Use variables for service paths

This commit is contained in:
Wojciech Kozlowski 2022-12-18 00:05:58 +01:00
parent b023736fb8
commit a620a2a2f4
43 changed files with 236 additions and 68 deletions

View File

@ -26,6 +26,11 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items |
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_root_directory: "/var/lib/{{ ansible_hostname }}"
services_home_directory: "{{ services_root_directory }}/home"
services_data_directory: "{{ services_root_directory }}/data"
services_containers_directory: "{{ services_root_directory }}/containers"
services_all_hosts: "{{ groups['asgard'] }}" services_all_hosts: "{{ groups['asgard'] }}"
services_all_services: "{{ services_all_services: "{{
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |

View File

@ -31,9 +31,31 @@ vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}" vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
vpn_wireguard_routing_table: 66 vpn_wireguard_routing_table: 66
# --------------------------------------------------------------------------------------------------
# backup:snapshots
# --------------------------------------------------------------------------------------------------
backups_snapshots_sanoid_system_datasets:
- name: "bpool/BOOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/ROOT"
templates: ["system"]
recursive: true
children_only: true
- name: "rpool/home"
templates: ["system", "home"]
recursive: true
children_only: true
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_root_dataset: "rpool{{ services_root_directory }}"
services_home_dataset: "rpool{{ services_home_directory }}"
services_data_dataset: "rpool{{ services_data_directory }}"
services_containers_dataset: "rpool{{ services_containers_directory }}"
services_host_services: services_host_services:
lrproxy: lrproxy:
address: "{{ vpn_bridge_prefix }}.2" address: "{{ vpn_bridge_prefix }}.2"
@ -47,3 +69,18 @@ services_host_services:
tcp: ["{{ services.git.ssh_port }}"] tcp: ["{{ services.git.ssh_port }}"]
notes: notes:
address: "{{ vpn_bridge_prefix }}.6" address: "{{ vpn_bridge_prefix }}.6"
# --------------------------------------------------------------------------------------------------
# services:backups
# --------------------------------------------------------------------------------------------------
services_backups_datasets_root: "rpool/var/lib/yggdrasil/data"
services_backups_datasets: "\
{% set datasets = {} %}\
{% for service in services_host_services.keys() %}\
{{ datasets.update({ ( 'pod-' ~ service ): None }) }}\
{% endfor %}\
{{ datasets }}"
services_backups_snapshots_syncoid:
datasets_root: "hpool/backup/yggdrasil/data"
default_recursive: true
default_skip_parent: true

View File

@ -4,3 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_dataset:
type: "str"
required: true
services_home_dataset:
type: "str"
required: true
services_data_dataset:
type: "str"
required: true
services_containers_dataset:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true

View File

@ -7,12 +7,12 @@
- name: "create services root dataset" - name: "create services root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}" name: "{{ services_root_dataset }}"
state: "present" state: "present"
- name: "create containers zvol" - name: "create containers zvol"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/containers" name: "{{ services_containers_dataset }}"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
volsize: "100G" volsize: "100G"
@ -21,7 +21,7 @@
- name: "format containers zvol" - name: "format containers zvol"
community.general.filesystem: community.general.filesystem:
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" dev: "/dev/{{ services_containers_dataset }}"
fstype: "ext4" fstype: "ext4"
register: services_datasets_system_zvol_format register: services_datasets_system_zvol_format
@ -29,12 +29,12 @@
- name: "get containers zvol uuid" - name: "get containers zvol uuid"
ansible.builtin.command: >- ansible.builtin.command: >-
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers blkid -s UUID -o value /dev/{{ services_containers_dataset }}
register: services_datasets_system_zvol_uuid register: services_datasets_system_zvol_uuid
- name: "system : add fstab entry and mount containers zvol" - name: "system : add fstab entry and mount containers zvol"
ansible.posix.mount: ansible.posix.mount:
path: "/var/lib/{{ ansible_hostname }}/containers" path: "{{ services_containers_directory }}"
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}" src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
fstype: "ext4" fstype: "ext4"
state: "mounted" state: "mounted"
@ -44,14 +44,14 @@
- name: "create data root dataset" - name: "create data root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data" name: "{{ services_data_dataset }}"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"
- name: "create home root dataset" - name: "create home root dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/home" name: "{{ services_home_dataset }}"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"

View File

@ -7,3 +7,15 @@ argument_specs:
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true
services_root_dataset:
type: "str"
required: true
services_home_dataset:
type: "str"
required: true
services_data_dataset:
type: "str"
required: true
services_home_directory:
type: "str"
required: true

View File

@ -5,7 +5,7 @@
- name: "{{ services_service_name }} : create home dataset" - name: "{{ services_service_name }} : create home dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" name: "{{ services_home_dataset }}/{{ services_service_user_name }}"
state: "present" state: "present"
register: services_datasets_user_zfs_home register: services_datasets_user_zfs_home
@ -19,7 +19,7 @@
- name: "{{ services_service_name }} : create data dataset" - name: "{{ services_service_name }} : create data dataset"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" name: "{{ services_data_dataset }}/{{ services_service_user_name }}"
state: "present" state: "present"
extra_zfs_properties: extra_zfs_properties:
canmount: "off" canmount: "off"
@ -31,7 +31,7 @@
- name: "{{ services_service_name }} : create volume datasets" - name: "{{ services_service_name }} : create volume datasets"
community.general.zfs: community.general.zfs:
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}" name: "{{ services_data_dataset }}/{{ services_service_user_name }}/{{ item.key }}"
state: "present" state: "present"
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}" extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
loop: "{{ services_volumes[services_service_name] | dict2items }}" loop: "{{ services_volumes[services_service_name] | dict2items }}"

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
--name=pod-cloud-cron \ --name=pod-cloud-cron \
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \ docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
/cron.sh /cron.sh

View File

@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \ -v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \
-v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \ -v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \
-v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \ -v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \

View File

@ -20,10 +20,10 @@ ExecStart=/usr/bin/podman run \
--replace \ --replace \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
--name=pod-cloud-nginx \ --name=pod-cloud-nginx \
docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }} docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > /var/lib/{{ ansible_hostname }}/containers/pod-cloud/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
PIDFile=%t/pod-cloud.pid PIDFile=%t/pod-cloud.pid

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \
--replace \ --replace \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-database/database.password:/run/secrets/database.password:ro \ -v ./.config/pod-database/database.password:/run/secrets/database.password:ro \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-v /var/lib/yggdrasil/data/pod-database/wal/_data:/var/lib/postgresql-wal \ -v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \ -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
-v /var/lib/yggdrasil/data/pod-database/data/_data:/var/lib/postgresql/data \ -v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \
--name=pod-database-postgres \ --name=pod-database-postgres \
docker.io/library/postgres:{{ services_deploy_versions.database.postgres }} docker.io/library/postgres:{{ services_deploy_versions.database.postgres }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
PIDFile=%t/pod-database.pid PIDFile=%t/pod-database.pid

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true
@ -13,7 +25,7 @@ argument_specs:
type: "str" type: "str"
required: true required: true
services: services:
cloud: git:
domain: domain:
type: "str" type: "str"
required: true required: true

View File

@ -21,8 +21,8 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-git/data/_data:/data \ -v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \ -v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \
-e USER_UID="1000" \ -e USER_UID="1000" \

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
PIDFile=%t/pod-git.pid PIDFile=%t/pod-git.pid

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -79,7 +79,7 @@
user: "pod-rproxy" user: "pod-rproxy"
state: "present" state: "present"
key: "{{ services_deploy_lrproxy_keypair.public_key }}" key: "{{ services_deploy_lrproxy_keypair.public_key }}"
key_options: "command=\"rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding" key_options: "command=\"rsync --server --sender -avz . {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
- name: "enable the service" - name: "enable the service"
ansible.builtin.systemd: ansible.builtin.systemd:

View File

@ -21,11 +21,11 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
{{ services_rproxy_nginx_add_hosts }} \ {{ services_rproxy_nginx_add_hosts }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ -v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
--name=pod-lrproxy-nginx \ --name=pod-lrproxy-nginx \
docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }} docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-lrproxy/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id
PIDFile=%t/pod-lrproxy.pid PIDFile=%t/pod-lrproxy.pid

View File

@ -8,5 +8,5 @@ Type=oneshot
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \ ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \
-avz \ -avz \
--delete \ --delete \
{{ hostvars['valkyrie'].vpn_wireguard_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \ {{ hostvars['valkyrie'].vpn_wireguard_address }}:{{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/ \
/var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt {{ hostvars['yggdrasil'].services_data_directory }}/pod-lrproxy/etc-letsencrypt

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true
@ -13,7 +25,7 @@ argument_specs:
type: "str" type: "str"
required: true required: true
services: services:
cloud: notes:
domain: domain:
type: "str" type: "str"
required: true required: true

View File

@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
--cgroups=no-conmon \ --cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \ --pod-id-file %t/pod-notes.pod-id \
--replace \ --replace \
-v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \ -v {{ services_data_directory }}/pod-notes/data/_data:/data \
--user=0 \ --user=0 \
--entrypoint="/bin/bash" \ --entrypoint="/bin/bash" \
--name=pod-notes-chown \ --name=pod-notes-chown \

View File

@ -22,8 +22,8 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \ --label "io.containers.autoupdate=image" \
-dt \ -dt \
--add-host=pod-database:{{ services_all_services['database'].address }} \ --add-host=pod-database:{{ services_all_services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \ -v {{ services_data_directory }}/pod-notes/data/_data:/data \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \ -e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
-e APP_PORT="22300" \ -e APP_PORT="22300" \
-e DB_CLIENT="pg" \ -e DB_CLIENT="pg" \

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > /var/lib/{{ ansible_hostname }}/containers/pod-notes/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
PIDFile=%t/pod-notes.pid PIDFile=%t/pod-notes.pid

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-rproxy.pod-id \ --pod-id-file %t/pod-rproxy.pod-id \
--replace \ --replace \
-v /etc/resolv.conf:/etc/resolv.conf:ro \ -v /etc/resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \ -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \ -v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \ -v var-www-html:/var/www/html \
--name=pod-rproxy-certbot \ --name=pod-rproxy-certbot \

View File

@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \ -v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \ -v var-www-html:/var/www/html \
--name=pod-rproxy-nginx \ --name=pod-rproxy-nginx \

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-rproxy/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id
PIDFile=%t/pod-rproxy.pid PIDFile=%t/pod-rproxy.pid

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -14,7 +14,7 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-www/pidfile' ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10 ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
PIDFile=%t/pod-www.pid PIDFile=%t/pod-www.pid

View File

@ -5,14 +5,3 @@ argument_specs:
type: "list" type: "list"
elem: "str" elem: "str"
required: true required: true
hosts:
options:
services_host_services:
type: "list"
elem: "str"
required: true
vars:
options:
services_service_name:
type: "str"
required: true

View File

@ -1,2 +1,4 @@
services_service_user_name: "pod-{{ services_service_name }}" services_service_user_name: "pod-{{ services_service_name }}"
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" services_service_user_home: "{{ services_home_directory }}/{{ services_service_user_name }}"
services_service_user_data: "{{ services_data_directory }}/{{ services_service_user_name }}"
services_service_user_containers: "{{ services_containers_directory }}/{{ services_service_user_name }}"

View File

@ -4,3 +4,15 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true

View File

@ -1,23 +1,23 @@
- name: "directories : create services directory" - name: "directories : create services directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}" path: "{{ services_root_directory }}"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "directories : create containers root directory" - name: "directories : create containers root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/containers" path: "{{ services_containers_directory }}"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "directories : create data root directory" - name: "directories : create data root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data" path: "{{ services_data_directory }}"
state: "directory" state: "directory"
mode: 0755 mode: 0755
- name: "directories : create home root directory" - name: "directories : create home root directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/home" path: "{{ services_home_directory }}"
state: "directory" state: "directory"
mode: 0755 mode: 0755

View File

@ -9,6 +9,6 @@
- name: "nameserver : copy valkyrie's resolv.conf to other hosts" - name: "nameserver : copy valkyrie's resolv.conf to other hosts"
ansible.builtin.copy: ansible.builtin.copy:
src: "../../../files/setup_system/nameserver/resolv.conf" src: "../../../files/setup_system/nameserver/resolv.conf"
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" dest: "{{ services_root_directory }}/valkyrie-resolv.conf"
when: when:
ansible_hostname != "valkyrie" ansible_hostname != "valkyrie"

View File

@ -1,5 +1,5 @@
[Path] [Path]
PathChanged=/var/lib/{{ ansible_hostname }}/containers/pod-%i/pidfile PathChanged={{ services_containers_directory }}/pod-%i/pidfile
[Install] [Install]
WantedBy=multi-user.target network.target WantedBy=multi-user.target network.target

View File

@ -4,6 +4,18 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_directory:
type: "str"
required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory:
type: "str"
required: true
services_service_name: services_service_name:
type: "str" type: "str"
required: true required: true

View File

@ -1,6 +1,6 @@
- name: "{{ services_service_name }} : directories : create containers directory" - name: "{{ services_service_name }} : directories : create containers directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}" path: "{{ services_service_user_containers }}"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
@ -8,7 +8,7 @@
- name: "{{ services_service_name }} : directories : create data directory" - name: "{{ services_service_name }} : directories : create data directory"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}" path: "{{ services_service_user_data }}"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"

View File

@ -1,6 +1,6 @@
- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\"" - name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}" path: "{{ services_service_user_data }}/{{ services_service_volume.key }}"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"
@ -8,12 +8,12 @@
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists" - name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
ansible.builtin.stat: ansible.builtin.stat:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
register: services_setup_user_volume_mount register: services_setup_user_volume_mount
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount" - name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
ansible.builtin.file: ansible.builtin.file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data" path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
state: "directory" state: "directory"
owner: "{{ services_service_user_name }}" owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}" group: "{{ services_service_user_name }}"

View File

@ -1,5 +1,5 @@
[storage] [storage]
graphroot = "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/storage" graphroot = "{{ services_service_user_containers }}/storage"
driver = "overlay" driver = "overlay"
[storage.options] [storage.options]

View File

@ -1,6 +1,6 @@
iface {{ services_service_iface_name }} inet manual iface {{ services_service_iface_name }} inet manual
pre-up mkdir -p /run/netns pre-up mkdir -p /run/netns
pre-up ln -sfTv /proc/$(cat /var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }} pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }} pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
pre-up ip link set $IFACE master br0 pre-up ip link set $IFACE master br0