the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Commonise service systemd files

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-11-11 21:54:08 +01:00
parent fda3fec63c
commit a793ed87b4
49 changed files with 527 additions and 1323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
playbooks/roles/services/deploy/cloud/tasks/main.yml
View File

@ -31,51 +31,14 @@
- "database.user"
register: services_deploy_cloud_nextcloud_files
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-cloud.service"
- "pod-cloud-chown.service"
- "pod-cloud-cron.service"
- "pod-cloud-nextcloud.service"
- "pod-cloud-nginx.service"
- "pod-cloud-redis.service"
register: services_deploy_cloud_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_cloud_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_cloud_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_cloud_hosts_file.changed or
services_deploy_cloud_config_files.changed or
services_deploy_cloud_nextcloud_files.changed or
services_deploy_cloud_systemd_files.changed) and
services_deploy_cloud_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{
services_deploy_cloud_hosts_file.changed or
services_deploy_cloud_config_files.changed or
services_deploy_cloud_nextcloud_files.changed
}}"

30
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-chown.service
View File

@ -1,30 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
After=pod-cloud.service
Before=pod-cloud-nextcloud.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
--user=0 \
--entrypoint="/bin/bash" \
--name=%N \
docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }} \
-c "chown -R www-data:www-data /var/www/html /media/external"
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
Type=oneshot
[Install]
WantedBy=multi-user.target default.target

38
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-cron.service
View File

@ -1,38 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-cloud.service pod-cloud-nextcloud.service
After=pod-cloud.service pod-cloud-nextcloud.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
--name=%N \
docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }} \
/cron.sh
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

59
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nextcloud.service
View File

@ -1,59 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-cloud.service pod-cloud-redis.service
After=pod-cloud.service pod-cloud-redis.service
Requires=pod-cloud-chown.service
After=pod-cloud-chown.service
Wants=pod-cloud-cron.service pod-cloud-nginx.service
Before=pod-cloud-cron.service pod-cloud-nginx.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
-v ./.config/service/database.name:/run/secrets/database.name:ro \
-v ./.config/service/database.user:/run/secrets/database.user:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \
-e POSTGRES_HOST=pod-database:5432 \
-e POSTGRES_DB_FILE=/run/secrets/database.name \
-e POSTGRES_USER_FILE=/run/secrets/database.user \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-e REDIS_HOST=localhost \
-e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[services_service_name].domain }}" \
-e OVERWRITEPROTOCOL="https" \
-e SMTP_HOST="{{ services[services_service_name].smtp.host }}" \
-e SMTP_SECURE="ssl" \
-e SMTP_PORT=465 \
-e SMTP_AUTHTYPE="PLAIN" \
-e SMTP_NAME="{{ services[services_service_name].smtp.user }}" \
-e SMTP_PASSWORD="{{ services[services_service_name].smtp.password }}" \
-e MAIL_FROM_ADDRESS="cloud" \
-e MAIL_DOMAIN="{{ services[services_service_name].domain }}" \
--name=%N \
docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

36
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nginx.service
View File

@ -1,36 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-cloud.service pod-cloud-nextcloud.service
After=pod-cloud.service pod-cloud-nextcloud.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
--name=%N \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

34
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-redis.service
View File

@ -1,34 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-cloud.service
After=pod-cloud.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v %N---data:/data \
--name=%N \
docker.io/library/redis:{{ services_service_deploy_versions.redis }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-cloud-nextcloud.service
Before=pod-cloud-nextcloud.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-cloud
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

73
playbooks/roles/services/deploy/cloud/vars/main.yml Normal file
View File

@ -0,0 +1,73 @@
---
services_deploy_pod:
wants:
- "nextcloud"
oneshot:
chown:
image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}"
before:
- "nextcloud"
podman_run_args:
- "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html"
- "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data"
- "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external"
- "--user=0"
- "--entrypoint=\"/bin/bash\""
cmd_args:
- "-c \"chown -R www-data:www-data /var/www/html /media/external\""
containers:
cron:
image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}"
binds_to:
- "nextcloud"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html"
- "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data"
- "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external"
cmd_args:
- "/cron.sh"
nextcloud:
image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}"
binds_to:
- "redis"
requires:
- "chown"
wants:
- "cron"
- "nginx"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html"
- "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data"
- "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external"
- "-v ./.config/service/database.name:/run/secrets/database.name:ro"
- "-v ./.config/service/database.user:/run/secrets/database.user:ro"
- "-v ./.config/service/database.password:/run/secrets/database.password:ro"
- "-e POSTGRES_HOST=pod-database:5432"
- "-e POSTGRES_DB_FILE=/run/secrets/database.name"
- "-e POSTGRES_USER_FILE=/run/secrets/database.user"
- "-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password"
- "-e REDIS_HOST=localhost"
- "-e NEXTCLOUD_TRUSTED_DOMAINS=\"{{ services[services_service_name].domain }}\""
- "-e OVERWRITEPROTOCOL=\"https\""
- "-e SMTP_HOST=\"{{ services[services_service_name].smtp.host }}\""
- "-e SMTP_SECURE=\"ssl\""
- "-e SMTP_PORT=465"
- "-e SMTP_AUTHTYPE=\"PLAIN\""
- "-e SMTP_NAME=\"{{ services[services_service_name].smtp.user }}\""
- "-e SMTP_PASSWORD=\"{{ services[services_service_name].smtp.password }}\""
- "-e MAIL_FROM_ADDRESS=\"cloud\""
- "-e MAIL_DOMAIN=\"{{ services[services_service_name].domain }}\""
nginx:
image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}"
binds_to:
- "nextcloud"
podman_run_args:
- "-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro"
- "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html"
- "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data"
redis:
image: "docker.io/library/redis:{{ services_service_deploy_versions.redis }}"
podman_run_args:
- "-v %N---data:/data"

52
playbooks/roles/services/deploy/dash/tasks/main.yml
View File

@ -4,11 +4,6 @@
name: "services/include"
vars_from: "user"
- name: "stat the grafana password file"
ansible.builtin.stat:
path: "{{ services_service_user_home }}/.config/service/admin.password"
register: services_deploy_dash_grafana_password_file_stat
- block:
- name: "configure hosts file"
@ -18,45 +13,10 @@
mode: 0644
register: services_deploy_dash_hosts_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-dash.service"
- "pod-dash-grafana.service"
register: services_deploy_dash_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_dash_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_dash_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_dash_hosts_file.changed or
services_deploy_dash_systemd_files.changed) and
services_deploy_dash_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{ services_deploy_dash_hosts_file.changed }}"

35
playbooks/roles/services/deploy/dash/templates/systemd/pod-dash-grafana.service
View File

@ -1,35 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-dash.service
After=pod-dash.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-dash.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-dash/data/_data:/var/lib/grafana:U \
--name=%N \
docker.io/grafana/grafana:{{ services_service_deploy_versions.grafana }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/dash/templates/systemd/pod-dash.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-dash-grafana.service
Before=pod-dash-grafana.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-dash
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-dash
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-dash
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

10
playbooks/roles/services/deploy/dash/vars/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
services_deploy_pod:
wants:
- "grafana"
containers:
grafana:
image: "docker.io/grafana/grafana:{{ services_service_deploy_versions.grafana }}"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v {{ services_data_directory }}/pod-dash/data/_data:/var/lib/grafana:U"

52
playbooks/roles/services/deploy/database/tasks/main.yml
View File

@ -32,47 +32,13 @@
mode: 0600
register: services_deploy_database_postgres_password_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-database.service"
- "pod-database-postgres.service"
- "pod-database-pgadmin.service"
register: services_deploy_database_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_database_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_database_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_database_postgres_password_file.changed or
services_deploy_database_pgadmin_password_file.changed or
services_deploy_database_systemd_files.changed) and
services_deploy_database_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{
services_deploy_database_postgres_password_file.changed or
services_deploy_database_pgadmin_password_file.changed
}}"

37
playbooks/roles/services/deploy/database/templates/systemd/pod-database-pgadmin.service
View File

@ -1,37 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-database.service pod-database-postgres.service
After=pod-database.service pod-database-postgres.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-database.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin:U \
-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:U,ro \
-e PGADMIN_DEFAULT_EMAIL="{{ services[services_service_name].pgadmin.email }}" \
-e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password \
--name=%N \
docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

40
playbooks/roles/services/deploy/database/templates/systemd/pod-database-postgres.service
View File

@ -1,40 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-database.service
After=pod-database.service
Wants=pod-database-pgadmin.service
Before=pod-database-pgadmin.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-database.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \
--name=%N \
docker.io/library/postgres:{{ services_service_deploy_versions.postgres }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/database/templates/systemd/pod-database.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-database-postgres.service
Before=pod-database-postgres.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-database
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

24
playbooks/roles/services/deploy/database/vars/main.yml Normal file
View File

@ -0,0 +1,24 @@
---
services_deploy_pod:
wants:
- "postgres"
containers:
postgres:
image: "docker.io/library/postgres:{{ services_service_deploy_versions.postgres }}"
wants:
- "pgadmin"
podman_run_args:
- "-v ./.config/service/database.password:/run/secrets/database.password:ro"
- "-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password"
- "-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal"
- "-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal"
- "-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data"
pgadmin:
image: "docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }}"
binds_to:
- "postgres"
podman_run_args:
- "-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin:U"
- "-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:U,ro"
- "-e PGADMIN_DEFAULT_EMAIL=\"{{ services[services_service_name].pgadmin.email }}\""
- "-e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password"

47
playbooks/roles/services/deploy/git/tasks/main.yml
View File

@ -13,45 +13,10 @@
mode: 0644
register: services_deploy_git_hosts_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-git.service"
- "pod-git-gitea.service"
register: services_deploy_git_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_git_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_git_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_git_hosts_file.changed or
services_deploy_git_systemd_files.changed) and
services_deploy_git_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{ services_deploy_git_hosts_file.changed }}"

58
playbooks/roles/services/deploy/git/templates/systemd/pod-git-gitea.service
View File

@ -1,58 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-git.service
After=pod-git.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-git.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID="1000" \
-e USER_GID="1000" \
-e GITEA__database__DB_TYPE="postgres" \
-e GITEA__database__HOST="pod-database:5432" \
-e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \
-e GITEA__database__USER="{{ services[services_service_name].database.user }}" \
-e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \
-e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
-e GITEA__server__START_SSH_SERVER="true" \
-e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__mailer__ENABLED="true" \
-e GITEA__mailer__FROM="Gitea <noreply@{{ services[services_service_name].domain }}>" \
-e GITEA__mailer__MAILER_TYPE="smtp" \
-e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \
-e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \
-e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \
-e GITEA__service__DISABLE_REGISTRATION="true" \
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
--name=%N \
docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/git/templates/systemd/pod-git.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-git-gitea.service
Before=pod-git-gitea.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-git
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/git/vars/main.yml Normal file
View File

@ -0,0 +1,33 @@
---
services_deploy_pod:
wants:
- "gitea"
containers:
gitea:
image: "docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v {{ services_data_directory }}/pod-git/data/_data:/data"
- "-v /etc/timezone:/etc/timezone:ro"
- "-v /etc/localtime:/etc/localtime:ro"
- "-e USER_UID=\"1000\""
- "-e USER_GID=\"1000\""
- "-e GITEA__database__DB_TYPE=\"postgres\""
- "-e GITEA__database__HOST=\"pod-database:5432\""
- "-e GITEA__database__NAME=\"{{ services[services_service_name].database.name }}\""
- "-e GITEA__database__USER=\"{{ services[services_service_name].database.user }}\""
- "-e GITEA__database__PASSWD=\"{{ services[services_service_name].database.password }}\""
- "-e GITEA__server__DOMAIN=\"{{ services[services_service_name].domain }}\""
- "-e GITEA__server__SSH_DOMAIN=\"{{ services[services_service_name].domain }}\""
- "-e GITEA__server__ROOT_URL=\"https://%(DOMAIN)s/\""
- "-e GITEA__server__START_SSH_SERVER=\"true\""
- "-e GITEA__server__SSH_PORT=\"{{ services[services_service_name].ssh_port }}\""
- "-e GITEA__server__SSH_LISTEN_PORT=\"{{ services[services_service_name].ssh_port }}\""
- "-e GITEA__mailer__ENABLED=\"true\""
- "-e GITEA__mailer__FROM=\"Gitea <noreply@{{ services[services_service_name].domain }}>\""
- "-e GITEA__mailer__MAILER_TYPE=\"smtp\""
- "-e GITEA__mailer__HOST=\"{{ services[services_service_name].smtp.host }}\""
- "-e GITEA__mailer__USER=\"{{ services[services_service_name].smtp.user }}\""
- "-e GITEA__mailer__PASSWD=\"{{ services[services_service_name].smtp.password }}\""
- "-e GITEA__service__DISABLE_REGISTRATION=\"true\""
- "-e GITEA__service__ENABLE_NOTIFY_MAIL=\"true\""

51
playbooks/roles/services/deploy/metrics/tasks/main.yml
View File

@ -20,46 +20,13 @@
mode: 0644
register: services_deploy_metrics_prometheus_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-metrics.service"
- "pod-metrics-prometheus.service"
register: services_deploy_metrics_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_metrics_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_metrics_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_metrics_hosts_file.changed or
services_deploy_metrics_prometheus_file.changed or
services_deploy_metrics_systemd_files.changed) and
services_deploy_metrics_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{
services_deploy_metrics_hosts_file.changed or
services_deploy_metrics_prometheus_file.changed
}}"

39
playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics-prometheus.service
View File

@ -1,39 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-metrics.service
After=pod-metrics.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-metrics.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v ./.config/service/prometheus.yml:/etc/prometheus/prometheus.yml:U \
-v {{ services_data_directory }}/pod-metrics/data/_data:/prometheus:U \
--name=%N \
docker.io/prom/prometheus:{{ services_service_deploy_versions.prometheus }}
# Careful about appending CLI arguments - in addition to the new arguments, all the arguments from
# the upstream Dockerfile must also be re-appended and it is not possible it use the configuration
# file to configure some arguments: https://github.com/prometheus/prometheus/issues/6188
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-metrics-prometheus.service
Before=pod-metrics-prometheus.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-metrics
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-metrics
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-metrics
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

14
playbooks/roles/services/deploy/metrics/vars/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
services_deploy_pod:
wants:
- "prometheus"
containers:
prometheus:
image: "docker.io/prom/prometheus:{{ services_service_deploy_versions.prometheus }}"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v ./.config/service/prometheus.yml:/etc/prometheus/prometheus.yml:U"
- "-v {{ services_data_directory }}/pod-metrics/data/_data:/prometheus:U"
# Careful about appending cmd_args - in addition to the new arguments, all the arguments from the
# upstream Dockerfile must also be re-appended and it is not possible it use the configuration file
# to configure some arguments: https://github.com/prometheus/prometheus/issues/6188

47
playbooks/roles/services/deploy/music/tasks/main.yml
View File

@ -4,47 +4,6 @@
name: "services/include"
vars_from: "user"
- block:
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-music.service"
- "pod-music-collection.service"
- "pod-music-archive.service"
register: services_deploy_music_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_music_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_music_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
services_deploy_music_systemd_files.changed and
services_deploy_music_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"

40
playbooks/roles/services/deploy/music/templates/systemd/pod-music-archive.service
View File

@ -1,40 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-music.service
After=pod-music.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-music.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
-v {{ services_host_services[services_service_name].archive_path }}:/music:ro \
-e ND_PORT="8080" \
-e ND_IGNOREDARTICLES="The El La Los Las Le Les Os O A" \
-e ND_ENABLESTARRATING="false" \
-e ND_LASTFM_ENABLED="false" \
-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \
--name=%N \
docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

40
playbooks/roles/services/deploy/music/templates/systemd/pod-music-collection.service
View File

@ -1,40 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-music.service
After=pod-music.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-music.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
-v {{ services_host_services[services_service_name].collection_path }}:/music:ro \
-e ND_PORT="80" \
-e ND_IGNOREDARTICLES="The El La Los Las Le Les Os O A" \
-e ND_ENABLESTARRATING="false" \
-e ND_LASTFM_ENABLED="false" \
-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \
--name=%N \
docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/music/templates/systemd/pod-music.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-music-collection.service pod-music-archive.service
Before=pod-music-collection.service pod-music-archive.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-music
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

26
playbooks/roles/services/deploy/music/vars/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
services_deploy_pod:
wants:
- "collection"
- "archive"
containers:
collection:
image: "docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}"
podman_run_args:
- "-v {{ services_data_directory }}/pod-music/collection/_data:/data"
- "-v {{ services_host_services[services_service_name].collection_path }}:/music:ro"
- "-e ND_PORT=\"80\""
- "-e ND_IGNOREDARTICLES=\"The El La Los Las Le Les Os O A\""
- "-e ND_ENABLESTARRATING=\"false\""
- "-e ND_LASTFM_ENABLED=\"false\""
- "-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }}"
archive:
image: "docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}"
podman_run_args:
- "-v {{ services_data_directory }}/pod-music/archive/_data:/data"
- "-v {{ services_host_services[services_service_name].archive_path }}:/music:ro"
- "-e ND_PORT=\"8080\""
- "-e ND_IGNOREDARTICLES=\"The El La Los Las Le Les Os O A\""
- "-e ND_ENABLESTARRATING=\"false\""
- "-e ND_LASTFM_ENABLED=\"false\""
- "-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }}"

47
playbooks/roles/services/deploy/notes/tasks/main.yml
View File

@ -13,45 +13,10 @@
mode: 0644
register: services_deploy_notes_hosts_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-notes.service"
- "pod-notes-joplin.service"
register: services_deploy_notes_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_notes_systemd_files.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_notes_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_notes_hosts_file.changed or
services_deploy_notes_systemd_files.changed) and
services_deploy_notes_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{ services_deploy_notes_hosts_file.changed }}"

52
playbooks/roles/services/deploy/notes/templates/systemd/pod-notes-joplin.service
View File

@ -1,52 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-notes.service
After=pod-notes.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-notes/data/_data:/data:U \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
-e APP_PORT="22300" \
-e DB_CLIENT="pg" \
-e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \
-e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \
-e POSTGRES_USER="{{ services[services_service_name].database.user }}" \
-e POSTGRES_PORT="5432" \
-e POSTGRES_HOST="pod-database" \
-e MAILER_ENABLED="true" \
-e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \
-e MAILER_PORT=465 \
-e MAILER_SECURITY="tls" \
-e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \
-e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \
-e MAILER_NOREPLY_NAME="Joplin" \
-e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \
-e STORAGE_DRIVER="Type=Filesystem; Path=/data" \
--name=%N \
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-notes-joplin.service
Before=pod-notes-joplin.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-notes
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

27
playbooks/roles/services/deploy/notes/vars/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
services_deploy_pod:
wants:
- "joplin"
containers:
joplin:
image: "docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}"
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v {{ services_data_directory }}/pod-notes/data/_data:/data:U"
- "-e APP_BASE_URL=\"https://{{ services[services_service_name].domain }}\""
- "-e APP_PORT=\"22300\""
- "-e DB_CLIENT=\"pg\""
- "-e POSTGRES_PASSWORD=\"{{ services[services_service_name].database.password }}\""
- "-e POSTGRES_DATABASE=\"{{ services[services_service_name].database.name }}\""
- "-e POSTGRES_USER=\"{{ services[services_service_name].database.user }}\""
- "-e POSTGRES_PORT=\"5432\""
- "-e POSTGRES_HOST=\"pod-database\""
- "-e MAILER_ENABLED=\"true\""
- "-e MAILER_HOST=\"{{ services[services_service_name].smtp.host }}\""
- "-e MAILER_PORT=465"
- "-e MAILER_SECURITY=\"tls\""
- "-e MAILER_AUTH_USER=\"{{ services[services_service_name].smtp.user }}\""
- "-e MAILER_AUTH_PASSWORD=\"{{ services[services_service_name].smtp.password }}\""
- "-e MAILER_NOREPLY_NAME=\"Joplin\""
- "-e MAILER_NOREPLY_EMAIL=\"noreply@{{ services[services_service_name].domain }}\""
- "-e STORAGE_DRIVER=\"Type=Filesystem; Path=/data\""

2
playbooks/roles/services/deploy/pod/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
services_deploy_pod_needs_restart: false

23
playbooks/roles/services/deploy/pod/meta/argument_specs.yml Normal file
View File

@ -0,0 +1,23 @@
---
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true
services_service_name:
type: "str"
required: true
services_service_user_name:
type: "str"
required: true
services_service_user_home:
type: "str"
required: true
services_deploy_pod:
type: "dict"
elem: "dict"
required: true
services_deploy_pod_needs_restart:
type: "bool"
required: false

98
playbooks/roles/services/deploy/pod/tasks/main.yml Normal file
View File

@ -0,0 +1,98 @@
---
- block:
- name: "{{ services_service_name }} : configure pod"
ansible.builtin.template:
src: "./pod.service"
dest: "\
{{ services_service_user_home }}/.config/systemd/user/\
pod-{{ services_service_name }}.service"
mode: 0600
vars:
services_deploy_pod_pod_wants: "\
{{ [( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod.wants) | map('join') |
product(['.service']) | map('join') }}"
register: services_deploy_pod_pod_file
- name: "{{ services_service_name }} : configure oneshot containers"
ansible.builtin.template:
src: "./oneshot.service"
dest: "\
{{ services_service_user_home }}/.config/systemd/user/\
pod-{{ services_service_name }}-{{ item }}.service"
mode: 0600
vars:
services_deploy_pod_oneshot: "{{ services_deploy_pod.oneshot[item] }}"
services_deploy_pod_oneshot_after: "\
{{ [( 'pod-' ~ services_service_name )] |
union([( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod_oneshot.after | default([])) | map('join')) |
product(['.service']) | map('join') }}"
services_deploy_pod_oneshot_before: "\
{{ [( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod_oneshot.before | default([])) | map('join') |
product(['.service']) | map('join') }}"
loop: "{{ (services_deploy_pod.oneshot | default({})).keys() }}"
register: services_deploy_pod_oneshot_files
- name: "{{ services_service_name }} : configure daemon containers"
ansible.builtin.template:
src: "./container.service"
dest: "\
{{ services_service_user_home }}/.config/systemd/user/\
pod-{{ services_service_name }}-{{ item }}.service"
mode: 0600
vars:
services_deploy_pod_container: "{{ services_deploy_pod.containers[item] }}"
services_deploy_pod_container_binds_to: "\
{{ [( 'pod-' ~ services_service_name )] |
union([( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod_container.binds_to | default([])) | map('join')) |
product(['.service']) | map('join') }}"
services_deploy_pod_container_requires: "\
{{ [( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod_container.requires | default([])) | map('join') |
product(['.service']) | map('join') }}"
services_deploy_pod_container_wants: "\
{{ [( 'pod-' ~ services_service_name ~ '-')] |
product(services_deploy_pod_container.wants | default([])) | map('join') |
product(['.service']) | map('join') }}"
loop: "{{ services_deploy_pod.containers.keys() }}"
register: services_deploy_pod_container_files
- name: "{{ services_service_name }} : systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_pod_pod_file.changed or
services_deploy_pod_container_files.changed
- name: "{{ services_service_name }} : get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_pod_service_active_state
- name: "{{ services_service_name }} : restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_pod_needs_restart or
services_deploy_pod_pod_file.changed or
services_deploy_pod_oneshot_files.changed or
services_deploy_pod_container_files.changed) and
services_deploy_pod_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"

46
playbooks/roles/services/deploy/pod/templates/container.service Normal file
View File

@ -0,0 +1,46 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo={{ services_deploy_pod_container_binds_to | join(" ") }}
After={{ services_deploy_pod_container_binds_to | join(" ") }}
{% if services_deploy_pod_container_requires %}
Requires={{ services_deploy_pod_container_requires | join(" ") }}
After={{ services_deploy_pod_container_requires | join(" ") }}
{% endif %}
{% if services_deploy_pod_container_wants %}
Wants={{ services_deploy_pod_container_wants | join(" ") }}
Before={{ services_deploy_pod_container_wants | join(" ") }}
{% endif %}
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
{% for exec_start_pre in (services_deploy_pod_container.exec_start_pre | default([])) %}
ExecStartPre={{ exec_start_pre }}
{% endfor %}
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
{% for podman_run_arg in (services_deploy_pod_container.podman_run_args | default([])) %}
{{ podman_run_arg }} \
{% endfor %}
--name=%N \
{{ services_deploy_pod_container.image }}{%
for cmd_arg in (services_deploy_pod_container.cmd_args | default([])) %} \
{{ cmd_arg }}{% endfor %}{{ '' }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking

28
playbooks/roles/services/deploy/pod/templates/oneshot.service Normal file
View File

@ -0,0 +1,28 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
After={{ services_deploy_pod_oneshot_after | join(" ") }}
{% if services_deploy_pod_oneshot_before %}
Before={{ services_deploy_pod_oneshot_before | join(" ") }}
{% endif %}
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-cloud.pod-id \
--replace \
{% for podman_run_arg in (services_deploy_pod_oneshot.podman_run_args | default([])) %}
{{ podman_run_arg }} \
{% endfor %}
--name=%N \
{{ services_deploy_pod_oneshot.image }}{%
for cmd_arg in (services_deploy_pod_oneshot.cmd_args | default([])) %} \
{{ cmd_arg }}{% endfor %}{{ '' }}
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
Type=oneshot

4
playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service → playbooks/roles/services/deploy/pod/templates/pod.service
View File

@ -3,8 +3,8 @@ Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-{{ services_service_name }}-nginx.service
Before=pod-{{ services_service_name }}-nginx.service
Wants={{ services_deploy_pod_pod_wants | join(" ") }}
Before={{ services_deploy_pod_pod_wants | join(" ") }}
OnFailure=status-mail@%n.service
[Service]

74
playbooks/roles/services/deploy/rproxy/tasks/main.yml
View File

@ -6,13 +6,6 @@
- block:
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_rproxy_hosts_file
- name: "{{ services_service_name }} : create nginx conf.d"
ansible.builtin.file:
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
@ -48,26 +41,6 @@
mode: 0600
register: services_deploy_rproxy_crontabs_root
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "\
{{ services_service_user_home }}/.config/systemd/user/\
{{ item | replace('rproxy', services_service_name) }}"
mode: 0600
loop:
- "pod-rproxy.service"
- "pod-rproxy-nginx.service"
- "pod-rproxy-certbot.service"
register: services_deploy_rproxy_systemd_files
- name: "{{ services_service_name }} : systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_rproxy_systemd_files.changed
- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
ansible.builtin.command: >-
openssl dhparam --out /{{ services_service_user_home }}/.config/service/dhparam.pem 4096
@ -75,33 +48,24 @@
creates: "{{ services_service_user_home }}/.config/service/dhparam.pem"
register: services_deploy_rproxy_dhparam
- name: "{{ services_service_name }} : get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_rproxy_service_active_state
- name: "{{ services_service_name }} : restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
(services_deploy_rproxy_hosts_file.changed or
services_deploy_rproxy_generic_config.changed or
services_deploy_rproxy_stream_config.changed or
services_deploy_rproxy_subdomain_config_files.changed or
services_deploy_rproxy_crontabs_root.changed or
services_deploy_rproxy_systemd_files.changed or
services_deploy_rproxy_dhparam.changed) and
services_deploy_rproxy_service_active_state.stdout == "active"
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "./hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_rproxy_hosts_file
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"
vars:
services_deploy_pod_needs_restart: "{{
services_deploy_rproxy_generic_config.changed or
services_deploy_rproxy_stream_config.changed or
services_deploy_rproxy_subdomain_config_files.changed or
services_deploy_rproxy_crontabs_root.changed or
services_deploy_rproxy_dhparam.changed or
services_deploy_rproxy_hosts_file.changed
}}"

2
playbooks/roles/services/deploy/rproxy/templates/hosts
View File

@ -3,7 +3,7 @@
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 {{ services_service_name }}
127.0.1.1 pod-{{ services_service_name }}
{% for service in ( services_all_services | dict2items ) %}
{{ service.value.inet6_address }} pod-{{ service.key }}

40
playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-certbot.service
View File

@ -1,40 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-{{ services_service_name }}.service pod-{{ services_service_name }}-nginx.service
After=pod-{{ services_service_name }}.service pod-{{ services_service_name }}-nginx.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \
-v ./.config/service/crontabs-root:/etc/crontabs/root \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
--name=%N \
--entrypoint=/usr/sbin/crond \
docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }} -f
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

45
playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-nginx.service
View File

@ -1,45 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-{{ services_service_name }}.service
After=pod-{{ services_service_name }}.service
Wants=pod-{{ services_service_name }}-certbot.service
Before=pod-{{ services_service_name }}-certbot.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v %t/resolver.conf:/etc/nginx/resolver.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \
--name=%N \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

39
playbooks/roles/services/deploy/rproxy/vars/main.yml Normal file
View File

@ -0,0 +1,39 @@
---
services_deploy_pod:
wants:
- "nginx"
containers:
nginx:
image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}"
wants:
- "certbot"
exec_start_pre:
- >-
/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\''
{{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
podman_run_args:
- "-v ./.config/service/hosts:/etc/hosts:ro"
- "-v %t/resolver.conf:/etc/nginx/resolver.conf:ro"
- "-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro"
- "-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro"
- "-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro"
- "-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro"
- "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\
/etc/letsencrypt:ro"
- "-v var-lib-letsencrypt:/var/lib/letsencrypt:ro"
- "-v var-www-html:/var/www/html"
certbot:
image: "docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }}"
binds_to:
- "nginx"
podman_run_args:
- "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\
/etc/letsencrypt"
- "-v var-lib-letsencrypt:/var/lib/letsencrypt"
- "-v var-www-html:/var/www/html"
- "-v ./.config/service/crontabs-root:/etc/crontabs/root"
- "-v /etc/timezone:/etc/timezone:ro"
- "-v /etc/localtime:/etc/localtime:ro"
- "--entrypoint=/usr/sbin/crond"
cmd_args:
- "-f"

44
playbooks/roles/services/deploy/www/tasks/main.yml
View File

@ -31,23 +31,6 @@
- block:
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
mode: 0600
loop:
- "pod-www.service"
- "pod-www-nginx.service"
register: services_deploy_www_systemd_files
- name: "systemd user daemon reload"
ansible.builtin.systemd:
daemon_reload: true
scope: "user"
when:
services_deploy_www_systemd_files.changed
- name: "clone website repository"
ansible.builtin.git:
repo: "\
@ -66,27 +49,8 @@
when:
services_deploy_www_webiste_git.changed
- name: "get uid"
ansible.builtin.getent:
database: "passwd"
key: "{{ services_service_user_name }}"
- name: "get service status"
ansible.builtin.command: >-
systemctl --user show --property ActiveState --value
pod-{{ services_service_name }}.service
environment:
XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}"
changed_when: false
register: services_deploy_www_service_active_state
- name: "restart the service"
ansible.builtin.systemd:
name: "pod-{{ services_service_name }}.service"
state: "restarted"
scope: "user"
when:
services_deploy_www_systemd_files.changed and
services_deploy_www_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"
- name: "{{ services_service_name }} : configure systemd service"
ansible.builtin.include_role:
name: "services/deploy/pod"

34
playbooks/roles/services/deploy/www/templates/systemd/pod-www-nginx.service
View File

@ -1,34 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-www.service
After=pod-www.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/%N.pid \
--cidfile %t/%N.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-www.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
--name=%N \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

33
playbooks/roles/services/deploy/www/templates/systemd/pod-www.service
View File

@ -1,33 +0,0 @@
[Unit]
Description=Podman %n
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Wants=pod-www-nginx.service
Before=pod-www-nginx.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/%N.pid \
--pod-id-file %t/%N.pod-id \
--name=%N \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-www
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile
PIDFile=%t/%N.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

9
playbooks/roles/services/deploy/www/vars/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
services_deploy_pod:
wants:
- "nginx"
containers:
nginx:
image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}"
podman_run_args:
- "-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro"