Use variables for service paths
This commit is contained in:
parent
b023736fb8
commit
a620a2a2f4
@ -26,6 +26,11 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items |
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services_root_directory: "/var/lib/{{ ansible_hostname }}"
|
||||
services_home_directory: "{{ services_root_directory }}/home"
|
||||
services_data_directory: "{{ services_root_directory }}/data"
|
||||
services_containers_directory: "{{ services_root_directory }}/containers"
|
||||
|
||||
services_all_hosts: "{{ groups['asgard'] }}"
|
||||
services_all_services: "{{
|
||||
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |
|
||||
|
@ -31,9 +31,31 @@ vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key
|
||||
vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
|
||||
vpn_wireguard_routing_table: 66
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# backup:snapshots
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
backups_snapshots_sanoid_system_datasets:
|
||||
- name: "bpool/BOOT"
|
||||
templates: ["system"]
|
||||
recursive: true
|
||||
children_only: true
|
||||
- name: "rpool/ROOT"
|
||||
templates: ["system"]
|
||||
recursive: true
|
||||
children_only: true
|
||||
- name: "rpool/home"
|
||||
templates: ["system", "home"]
|
||||
recursive: true
|
||||
children_only: true
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services_root_dataset: "rpool{{ services_root_directory }}"
|
||||
services_home_dataset: "rpool{{ services_home_directory }}"
|
||||
services_data_dataset: "rpool{{ services_data_directory }}"
|
||||
services_containers_dataset: "rpool{{ services_containers_directory }}"
|
||||
|
||||
services_host_services:
|
||||
lrproxy:
|
||||
address: "{{ vpn_bridge_prefix }}.2"
|
||||
@ -47,3 +69,18 @@ services_host_services:
|
||||
tcp: ["{{ services.git.ssh_port }}"]
|
||||
notes:
|
||||
address: "{{ vpn_bridge_prefix }}.6"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services:backups
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services_backups_datasets_root: "rpool/var/lib/yggdrasil/data"
|
||||
services_backups_datasets: "\
|
||||
{% set datasets = {} %}\
|
||||
{% for service in services_host_services.keys() %}\
|
||||
{{ datasets.update({ ( 'pod-' ~ service ): None }) }}\
|
||||
{% endfor %}\
|
||||
{{ datasets }}"
|
||||
services_backups_snapshots_syncoid:
|
||||
datasets_root: "hpool/backup/yggdrasil/data"
|
||||
default_recursive: true
|
||||
default_skip_parent: true
|
||||
|
@ -4,3 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -7,12 +7,12 @@
|
||||
|
||||
- name: "create services root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}"
|
||||
name: "{{ services_root_dataset }}"
|
||||
state: "present"
|
||||
|
||||
- name: "create containers zvol"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||
name: "{{ services_containers_dataset }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
volsize: "100G"
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
- name: "format containers zvol"
|
||||
community.general.filesystem:
|
||||
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||
dev: "/dev/{{ services_containers_dataset }}"
|
||||
fstype: "ext4"
|
||||
register: services_datasets_system_zvol_format
|
||||
|
||||
@ -29,12 +29,12 @@
|
||||
|
||||
- name: "get containers zvol uuid"
|
||||
ansible.builtin.command: >-
|
||||
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
||||
blkid -s UUID -o value /dev/{{ services_containers_dataset }}
|
||||
register: services_datasets_system_zvol_uuid
|
||||
|
||||
- name: "system : add fstab entry and mount containers zvol"
|
||||
ansible.posix.mount:
|
||||
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||
path: "{{ services_containers_directory }}"
|
||||
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
|
||||
fstype: "ext4"
|
||||
state: "mounted"
|
||||
@ -44,14 +44,14 @@
|
||||
|
||||
- name: "create data root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data"
|
||||
name: "{{ services_data_dataset }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- name: "create home root dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/home"
|
||||
name: "{{ services_home_dataset }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
@ -7,3 +7,15 @@ argument_specs:
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
- name: "{{ services_service_name }} : create home dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
||||
name: "{{ services_home_dataset }}/{{ services_service_user_name }}"
|
||||
state: "present"
|
||||
register: services_datasets_user_zfs_home
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
- name: "{{ services_service_name }} : create data dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
|
||||
name: "{{ services_data_dataset }}/{{ services_service_user_name }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
- name: "{{ services_service_name }} : create volume datasets"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ item.key }}"
|
||||
name: "{{ services_data_dataset }}/{{ services_service_user_name }}/{{ item.key }}"
|
||||
state: "present"
|
||||
extra_zfs_properties: "{{ item.value.extra_zfs_properties | default({}) }}"
|
||||
loop: "{{ services_volumes[services_service_name] | dict2items }}"
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||
--name=pod-cloud-cron \
|
||||
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
|
||||
/cron.sh
|
||||
|
@ -21,9 +21,9 @@ ExecStart=/usr/bin/podman run \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||
-v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \
|
||||
-v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \
|
||||
-v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \
|
||||
|
@ -20,10 +20,10 @@ ExecStart=/usr/bin/podman run \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||
--name=pod-cloud-nginx \
|
||||
docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > /var/lib/{{ ansible_hostname }}/containers/pod-cloud/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
|
||||
PIDFile=%t/pod-cloud.pid
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-database/database.password:/run/secrets/database.password:ro \
|
||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
||||
-v /var/lib/yggdrasil/data/pod-database/wal/_data:/var/lib/postgresql-wal \
|
||||
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
||||
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
|
||||
-v /var/lib/yggdrasil/data/pod-database/data/_data:/var/lib/postgresql/data \
|
||||
-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \
|
||||
--name=pod-database-postgres \
|
||||
docker.io/library/postgres:{{ services_deploy_versions.database.postgres }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > /var/lib/{{ ansible_hostname }}/containers/pod-database/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
||||
PIDFile=%t/pod-database.pid
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
@ -13,7 +25,7 @@ argument_specs:
|
||||
type: "str"
|
||||
required: true
|
||||
services:
|
||||
cloud:
|
||||
git:
|
||||
domain:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -21,8 +21,8 @@ ExecStart=/usr/bin/podman run \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-git/data/_data:/data \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
||||
-v /etc/timezone:/etc/timezone:ro \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
-e USER_UID="1000" \
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
||||
PIDFile=%t/pod-git.pid
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -79,7 +79,7 @@
|
||||
user: "pod-rproxy"
|
||||
state: "present"
|
||||
key: "{{ services_deploy_lrproxy_keypair.public_key }}"
|
||||
key_options: "command=\"rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
|
||||
key_options: "command=\"rsync --server --sender -avz . {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
|
||||
|
||||
- name: "enable the service"
|
||||
ansible.builtin.systemd:
|
||||
|
@ -21,11 +21,11 @@ ExecStart=/usr/bin/podman run \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
{{ services_rproxy_nginx_add_hosts }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
--name=pod-lrproxy-nginx \
|
||||
docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-lrproxy.pid %t/pod-lrproxy.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-lrproxy.pid --pod-id-file %t/pod-lrproxy.pod-id --name=lrproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-lrproxy.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-lrproxy/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" lrproxy) > {{ services_containers_directory }}/pod-lrproxy/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-lrproxy.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-lrproxy.pod-id
|
||||
PIDFile=%t/pod-lrproxy.pid
|
||||
|
@ -8,5 +8,5 @@ Type=oneshot
|
||||
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \
|
||||
-avz \
|
||||
--delete \
|
||||
{{ hostvars['valkyrie'].vpn_wireguard_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \
|
||||
/var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt
|
||||
{{ hostvars['valkyrie'].vpn_wireguard_address }}:{{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/ \
|
||||
{{ hostvars['yggdrasil'].services_data_directory }}/pod-lrproxy/etc-letsencrypt
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
@ -13,7 +25,7 @@ argument_specs:
|
||||
type: "str"
|
||||
required: true
|
||||
services:
|
||||
cloud:
|
||||
notes:
|
||||
domain:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-notes.pod-id \
|
||||
--replace \
|
||||
-v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \
|
||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||
--user=0 \
|
||||
--entrypoint="/bin/bash" \
|
||||
--name=pod-notes-chown \
|
||||
|
@ -22,8 +22,8 @@ ExecStart=/usr/bin/podman run \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-notes/data/_data:/data \
|
||||
-v {{ services_root_directory }}/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
||||
-e APP_PORT="22300" \
|
||||
-e DB_CLIENT="pg" \
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > /var/lib/{{ ansible_hostname }}/containers/pod-notes/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
|
||||
PIDFile=%t/pod-notes.pid
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
|
||||
--pod-id-file %t/pod-rproxy.pod-id \
|
||||
--replace \
|
||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-rproxy-certbot \
|
||||
|
@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \
|
||||
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||
-v var-www-html:/var/www/html \
|
||||
--name=pod-rproxy-nginx \
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-rproxy.pid %t/pod-rproxy.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-rproxy.pid --pod-id-file %t/pod-rproxy.pod-id --name=rproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-rproxy.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-rproxy/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-rproxy/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-rproxy.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-rproxy.pod-id
|
||||
PIDFile=%t/pod-rproxy.pid
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -14,7 +14,7 @@ TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > /var/lib/{{ ansible_hostname }}/containers/pod-www/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
|
||||
PIDFile=%t/pod-www.pid
|
||||
|
@ -5,14 +5,3 @@ argument_specs:
|
||||
type: "list"
|
||||
elem: "str"
|
||||
required: true
|
||||
hosts:
|
||||
options:
|
||||
services_host_services:
|
||||
type: "list"
|
||||
elem: "str"
|
||||
required: true
|
||||
vars:
|
||||
options:
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -1,2 +1,4 @@
|
||||
services_service_user_name: "pod-{{ services_service_name }}"
|
||||
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
||||
services_service_user_home: "{{ services_home_directory }}/{{ services_service_user_name }}"
|
||||
services_service_user_data: "{{ services_data_directory }}/{{ services_service_user_name }}"
|
||||
services_service_user_containers: "{{ services_containers_directory }}/{{ services_service_user_name }}"
|
||||
|
@ -4,3 +4,15 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -1,23 +1,23 @@
|
||||
- name: "directories : create services directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}"
|
||||
path: "{{ services_root_directory }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "directories : create containers root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||
path: "{{ services_containers_directory }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "directories : create data root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data"
|
||||
path: "{{ services_data_directory }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
- name: "directories : create home root directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/home"
|
||||
path: "{{ services_home_directory }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
@ -9,6 +9,6 @@
|
||||
- name: "nameserver : copy valkyrie's resolv.conf to other hosts"
|
||||
ansible.builtin.copy:
|
||||
src: "../../../files/setup_system/nameserver/resolv.conf"
|
||||
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
||||
dest: "{{ services_root_directory }}/valkyrie-resolv.conf"
|
||||
when:
|
||||
ansible_hostname != "valkyrie"
|
||||
|
@ -1,5 +1,5 @@
|
||||
[Path]
|
||||
PathChanged=/var/lib/{{ ansible_hostname }}/containers/pod-%i/pidfile
|
||||
PathChanged={{ services_containers_directory }}/pod-%i/pidfile
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target network.target
|
||||
|
@ -4,6 +4,18 @@ argument_specs:
|
||||
ansible_hostname:
|
||||
type: "str"
|
||||
required: true
|
||||
services_root_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_containers_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
services_service_name:
|
||||
type: "str"
|
||||
required: true
|
||||
|
@ -1,6 +1,6 @@
|
||||
- name: "{{ services_service_name }} : directories : create containers directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}"
|
||||
path: "{{ services_service_user_containers }}"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
- name: "{{ services_service_name }} : directories : create data directory"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}"
|
||||
path: "{{ services_service_user_data }}"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
||||
|
@ -1,6 +1,6 @@
|
||||
- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}"
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
||||
@ -8,12 +8,12 @@
|
||||
|
||||
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
|
||||
ansible.builtin.stat:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
|
||||
register: services_setup_user_volume_mount
|
||||
|
||||
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
||||
ansible.builtin.file:
|
||||
path: "/var/lib/{{ ansible_hostname }}/data/{{ services_service_user_name }}/{{ services_service_volume.key }}/_data"
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
|
||||
state: "directory"
|
||||
owner: "{{ services_service_user_name }}"
|
||||
group: "{{ services_service_user_name }}"
|
||||
|
@ -1,5 +1,5 @@
|
||||
[storage]
|
||||
graphroot = "/var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/storage"
|
||||
graphroot = "{{ services_service_user_containers }}/storage"
|
||||
driver = "overlay"
|
||||
|
||||
[storage.options]
|
||||
|
@ -1,6 +1,6 @@
|
||||
iface {{ services_service_iface_name }} inet manual
|
||||
pre-up mkdir -p /run/netns
|
||||
pre-up ln -sfTv /proc/$(cat /var/lib/{{ ansible_hostname }}/containers/{{ services_service_user_name }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
||||
pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
||||
|
||||
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
|
||||
pre-up ip link set $IFACE master br0
|
||||
|
Loading…
Reference in New Issue
Block a user