plays/services/roles/deploy/database/templates/systemd/container-database-postgres.service.j2 @@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-database/database.password:/run/secrets/database.password:ro \ -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ - -v /var/lib/yggdrasil/data/pod-database/wal/_data:/var/lib/postgresql-wal \ + -v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \ -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \ - -v /var/lib/yggdrasil/data/pod-database/data/_data:/var/lib/postgresql/data \ + -v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \ --name=pod-database-postgres \ docker.io/library/postgres:{{ services_deploy_versions.database.postgres }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10 diff --git a/plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 b/plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 index b9554d0..73144dd 100644 --- a/plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 +++ b/plays/services/roles/deploy/database/templates/systemd/pod-database.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id PIDFile=%t/pod-database.pid diff --git a/plays/services/roles/deploy/git/meta/argument_specs.yml b/plays/services/roles/deploy/git/meta/argument_specs.yml index ba1a451..157252f 100644 --- a/plays/services/roles/deploy/git/meta/argument_specs.yml +++ b/plays/services/roles/deploy/git/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true @@ -13,7 +25,7 @@ argument_specs: type: "str" required: true services: - cloud: + git: domain: type: "str" required: true diff --git a/plays/services/roles/deploy/git/templates/systemd/container-git-gitea.service.j2 b/plays/services/roles/deploy/git/templates/systemd/container-git-gitea.service.j2 index e65891d..636ef72 100644 --- a/plays/services/roles/deploy/git/templates/systemd/container-git-gitea.service.j2 +++ b/plays/services/roles/deploy/git/templates/systemd/container-git-gitea.service.j2 @@ -21,8 +21,8 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ --add-host=pod-database:{{ services_all_services['database'].address }} \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ - -v /var/lib/yggdrasil/data/pod-git/data/_data:/data \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-git/data/_data:/data \ -v /etc/timezone:/etc/timezone:ro \ -v /etc/localtime:/etc/localtime:ro \ -e USER_UID="1000" \ diff --git a/plays/services/roles/deploy/git/templates/systemd/pod-git.service.j2 b/plays/services/roles/deploy/git/templates/systemd/pod-git.service.j2 index c52d4cd..cf662e0 100644 --- a/plays/services/roles/deploy/git/templates/systemd/pod-git.service.j2 +++ b/plays/services/roles/deploy/git/templates/systemd/pod-git.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id PIDFile=%t/pod-git.pid diff --git a/plays/services/roles/deploy/lrproxy/meta/argument_specs.yml b/plays/services/roles/deploy/lrproxy/meta/argument_specs.yml index 6c62cf5..ccc8985 100644 --- a/plays/services/roles/deploy/lrproxy/meta/argument_specs.yml +++ b/plays/services/roles/deploy/lrproxy/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/deploy/lrproxy/tasks/main.yml b/plays/services/roles/deploy/lrproxy/tasks/main.yml index 57229ce..d0ccd03 100644 --- a/plays/services/roles/deploy/lrproxy/tasks/main.yml +++ b/plays/services/roles/deploy/lrproxy/tasks/main.yml @@ -79,7 +79,7 @@ user: "pod-rproxy" state: "present" key: "{{ services_deploy_lrproxy_keypair.public_key }}" - key_options: "command=\"rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding" + key_options: "command=\"rsync --server --sender -avz . {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding" - name: "enable the service" ansible.builtin.systemd: diff --git a/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 index 7b2bbee..219d05c 100644 --- a/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/container-lrproxy-nginx.service.j2 @@ -21,11 +21,11 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ {{ services_rproxy_nginx_add_hosts }} \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ + -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ --name=pod-lrproxy-nginx \ docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10 diff --git a/plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 index e12b1f6..35b36db 100644 --- a/plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/pod-lrproxy.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-lrproxy/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id PIDFile=%t/pod-lrproxy.pid diff --git a/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 b/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 index 4fe197d..edb3d0c 100644 --- a/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 +++ b/plays/services/roles/deploy/lrproxy/templates/systemd/rsync-certificates.service.j2 @@ -8,5 +8,5 @@ Type=oneshot ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \ -avz \ --delete \ - {{ hostvars['valkyrie'].vpn_wireguard_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \ - /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt + {{ hostvars['valkyrie'].vpn_wireguard_address }}:{{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/ \ + {{ hostvars['yggdrasil'].services_data_directory }}/pod-lrproxy/etc-letsencrypt diff --git a/plays/services/roles/deploy/notes/meta/argument_specs.yml b/plays/services/roles/deploy/notes/meta/argument_specs.yml index b8f6e3b..be85fea 100644 --- a/plays/services/roles/deploy/notes/meta/argument_specs.yml +++ b/plays/services/roles/deploy/notes/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true @@ -13,7 +25,7 @@ argument_specs: type: "str" required: true services: - cloud: + notes: domain: type: "str" required: true diff --git a/plays/services/roles/deploy/notes/templates/systemd/container-notes-chown.service.j2 b/plays/services/roles/deploy/notes/templates/systemd/container-notes-chown.service.j2 index d48a409..9cfc0fb 100644 --- a/plays/services/roles/deploy/notes/templates/systemd/container-notes-chown.service.j2 +++ b/plays/services/roles/deploy/notes/templates/systemd/container-notes-chown.service.j2 @@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \ --cgroups=no-conmon \ --pod-id-file %t/pod-notes.pod-id \ --replace \ - -v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \ + -v {{ services_data_directory }}/pod-notes/data/_data:/data \ --user=0 \ --entrypoint="/bin/bash" \ --name=pod-notes-chown \ diff --git a/plays/services/roles/deploy/notes/templates/systemd/container-notes-joplin.service.j2 b/plays/services/roles/deploy/notes/templates/systemd/container-notes-joplin.service.j2 index b65ad1d..c90807f 100644 --- a/plays/services/roles/deploy/notes/templates/systemd/container-notes-joplin.service.j2 +++ b/plays/services/roles/deploy/notes/templates/systemd/container-notes-joplin.service.j2 @@ -22,8 +22,8 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ --add-host=pod-database:{{ services_all_services['database'].address }} \ - -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ - -v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \ + -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v {{ services_data_directory }}/pod-notes/data/_data:/data \ -e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \ -e APP_PORT="22300" \ -e DB_CLIENT="pg" \ diff --git a/plays/services/roles/deploy/notes/templates/systemd/pod-notes.service.j2 b/plays/services/roles/deploy/notes/templates/systemd/pod-notes.service.j2 index 8d3e49f..cbb58e5 100644 --- a/plays/services/roles/deploy/notes/templates/systemd/pod-notes.service.j2 +++ b/plays/services/roles/deploy/notes/templates/systemd/pod-notes.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > /var/lib/{{ ansible_hostname }}/containers/pod-notes/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id PIDFile=%t/pod-notes.pid diff --git a/plays/services/roles/deploy/rproxy/meta/argument_specs.yml b/plays/services/roles/deploy/rproxy/meta/argument_specs.yml index 6c62cf5..ccc8985 100644 --- a/plays/services/roles/deploy/rproxy/meta/argument_specs.yml +++ b/plays/services/roles/deploy/rproxy/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 index f76d4ea..1f97c1e 100644 --- a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 +++ b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 @@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \ --pod-id-file %t/pod-rproxy.pod-id \ --replace \ -v /etc/resolv.conf:/etc/resolv.conf:ro \ - -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \ + -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \ -v var-lib-letsencrypt:/var/lib/letsencrypt \ -v var-www-html:/var/www/html \ --name=pod-rproxy-certbot \ diff --git a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 index 0e56c60..26d7562 100644 --- a/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 @@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \ -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ + -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ -v var-www-html:/var/www/html \ --name=pod-rproxy-nginx \ diff --git a/plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2 index 99d7748..137a92e 100644 --- a/plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2 +++ b/plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-rproxy/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id PIDFile=%t/pod-rproxy.pid diff --git a/plays/services/roles/deploy/www/meta/argument_specs.yml b/plays/services/roles/deploy/www/meta/argument_specs.yml index eab2995..0759bec 100644 --- a/plays/services/roles/deploy/www/meta/argument_specs.yml +++ b/plays/services/roles/deploy/www/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/deploy/www/templates/systemd/pod-www.service.j2 b/plays/services/roles/deploy/www/templates/systemd/pod-www.service.j2 index cf6b36c..1985201 100644 --- a/plays/services/roles/deploy/www/templates/systemd/pod-www.service.j2 +++ b/plays/services/roles/deploy/www/templates/systemd/pod-www.service.j2 @@ -14,7 +14,7 @@ TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-www/pidfile' +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile' ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id PIDFile=%t/pod-www.pid diff --git a/plays/services/roles/include/meta/argument_specs.yml b/plays/services/roles/include/meta/argument_specs.yml index cd94c4c..7f7db2e 100644 --- a/plays/services/roles/include/meta/argument_specs.yml +++ b/plays/services/roles/include/meta/argument_specs.yml @@ -5,14 +5,3 @@ argument_specs: type: "list" elem: "str" required: true - hosts: - options: - services_host_services: - type: "list" - elem: "str" - required: true - vars: - options: - services_service_name: - type: "str" - required: true diff --git a/plays/services/roles/include/vars/user.yml b/plays/services/roles/include/vars/user.yml index 45675bc..b3729b4 100644 --- a/plays/services/roles/include/vars/user.yml +++ b/plays/services/roles/include/vars/user.yml @@ -1,2 +1,4 @@ services_service_user_name: "pod-{{ services_service_name }}" -services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" +services_service_user_home: "{{ services_home_directory }}/{{ services_service_user_name }}" +services_service_user_data: "{{ services_data_directory }}/{{ services_service_user_name }}" +services_service_user_containers: "{{ services_containers_directory }}/{{ services_service_user_name }}" diff --git a/plays/services/roles/setup/system/meta/argument_specs.yml b/plays/services/roles/setup/system/meta/argument_specs.yml index be04257..9aa844e 100644 --- a/plays/services/roles/setup/system/meta/argument_specs.yml +++ b/plays/services/roles/setup/system/meta/argument_specs.yml @@ -4,3 +4,15 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true diff --git a/plays/services/roles/setup/system/tasks/include/directories.yml b/plays/services/roles/setup/system/tasks/include/directories.yml index c282ee3..ae41f6d 100644 --- a/plays/services/roles/setup/system/tasks/include/directories.yml +++ b/plays/services/roles/setup/system/tasks/include/directories.yml @@ -1,23 +1,23 @@ - name: "directories : create services directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}" + path: "{{ services_root_directory }}" state: "directory" mode: 0755 - name: "directories : create containers root directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/containers" + path: "{{ services_containers_directory }}" state: "directory" mode: 0755 - name: "directories : create data root directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data" + path: "{{ services_data_directory }}" state: "directory" mode: 0755 - name: "directories : create home root directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/home" + path: "{{ services_home_directory }}" state: "directory" mode: 0755 diff --git a/plays/services/roles/setup/system/tasks/include/nameserver.yml b/plays/services/roles/setup/system/tasks/include/nameserver.yml index 8babcd4..1d2e63e 100644 --- a/plays/services/roles/setup/system/tasks/include/nameserver.yml +++ b/plays/services/roles/setup/system/tasks/include/nameserver.yml @@ -9,6 +9,6 @@ - name: "nameserver : copy valkyrie's resolv.conf to other hosts" ansible.builtin.copy: src: "../../../files/setup_system/nameserver/resolv.conf" - dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" + dest: "{{ services_root_directory }}/valkyrie-resolv.conf" when: ansible_hostname != "valkyrie" diff --git a/plays/services/roles/setup/system/templates/veth/connect-pod-service@.path.j2 b/plays/services/roles/setup/system/templates/veth/connect-pod-service@.path.j2 index f8a9cd9..f0c5f0d 100644 --- a/plays/services/roles/setup/system/templates/veth/connect-pod-service@.path.j2 +++ b/plays/services/roles/setup/system/templates/veth/connect-pod-service@.path.j2 @@ -1,5 +1,5 @@ [Path] -PathChanged=/var/lib/{{ ansible_hostname }}/containers/pod-%i/pidfile +PathChanged={{ services_containers_directory }}/pod-%i/pidfile [Install] WantedBy=multi-user.target network.target diff --git a/plays/services/roles/setup/user/meta/argument_specs.yml b/plays/services/roles/setup/user/meta/argument_specs.yml index 032fb6e..626d7dc 100644 --- a/plays/services/roles/setup/user/meta/argument_specs.yml +++ b/plays/services/roles/setup/user/meta/argument_specs.yml @@ -4,6 +4,18 @@ argument_specs: ansible_hostname: type: "str" required: true + services_root_directory: + type: "str" + required: true + services_home_directory: + type: "str" + required: true + services_data_directory: + type: "str" + required: true + services_containers_directory: + type: "str" + required: true services_service_name: type: "str" required: true diff --git a/plays/services/roles/setup/user/tasks/include/directories.yml b/plays/services/roles/setup/user/tasks/include/directories.yml index a58bbc8..d7d6ab2 100644 --- a/plays/services/roles/setup/user/tasks/include/directories.yml +++ b/plays/services/roles/setup/user/tasks/include/directories.yml @@ -1,6 +1,6 @@ - name: "{{ services_service_name }} : directories : create containers directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}" + path: "{{ services_service_user_containers }}" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" @@ -8,7 +8,7 @@ - name: "{{ services_service_name }} : directories : create data directory" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" + path: "{{ services_service_user_data }}" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" diff --git a/plays/services/roles/setup/user/tasks/include/directories/volumes.yml b/plays/services/roles/setup/user/tasks/include/directories/volumes.yml index 8d7f022..6afa500 100644 --- a/plays/services/roles/setup/user/tasks/include/directories/volumes.yml +++ b/plays/services/roles/setup/user/tasks/include/directories/volumes.yml @@ -1,6 +1,6 @@ - name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\"" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}" + path: "{{ services_service_user_data }}/{{ services_service_volume.key }}" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" @@ -8,12 +8,12 @@ - name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists" ansible.builtin.stat: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" + path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data" register: services_setup_user_volume_mount - name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount" ansible.builtin.file: - path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" + path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data" state: "directory" owner: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}" diff --git a/plays/services/roles/setup/user/templates/podman/storage.conf.j2 b/plays/services/roles/setup/user/templates/podman/storage.conf.j2 index 1655af8..6c28c2c 100644 --- a/plays/services/roles/setup/user/templates/podman/storage.conf.j2 +++ b/plays/services/roles/setup/user/templates/podman/storage.conf.j2 @@ -1,5 +1,5 @@ [storage] -graphroot = "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/storage" +graphroot = "{{ services_service_user_containers }}/storage" driver = "overlay" [storage.options] diff --git a/plays/services/roles/setup/user/templates/veth/interface.j2 b/plays/services/roles/setup/user/templates/veth/interface.j2 index 07de7f3..efcffa1 100644 --- a/plays/services/roles/setup/user/templates/veth/interface.j2 +++ b/plays/services/roles/setup/user/templates/veth/interface.j2 @@ -1,6 +1,6 @@ iface {{ services_service_iface_name }} inet manual pre-up mkdir -p /run/netns - pre-up ln -sfTv /proc/$(cat /var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }} + pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }} pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }} pre-up ip link set $IFACE master br0