From a793ed87b4c945d4587d5454f992baf40b2b342f Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sat, 11 Nov 2023 21:54:08 +0100 Subject: [PATCH] Commonise service systemd files --- .../services/deploy/cloud/tasks/main.yml | 57 ++--------- .../templates/systemd/pod-cloud-chown.service | 30 ------ .../templates/systemd/pod-cloud-cron.service | 38 ------- .../systemd/pod-cloud-nextcloud.service | 59 ----------- .../templates/systemd/pod-cloud-nginx.service | 36 ------- .../templates/systemd/pod-cloud-redis.service | 34 ------- .../cloud/templates/systemd/pod-cloud.service | 33 ------- .../roles/services/deploy/cloud/vars/main.yml | 73 ++++++++++++++ .../roles/services/deploy/dash/tasks/main.yml | 52 ++-------- .../systemd/pod-dash-grafana.service | 35 ------- .../dash/templates/systemd/pod-dash.service | 33 ------- .../roles/services/deploy/dash/vars/main.yml | 10 ++ .../services/deploy/database/tasks/main.yml | 52 ++-------- .../systemd/pod-database-pgadmin.service | 37 ------- .../systemd/pod-database-postgres.service | 40 -------- .../templates/systemd/pod-database.service | 33 ------- .../services/deploy/database/vars/main.yml | 24 +++++ .../roles/services/deploy/git/tasks/main.yml | 47 ++------- .../templates/systemd/pod-git-gitea.service | 58 ----------- .../git/templates/systemd/pod-git.service | 33 ------- .../roles/services/deploy/git/vars/main.yml | 33 +++++++ .../services/deploy/metrics/tasks/main.yml | 51 ++-------- .../systemd/pod-metrics-prometheus.service | 39 -------- .../templates/systemd/pod-metrics.service | 33 ------- .../services/deploy/metrics/vars/main.yml | 14 +++ .../services/deploy/music/tasks/main.yml | 47 +-------- .../systemd/pod-music-archive.service | 40 -------- .../systemd/pod-music-collection.service | 40 -------- .../music/templates/systemd/pod-music.service | 33 ------- .../roles/services/deploy/music/vars/main.yml | 26 +++++ .../services/deploy/notes/tasks/main.yml | 47 ++------- .../systemd/pod-notes-joplin.service | 52 ---------- .../notes/templates/systemd/pod-notes.service | 33 ------- .../roles/services/deploy/notes/vars/main.yml | 27 +++++ .../services/deploy/pod/defaults/main.yml | 2 + .../deploy/pod/meta/argument_specs.yml | 23 +++++ .../roles/services/deploy/pod/tasks/main.yml | 98 +++++++++++++++++++ .../deploy/pod/templates/container.service | 46 +++++++++ .../deploy/pod/templates/oneshot.service | 28 ++++++ .../templates/pod.service} | 4 +- .../services/deploy/rproxy/tasks/main.yml | 74 ++++---------- .../services/deploy/rproxy/templates/hosts | 2 +- .../systemd/pod-rproxy-certbot.service | 40 -------- .../systemd/pod-rproxy-nginx.service | 45 --------- .../services/deploy/rproxy/vars/main.yml | 39 ++++++++ .../roles/services/deploy/www/tasks/main.yml | 44 +-------- .../templates/systemd/pod-www-nginx.service | 34 ------- .../www/templates/systemd/pod-www.service | 33 ------- .../roles/services/deploy/www/vars/main.yml | 9 ++ 49 files changed, 527 insertions(+), 1323 deletions(-) delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-chown.service delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-cron.service delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nextcloud.service delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nginx.service delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-redis.service delete mode 100644 playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service create mode 100644 playbooks/roles/services/deploy/cloud/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/dash/templates/systemd/pod-dash-grafana.service delete mode 100644 playbooks/roles/services/deploy/dash/templates/systemd/pod-dash.service create mode 100644 playbooks/roles/services/deploy/dash/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/database/templates/systemd/pod-database-pgadmin.service delete mode 100644 playbooks/roles/services/deploy/database/templates/systemd/pod-database-postgres.service delete mode 100644 playbooks/roles/services/deploy/database/templates/systemd/pod-database.service create mode 100644 playbooks/roles/services/deploy/database/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/git/templates/systemd/pod-git-gitea.service delete mode 100644 playbooks/roles/services/deploy/git/templates/systemd/pod-git.service create mode 100644 playbooks/roles/services/deploy/git/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics-prometheus.service delete mode 100644 playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics.service create mode 100644 playbooks/roles/services/deploy/metrics/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/music/templates/systemd/pod-music-archive.service delete mode 100644 playbooks/roles/services/deploy/music/templates/systemd/pod-music-collection.service delete mode 100644 playbooks/roles/services/deploy/music/templates/systemd/pod-music.service create mode 100644 playbooks/roles/services/deploy/music/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/notes/templates/systemd/pod-notes-joplin.service delete mode 100644 playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service create mode 100644 playbooks/roles/services/deploy/notes/vars/main.yml create mode 100644 playbooks/roles/services/deploy/pod/defaults/main.yml create mode 100644 playbooks/roles/services/deploy/pod/meta/argument_specs.yml create mode 100644 playbooks/roles/services/deploy/pod/tasks/main.yml create mode 100644 playbooks/roles/services/deploy/pod/templates/container.service create mode 100644 playbooks/roles/services/deploy/pod/templates/oneshot.service rename playbooks/roles/services/deploy/{rproxy/templates/systemd/pod-rproxy.service => pod/templates/pod.service} (92%) delete mode 100644 playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-certbot.service delete mode 100644 playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-nginx.service create mode 100644 playbooks/roles/services/deploy/rproxy/vars/main.yml delete mode 100644 playbooks/roles/services/deploy/www/templates/systemd/pod-www-nginx.service delete mode 100644 playbooks/roles/services/deploy/www/templates/systemd/pod-www.service create mode 100644 playbooks/roles/services/deploy/www/vars/main.yml diff --git a/playbooks/roles/services/deploy/cloud/tasks/main.yml b/playbooks/roles/services/deploy/cloud/tasks/main.yml index 73d7eea..1f44b34 100644 --- a/playbooks/roles/services/deploy/cloud/tasks/main.yml +++ b/playbooks/roles/services/deploy/cloud/tasks/main.yml @@ -31,51 +31,14 @@ - "database.user" register: services_deploy_cloud_nextcloud_files - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-cloud.service" - - "pod-cloud-chown.service" - - "pod-cloud-cron.service" - - "pod-cloud-nextcloud.service" - - "pod-cloud-nginx.service" - - "pod-cloud-redis.service" - register: services_deploy_cloud_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_cloud_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_cloud_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_cloud_hosts_file.changed or - services_deploy_cloud_config_files.changed or - services_deploy_cloud_nextcloud_files.changed or - services_deploy_cloud_systemd_files.changed) and - services_deploy_cloud_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ + services_deploy_cloud_hosts_file.changed or + services_deploy_cloud_config_files.changed or + services_deploy_cloud_nextcloud_files.changed + }}" diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-chown.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-chown.service deleted file mode 100644 index 5c2aa0f..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-chown.service +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -After=pod-cloud.service -Before=pod-cloud-nextcloud.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-cloud.pod-id \ - --replace \ - -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ - -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ - -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ - --user=0 \ - --entrypoint="/bin/bash" \ - --name=%N \ - docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }} \ - -c "chown -R www-data:www-data /var/www/html /media/external" -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -Type=oneshot - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-cron.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-cron.service deleted file mode 100644 index f6f0190..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-cron.service +++ /dev/null @@ -1,38 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-cloud.service pod-cloud-nextcloud.service -After=pod-cloud.service pod-cloud-nextcloud.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-cloud.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ - -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ - -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ - --name=%N \ - docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }} \ - /cron.sh -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nextcloud.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nextcloud.service deleted file mode 100644 index ddcb08d..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nextcloud.service +++ /dev/null @@ -1,59 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-cloud.service pod-cloud-redis.service -After=pod-cloud.service pod-cloud-redis.service -Requires=pod-cloud-chown.service -After=pod-cloud-chown.service -Wants=pod-cloud-cron.service pod-cloud-nginx.service -Before=pod-cloud-cron.service pod-cloud-nginx.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-cloud.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ - -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ - -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ - -v ./.config/service/database.name:/run/secrets/database.name:ro \ - -v ./.config/service/database.user:/run/secrets/database.user:ro \ - -v ./.config/service/database.password:/run/secrets/database.password:ro \ - -e POSTGRES_HOST=pod-database:5432 \ - -e POSTGRES_DB_FILE=/run/secrets/database.name \ - -e POSTGRES_USER_FILE=/run/secrets/database.user \ - -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ - -e REDIS_HOST=localhost \ - -e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[services_service_name].domain }}" \ - -e OVERWRITEPROTOCOL="https" \ - -e SMTP_HOST="{{ services[services_service_name].smtp.host }}" \ - -e SMTP_SECURE="ssl" \ - -e SMTP_PORT=465 \ - -e SMTP_AUTHTYPE="PLAIN" \ - -e SMTP_NAME="{{ services[services_service_name].smtp.user }}" \ - -e SMTP_PASSWORD="{{ services[services_service_name].smtp.password }}" \ - -e MAIL_FROM_ADDRESS="cloud" \ - -e MAIL_DOMAIN="{{ services[services_service_name].domain }}" \ - --name=%N \ - docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nginx.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nginx.service deleted file mode 100644 index 47c789a..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-nginx.service +++ /dev/null @@ -1,36 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-cloud.service pod-cloud-nextcloud.service -After=pod-cloud.service pod-cloud-nextcloud.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-cloud.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ - -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ - --name=%N \ - docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-redis.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-redis.service deleted file mode 100644 index 3476966..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud-redis.service +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-cloud.service -After=pod-cloud.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-cloud.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v %N---data:/data \ - --name=%N \ - docker.io/library/redis:{{ services_service_deploy_versions.redis }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service b/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service deleted file mode 100644 index 481ba63..0000000 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/pod-cloud.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-cloud-nextcloud.service -Before=pod-cloud-nextcloud.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-cloud -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/cloud/vars/main.yml b/playbooks/roles/services/deploy/cloud/vars/main.yml new file mode 100644 index 0000000..1427153 --- /dev/null +++ b/playbooks/roles/services/deploy/cloud/vars/main.yml @@ -0,0 +1,73 @@ +--- +services_deploy_pod: + wants: + - "nextcloud" + oneshot: + chown: + image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}" + before: + - "nextcloud" + podman_run_args: + - "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html" + - "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data" + - "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external" + - "--user=0" + - "--entrypoint=\"/bin/bash\"" + cmd_args: + - "-c \"chown -R www-data:www-data /var/www/html /media/external\"" + containers: + cron: + image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}" + binds_to: + - "nextcloud" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html" + - "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data" + - "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external" + cmd_args: + - "/cron.sh" + nextcloud: + image: "docker.io/library/nextcloud:{{ services_service_deploy_versions.nextcloud }}" + binds_to: + - "redis" + requires: + - "chown" + wants: + - "cron" + - "nginx" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html" + - "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data" + - "-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external" + - "-v ./.config/service/database.name:/run/secrets/database.name:ro" + - "-v ./.config/service/database.user:/run/secrets/database.user:ro" + - "-v ./.config/service/database.password:/run/secrets/database.password:ro" + - "-e POSTGRES_HOST=pod-database:5432" + - "-e POSTGRES_DB_FILE=/run/secrets/database.name" + - "-e POSTGRES_USER_FILE=/run/secrets/database.user" + - "-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password" + - "-e REDIS_HOST=localhost" + - "-e NEXTCLOUD_TRUSTED_DOMAINS=\"{{ services[services_service_name].domain }}\"" + - "-e OVERWRITEPROTOCOL=\"https\"" + - "-e SMTP_HOST=\"{{ services[services_service_name].smtp.host }}\"" + - "-e SMTP_SECURE=\"ssl\"" + - "-e SMTP_PORT=465" + - "-e SMTP_AUTHTYPE=\"PLAIN\"" + - "-e SMTP_NAME=\"{{ services[services_service_name].smtp.user }}\"" + - "-e SMTP_PASSWORD=\"{{ services[services_service_name].smtp.password }}\"" + - "-e MAIL_FROM_ADDRESS=\"cloud\"" + - "-e MAIL_DOMAIN=\"{{ services[services_service_name].domain }}\"" + nginx: + image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}" + binds_to: + - "nextcloud" + podman_run_args: + - "-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro" + - "-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html" + - "-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data" + redis: + image: "docker.io/library/redis:{{ services_service_deploy_versions.redis }}" + podman_run_args: + - "-v %N---data:/data" diff --git a/playbooks/roles/services/deploy/dash/tasks/main.yml b/playbooks/roles/services/deploy/dash/tasks/main.yml index 7898f33..98e5d34 100644 --- a/playbooks/roles/services/deploy/dash/tasks/main.yml +++ b/playbooks/roles/services/deploy/dash/tasks/main.yml @@ -4,11 +4,6 @@ name: "services/include" vars_from: "user" -- name: "stat the grafana password file" - ansible.builtin.stat: - path: "{{ services_service_user_home }}/.config/service/admin.password" - register: services_deploy_dash_grafana_password_file_stat - - block: - name: "configure hosts file" @@ -18,45 +13,10 @@ mode: 0644 register: services_deploy_dash_hosts_file - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-dash.service" - - "pod-dash-grafana.service" - register: services_deploy_dash_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_dash_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_dash_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_dash_hosts_file.changed or - services_deploy_dash_systemd_files.changed) and - services_deploy_dash_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ services_deploy_dash_hosts_file.changed }}" diff --git a/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash-grafana.service b/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash-grafana.service deleted file mode 100644 index 38419e2..0000000 --- a/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash-grafana.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-dash.service -After=pod-dash.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-dash.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v {{ services_data_directory }}/pod-dash/data/_data:/var/lib/grafana:U \ - --name=%N \ - docker.io/grafana/grafana:{{ services_service_deploy_versions.grafana }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash.service b/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash.service deleted file mode 100644 index 5171a22..0000000 --- a/playbooks/roles/services/deploy/dash/templates/systemd/pod-dash.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-dash-grafana.service -Before=pod-dash-grafana.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-dash -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-dash -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-dash -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/dash/vars/main.yml b/playbooks/roles/services/deploy/dash/vars/main.yml new file mode 100644 index 0000000..0533c2f --- /dev/null +++ b/playbooks/roles/services/deploy/dash/vars/main.yml @@ -0,0 +1,10 @@ +--- +services_deploy_pod: + wants: + - "grafana" + containers: + grafana: + image: "docker.io/grafana/grafana:{{ services_service_deploy_versions.grafana }}" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v {{ services_data_directory }}/pod-dash/data/_data:/var/lib/grafana:U" diff --git a/playbooks/roles/services/deploy/database/tasks/main.yml b/playbooks/roles/services/deploy/database/tasks/main.yml index 541b6b5..d1b18d7 100644 --- a/playbooks/roles/services/deploy/database/tasks/main.yml +++ b/playbooks/roles/services/deploy/database/tasks/main.yml @@ -32,47 +32,13 @@ mode: 0600 register: services_deploy_database_postgres_password_file - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-database.service" - - "pod-database-postgres.service" - - "pod-database-pgadmin.service" - register: services_deploy_database_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_database_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_database_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_database_postgres_password_file.changed or - services_deploy_database_pgadmin_password_file.changed or - services_deploy_database_systemd_files.changed) and - services_deploy_database_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ + services_deploy_database_postgres_password_file.changed or + services_deploy_database_pgadmin_password_file.changed + }}" diff --git a/playbooks/roles/services/deploy/database/templates/systemd/pod-database-pgadmin.service b/playbooks/roles/services/deploy/database/templates/systemd/pod-database-pgadmin.service deleted file mode 100644 index 9e5df46..0000000 --- a/playbooks/roles/services/deploy/database/templates/systemd/pod-database-pgadmin.service +++ /dev/null @@ -1,37 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-database.service pod-database-postgres.service -After=pod-database.service pod-database-postgres.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-database.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin:U \ - -v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:U,ro \ - -e PGADMIN_DEFAULT_EMAIL="{{ services[services_service_name].pgadmin.email }}" \ - -e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password \ - --name=%N \ - docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/database/templates/systemd/pod-database-postgres.service b/playbooks/roles/services/deploy/database/templates/systemd/pod-database-postgres.service deleted file mode 100644 index c89f631..0000000 --- a/playbooks/roles/services/deploy/database/templates/systemd/pod-database-postgres.service +++ /dev/null @@ -1,40 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-database.service -After=pod-database.service -Wants=pod-database-pgadmin.service -Before=pod-database-pgadmin.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-database.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/database.password:/run/secrets/database.password:ro \ - -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ - -v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \ - -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \ - -v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \ - --name=%N \ - docker.io/library/postgres:{{ services_service_deploy_versions.postgres }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/database/templates/systemd/pod-database.service b/playbooks/roles/services/deploy/database/templates/systemd/pod-database.service deleted file mode 100644 index c0401f5..0000000 --- a/playbooks/roles/services/deploy/database/templates/systemd/pod-database.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-database-postgres.service -Before=pod-database-postgres.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-database -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/database/vars/main.yml b/playbooks/roles/services/deploy/database/vars/main.yml new file mode 100644 index 0000000..ea5ccb4 --- /dev/null +++ b/playbooks/roles/services/deploy/database/vars/main.yml @@ -0,0 +1,24 @@ +--- +services_deploy_pod: + wants: + - "postgres" + containers: + postgres: + image: "docker.io/library/postgres:{{ services_service_deploy_versions.postgres }}" + wants: + - "pgadmin" + podman_run_args: + - "-v ./.config/service/database.password:/run/secrets/database.password:ro" + - "-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password" + - "-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal" + - "-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal" + - "-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data" + pgadmin: + image: "docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }}" + binds_to: + - "postgres" + podman_run_args: + - "-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin:U" + - "-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:U,ro" + - "-e PGADMIN_DEFAULT_EMAIL=\"{{ services[services_service_name].pgadmin.email }}\"" + - "-e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password" diff --git a/playbooks/roles/services/deploy/git/tasks/main.yml b/playbooks/roles/services/deploy/git/tasks/main.yml index 8e02f39..610298e 100644 --- a/playbooks/roles/services/deploy/git/tasks/main.yml +++ b/playbooks/roles/services/deploy/git/tasks/main.yml @@ -13,45 +13,10 @@ mode: 0644 register: services_deploy_git_hosts_file - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-git.service" - - "pod-git-gitea.service" - register: services_deploy_git_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_git_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_git_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_git_hosts_file.changed or - services_deploy_git_systemd_files.changed) and - services_deploy_git_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ services_deploy_git_hosts_file.changed }}" diff --git a/playbooks/roles/services/deploy/git/templates/systemd/pod-git-gitea.service b/playbooks/roles/services/deploy/git/templates/systemd/pod-git-gitea.service deleted file mode 100644 index 4335568..0000000 --- a/playbooks/roles/services/deploy/git/templates/systemd/pod-git-gitea.service +++ /dev/null @@ -1,58 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-git.service -After=pod-git.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-git.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v {{ services_data_directory }}/pod-git/data/_data:/data \ - -v /etc/timezone:/etc/timezone:ro \ - -v /etc/localtime:/etc/localtime:ro \ - -e USER_UID="1000" \ - -e USER_GID="1000" \ - -e GITEA__database__DB_TYPE="postgres" \ - -e GITEA__database__HOST="pod-database:5432" \ - -e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \ - -e GITEA__database__USER="{{ services[services_service_name].database.user }}" \ - -e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \ - -e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \ - -e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \ - -e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \ - -e GITEA__server__START_SSH_SERVER="true" \ - -e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \ - -e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \ - -e GITEA__mailer__ENABLED="true" \ - -e GITEA__mailer__FROM="Gitea " \ - -e GITEA__mailer__MAILER_TYPE="smtp" \ - -e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \ - -e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \ - -e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \ - -e GITEA__service__DISABLE_REGISTRATION="true" \ - -e GITEA__service__ENABLE_NOTIFY_MAIL="true" \ - --name=%N \ - docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service b/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service deleted file mode 100644 index c51e998..0000000 --- a/playbooks/roles/services/deploy/git/templates/systemd/pod-git.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-git-gitea.service -Before=pod-git-gitea.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-git -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/git/vars/main.yml b/playbooks/roles/services/deploy/git/vars/main.yml new file mode 100644 index 0000000..2fdd351 --- /dev/null +++ b/playbooks/roles/services/deploy/git/vars/main.yml @@ -0,0 +1,33 @@ +--- +services_deploy_pod: + wants: + - "gitea" + containers: + gitea: + image: "docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v {{ services_data_directory }}/pod-git/data/_data:/data" + - "-v /etc/timezone:/etc/timezone:ro" + - "-v /etc/localtime:/etc/localtime:ro" + - "-e USER_UID=\"1000\"" + - "-e USER_GID=\"1000\"" + - "-e GITEA__database__DB_TYPE=\"postgres\"" + - "-e GITEA__database__HOST=\"pod-database:5432\"" + - "-e GITEA__database__NAME=\"{{ services[services_service_name].database.name }}\"" + - "-e GITEA__database__USER=\"{{ services[services_service_name].database.user }}\"" + - "-e GITEA__database__PASSWD=\"{{ services[services_service_name].database.password }}\"" + - "-e GITEA__server__DOMAIN=\"{{ services[services_service_name].domain }}\"" + - "-e GITEA__server__SSH_DOMAIN=\"{{ services[services_service_name].domain }}\"" + - "-e GITEA__server__ROOT_URL=\"https://%(DOMAIN)s/\"" + - "-e GITEA__server__START_SSH_SERVER=\"true\"" + - "-e GITEA__server__SSH_PORT=\"{{ services[services_service_name].ssh_port }}\"" + - "-e GITEA__server__SSH_LISTEN_PORT=\"{{ services[services_service_name].ssh_port }}\"" + - "-e GITEA__mailer__ENABLED=\"true\"" + - "-e GITEA__mailer__FROM=\"Gitea \"" + - "-e GITEA__mailer__MAILER_TYPE=\"smtp\"" + - "-e GITEA__mailer__HOST=\"{{ services[services_service_name].smtp.host }}\"" + - "-e GITEA__mailer__USER=\"{{ services[services_service_name].smtp.user }}\"" + - "-e GITEA__mailer__PASSWD=\"{{ services[services_service_name].smtp.password }}\"" + - "-e GITEA__service__DISABLE_REGISTRATION=\"true\"" + - "-e GITEA__service__ENABLE_NOTIFY_MAIL=\"true\"" diff --git a/playbooks/roles/services/deploy/metrics/tasks/main.yml b/playbooks/roles/services/deploy/metrics/tasks/main.yml index badbb09..dc99369 100644 --- a/playbooks/roles/services/deploy/metrics/tasks/main.yml +++ b/playbooks/roles/services/deploy/metrics/tasks/main.yml @@ -20,46 +20,13 @@ mode: 0644 register: services_deploy_metrics_prometheus_file - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-metrics.service" - - "pod-metrics-prometheus.service" - register: services_deploy_metrics_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_metrics_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_metrics_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_metrics_hosts_file.changed or - services_deploy_metrics_prometheus_file.changed or - services_deploy_metrics_systemd_files.changed) and - services_deploy_metrics_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ + services_deploy_metrics_hosts_file.changed or + services_deploy_metrics_prometheus_file.changed + }}" diff --git a/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics-prometheus.service b/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics-prometheus.service deleted file mode 100644 index abf8d9a..0000000 --- a/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics-prometheus.service +++ /dev/null @@ -1,39 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-metrics.service -After=pod-metrics.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-metrics.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v ./.config/service/prometheus.yml:/etc/prometheus/prometheus.yml:U \ - -v {{ services_data_directory }}/pod-metrics/data/_data:/prometheus:U \ - --name=%N \ - docker.io/prom/prometheus:{{ services_service_deploy_versions.prometheus }} -# Careful about appending CLI arguments - in addition to the new arguments, all the arguments from -# the upstream Dockerfile must also be re-appended and it is not possible it use the configuration -# file to configure some arguments: https://github.com/prometheus/prometheus/issues/6188 -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics.service b/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics.service deleted file mode 100644 index b6e727f..0000000 --- a/playbooks/roles/services/deploy/metrics/templates/systemd/pod-metrics.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-metrics-prometheus.service -Before=pod-metrics-prometheus.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-metrics -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-metrics -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-metrics -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/metrics/vars/main.yml b/playbooks/roles/services/deploy/metrics/vars/main.yml new file mode 100644 index 0000000..695877c --- /dev/null +++ b/playbooks/roles/services/deploy/metrics/vars/main.yml @@ -0,0 +1,14 @@ +--- +services_deploy_pod: + wants: + - "prometheus" + containers: + prometheus: + image: "docker.io/prom/prometheus:{{ services_service_deploy_versions.prometheus }}" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v ./.config/service/prometheus.yml:/etc/prometheus/prometheus.yml:U" + - "-v {{ services_data_directory }}/pod-metrics/data/_data:/prometheus:U" +# Careful about appending cmd_args - in addition to the new arguments, all the arguments from the +# upstream Dockerfile must also be re-appended and it is not possible it use the configuration file +# to configure some arguments: https://github.com/prometheus/prometheus/issues/6188 diff --git a/playbooks/roles/services/deploy/music/tasks/main.yml b/playbooks/roles/services/deploy/music/tasks/main.yml index e23b450..baa3bb7 100644 --- a/playbooks/roles/services/deploy/music/tasks/main.yml +++ b/playbooks/roles/services/deploy/music/tasks/main.yml @@ -4,47 +4,6 @@ name: "services/include" vars_from: "user" -- block: - - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-music.service" - - "pod-music-collection.service" - - "pod-music-archive.service" - register: services_deploy_music_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_music_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_music_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - services_deploy_music_systemd_files.changed and - services_deploy_music_service_active_state.stdout == "active" - - become_user: "{{ services_service_user_name }}" +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" diff --git a/playbooks/roles/services/deploy/music/templates/systemd/pod-music-archive.service b/playbooks/roles/services/deploy/music/templates/systemd/pod-music-archive.service deleted file mode 100644 index cc296df..0000000 --- a/playbooks/roles/services/deploy/music/templates/systemd/pod-music-archive.service +++ /dev/null @@ -1,40 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-music.service -After=pod-music.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-music.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-music/archive/_data:/data \ - -v {{ services_host_services[services_service_name].archive_path }}:/music:ro \ - -e ND_PORT="8080" \ - -e ND_IGNOREDARTICLES="The El La Los Las Le Les Os O A" \ - -e ND_ENABLESTARRATING="false" \ - -e ND_LASTFM_ENABLED="false" \ - -e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \ - --name=%N \ - docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/music/templates/systemd/pod-music-collection.service b/playbooks/roles/services/deploy/music/templates/systemd/pod-music-collection.service deleted file mode 100644 index 63b6144..0000000 --- a/playbooks/roles/services/deploy/music/templates/systemd/pod-music-collection.service +++ /dev/null @@ -1,40 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-music.service -After=pod-music.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-music.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-music/collection/_data:/data \ - -v {{ services_host_services[services_service_name].collection_path }}:/music:ro \ - -e ND_PORT="80" \ - -e ND_IGNOREDARTICLES="The El La Los Las Le Les Os O A" \ - -e ND_ENABLESTARRATING="false" \ - -e ND_LASTFM_ENABLED="false" \ - -e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }} \ - --name=%N \ - docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service b/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service deleted file mode 100644 index c1fbf3b..0000000 --- a/playbooks/roles/services/deploy/music/templates/systemd/pod-music.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-music-collection.service pod-music-archive.service -Before=pod-music-collection.service pod-music-archive.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-music -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/music/vars/main.yml b/playbooks/roles/services/deploy/music/vars/main.yml new file mode 100644 index 0000000..64fd1ea --- /dev/null +++ b/playbooks/roles/services/deploy/music/vars/main.yml @@ -0,0 +1,26 @@ +--- +services_deploy_pod: + wants: + - "collection" + - "archive" + containers: + collection: + image: "docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}" + podman_run_args: + - "-v {{ services_data_directory }}/pod-music/collection/_data:/data" + - "-v {{ services_host_services[services_service_name].collection_path }}:/music:ro" + - "-e ND_PORT=\"80\"" + - "-e ND_IGNOREDARTICLES=\"The El La Los Las Le Les Os O A\"" + - "-e ND_ENABLESTARRATING=\"false\"" + - "-e ND_LASTFM_ENABLED=\"false\"" + - "-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }}" + archive: + image: "docker.io/deluan/navidrome:{{ services_service_deploy_versions.navidrome }}" + podman_run_args: + - "-v {{ services_data_directory }}/pod-music/archive/_data:/data" + - "-v {{ services_host_services[services_service_name].archive_path }}:/music:ro" + - "-e ND_PORT=\"8080\"" + - "-e ND_IGNOREDARTICLES=\"The El La Los Las Le Les Os O A\"" + - "-e ND_ENABLESTARRATING=\"false\"" + - "-e ND_LASTFM_ENABLED=\"false\"" + - "-e ND_PASSWORDENCRYPTIONKEY={{ services[services_service_name].password_encryption_key }}" diff --git a/playbooks/roles/services/deploy/notes/tasks/main.yml b/playbooks/roles/services/deploy/notes/tasks/main.yml index db4aa43..bc6f646 100644 --- a/playbooks/roles/services/deploy/notes/tasks/main.yml +++ b/playbooks/roles/services/deploy/notes/tasks/main.yml @@ -13,45 +13,10 @@ mode: 0644 register: services_deploy_notes_hosts_file - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-notes.service" - - "pod-notes-joplin.service" - register: services_deploy_notes_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_notes_systemd_files.changed - - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_notes_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_notes_hosts_file.changed or - services_deploy_notes_systemd_files.changed) and - services_deploy_notes_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ services_deploy_notes_hosts_file.changed }}" diff --git a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes-joplin.service b/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes-joplin.service deleted file mode 100644 index faa8be8..0000000 --- a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes-joplin.service +++ /dev/null @@ -1,52 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-notes.service -After=pod-notes.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-notes.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v {{ services_data_directory }}/pod-notes/data/_data:/data:U \ - -e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \ - -e APP_PORT="22300" \ - -e DB_CLIENT="pg" \ - -e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \ - -e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \ - -e POSTGRES_USER="{{ services[services_service_name].database.user }}" \ - -e POSTGRES_PORT="5432" \ - -e POSTGRES_HOST="pod-database" \ - -e MAILER_ENABLED="true" \ - -e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \ - -e MAILER_PORT=465 \ - -e MAILER_SECURITY="tls" \ - -e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \ - -e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \ - -e MAILER_NOREPLY_NAME="Joplin" \ - -e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \ - -e STORAGE_DRIVER="Type=Filesystem; Path=/data" \ - --name=%N \ - docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service b/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service deleted file mode 100644 index ffdfb2c..0000000 --- a/playbooks/roles/services/deploy/notes/templates/systemd/pod-notes.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-notes-joplin.service -Before=pod-notes-joplin.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-notes -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/notes/vars/main.yml b/playbooks/roles/services/deploy/notes/vars/main.yml new file mode 100644 index 0000000..a74ebcc --- /dev/null +++ b/playbooks/roles/services/deploy/notes/vars/main.yml @@ -0,0 +1,27 @@ +--- +services_deploy_pod: + wants: + - "joplin" + containers: + joplin: + image: "docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}" + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v {{ services_data_directory }}/pod-notes/data/_data:/data:U" + - "-e APP_BASE_URL=\"https://{{ services[services_service_name].domain }}\"" + - "-e APP_PORT=\"22300\"" + - "-e DB_CLIENT=\"pg\"" + - "-e POSTGRES_PASSWORD=\"{{ services[services_service_name].database.password }}\"" + - "-e POSTGRES_DATABASE=\"{{ services[services_service_name].database.name }}\"" + - "-e POSTGRES_USER=\"{{ services[services_service_name].database.user }}\"" + - "-e POSTGRES_PORT=\"5432\"" + - "-e POSTGRES_HOST=\"pod-database\"" + - "-e MAILER_ENABLED=\"true\"" + - "-e MAILER_HOST=\"{{ services[services_service_name].smtp.host }}\"" + - "-e MAILER_PORT=465" + - "-e MAILER_SECURITY=\"tls\"" + - "-e MAILER_AUTH_USER=\"{{ services[services_service_name].smtp.user }}\"" + - "-e MAILER_AUTH_PASSWORD=\"{{ services[services_service_name].smtp.password }}\"" + - "-e MAILER_NOREPLY_NAME=\"Joplin\"" + - "-e MAILER_NOREPLY_EMAIL=\"noreply@{{ services[services_service_name].domain }}\"" + - "-e STORAGE_DRIVER=\"Type=Filesystem; Path=/data\"" diff --git a/playbooks/roles/services/deploy/pod/defaults/main.yml b/playbooks/roles/services/deploy/pod/defaults/main.yml new file mode 100644 index 0000000..9bc3883 --- /dev/null +++ b/playbooks/roles/services/deploy/pod/defaults/main.yml @@ -0,0 +1,2 @@ +--- +services_deploy_pod_needs_restart: false diff --git a/playbooks/roles/services/deploy/pod/meta/argument_specs.yml b/playbooks/roles/services/deploy/pod/meta/argument_specs.yml new file mode 100644 index 0000000..f3542ec --- /dev/null +++ b/playbooks/roles/services/deploy/pod/meta/argument_specs.yml @@ -0,0 +1,23 @@ +--- +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true + services_service_name: + type: "str" + required: true + services_service_user_name: + type: "str" + required: true + services_service_user_home: + type: "str" + required: true + services_deploy_pod: + type: "dict" + elem: "dict" + required: true + services_deploy_pod_needs_restart: + type: "bool" + required: false diff --git a/playbooks/roles/services/deploy/pod/tasks/main.yml b/playbooks/roles/services/deploy/pod/tasks/main.yml new file mode 100644 index 0000000..8a8367b --- /dev/null +++ b/playbooks/roles/services/deploy/pod/tasks/main.yml @@ -0,0 +1,98 @@ +--- +- block: + + - name: "{{ services_service_name }} : configure pod" + ansible.builtin.template: + src: "./pod.service" + dest: "\ + {{ services_service_user_home }}/.config/systemd/user/\ + pod-{{ services_service_name }}.service" + mode: 0600 + vars: + services_deploy_pod_pod_wants: "\ + {{ [( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod.wants) | map('join') | + product(['.service']) | map('join') }}" + register: services_deploy_pod_pod_file + + - name: "{{ services_service_name }} : configure oneshot containers" + ansible.builtin.template: + src: "./oneshot.service" + dest: "\ + {{ services_service_user_home }}/.config/systemd/user/\ + pod-{{ services_service_name }}-{{ item }}.service" + mode: 0600 + vars: + services_deploy_pod_oneshot: "{{ services_deploy_pod.oneshot[item] }}" + services_deploy_pod_oneshot_after: "\ + {{ [( 'pod-' ~ services_service_name )] | + union([( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod_oneshot.after | default([])) | map('join')) | + product(['.service']) | map('join') }}" + services_deploy_pod_oneshot_before: "\ + {{ [( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod_oneshot.before | default([])) | map('join') | + product(['.service']) | map('join') }}" + loop: "{{ (services_deploy_pod.oneshot | default({})).keys() }}" + register: services_deploy_pod_oneshot_files + + - name: "{{ services_service_name }} : configure daemon containers" + ansible.builtin.template: + src: "./container.service" + dest: "\ + {{ services_service_user_home }}/.config/systemd/user/\ + pod-{{ services_service_name }}-{{ item }}.service" + mode: 0600 + vars: + services_deploy_pod_container: "{{ services_deploy_pod.containers[item] }}" + services_deploy_pod_container_binds_to: "\ + {{ [( 'pod-' ~ services_service_name )] | + union([( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod_container.binds_to | default([])) | map('join')) | + product(['.service']) | map('join') }}" + services_deploy_pod_container_requires: "\ + {{ [( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod_container.requires | default([])) | map('join') | + product(['.service']) | map('join') }}" + services_deploy_pod_container_wants: "\ + {{ [( 'pod-' ~ services_service_name ~ '-')] | + product(services_deploy_pod_container.wants | default([])) | map('join') | + product(['.service']) | map('join') }}" + loop: "{{ services_deploy_pod.containers.keys() }}" + register: services_deploy_pod_container_files + + - name: "{{ services_service_name }} : systemd user daemon reload" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_pod_pod_file.changed or + services_deploy_pod_container_files.changed + + - name: "{{ services_service_name }} : get uid" + ansible.builtin.getent: + database: "passwd" + key: "{{ services_service_user_name }}" + + - name: "{{ services_service_name }} : get service status" + ansible.builtin.command: >- + systemctl --user show --property ActiveState --value + pod-{{ services_service_name }}.service + environment: + XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" + changed_when: false + register: services_deploy_pod_service_active_state + + - name: "{{ services_service_name }} : restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "restarted" + scope: "user" + when: + (services_deploy_pod_needs_restart or + services_deploy_pod_pod_file.changed or + services_deploy_pod_oneshot_files.changed or + services_deploy_pod_container_files.changed) and + services_deploy_pod_service_active_state.stdout == "active" + + become_user: "{{ services_service_user_name }}" diff --git a/playbooks/roles/services/deploy/pod/templates/container.service b/playbooks/roles/services/deploy/pod/templates/container.service new file mode 100644 index 0000000..3270050 --- /dev/null +++ b/playbooks/roles/services/deploy/pod/templates/container.service @@ -0,0 +1,46 @@ +[Unit] +Description=Podman %n +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +BindsTo={{ services_deploy_pod_container_binds_to | join(" ") }} +After={{ services_deploy_pod_container_binds_to | join(" ") }} +{% if services_deploy_pod_container_requires %} +Requires={{ services_deploy_pod_container_requires | join(" ") }} +After={{ services_deploy_pod_container_requires | join(" ") }} +{% endif %} +{% if services_deploy_pod_container_wants %} +Wants={{ services_deploy_pod_container_wants | join(" ") }} +Before={{ services_deploy_pod_container_wants | join(" ") }} +{% endif %} +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +{% for exec_start_pre in (services_deploy_pod_container.exec_start_pre | default([])) %} +ExecStartPre={{ exec_start_pre }} +{% endfor %} +ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/%N.pid \ + --cidfile %t/%N.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + --log-driver=journald \ + -dt \ + -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ +{% for podman_run_arg in (services_deploy_pod_container.podman_run_args | default([])) %} + {{ podman_run_arg }} \ +{% endfor %} + --name=%N \ + {{ services_deploy_pod_container.image }}{% + for cmd_arg in (services_deploy_pod_container.cmd_args | default([])) %} \ + {{ cmd_arg }}{% endfor %}{{ '' }} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id +PIDFile=%t/%N.pid +Type=forking diff --git a/playbooks/roles/services/deploy/pod/templates/oneshot.service b/playbooks/roles/services/deploy/pod/templates/oneshot.service new file mode 100644 index 0000000..54b07ed --- /dev/null +++ b/playbooks/roles/services/deploy/pod/templates/oneshot.service @@ -0,0 +1,28 @@ +[Unit] +Description=Podman %n +Documentation=man:podman-generate-systemd(1) +After={{ services_deploy_pod_oneshot_after | join(" ") }} +{% if services_deploy_pod_oneshot_before %} +Before={{ services_deploy_pod_oneshot_before | join(" ") }} +{% endif %} +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/%N.pid \ + --cidfile %t/%N.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-cloud.pod-id \ + --replace \ +{% for podman_run_arg in (services_deploy_pod_oneshot.podman_run_args | default([])) %} + {{ podman_run_arg }} \ +{% endfor %} + --name=%N \ + {{ services_deploy_pod_oneshot.image }}{% + for cmd_arg in (services_deploy_pod_oneshot.cmd_args | default([])) %} \ + {{ cmd_arg }}{% endfor %}{{ '' }} +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id +Type=oneshot diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service b/playbooks/roles/services/deploy/pod/templates/pod.service similarity index 92% rename from playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service rename to playbooks/roles/services/deploy/pod/templates/pod.service index 22b0316..06e45e1 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy.service +++ b/playbooks/roles/services/deploy/pod/templates/pod.service @@ -3,8 +3,8 @@ Description=Podman %n Documentation=man:podman-generate-systemd(1) Wants=network.target After=network-online.target -Wants=pod-{{ services_service_name }}-nginx.service -Before=pod-{{ services_service_name }}-nginx.service +Wants={{ services_deploy_pod_pod_wants | join(" ") }} +Before={{ services_deploy_pod_pod_wants | join(" ") }} OnFailure=status-mail@%n.service [Service] diff --git a/playbooks/roles/services/deploy/rproxy/tasks/main.yml b/playbooks/roles/services/deploy/rproxy/tasks/main.yml index faa87ea..108a44f 100644 --- a/playbooks/roles/services/deploy/rproxy/tasks/main.yml +++ b/playbooks/roles/services/deploy/rproxy/tasks/main.yml @@ -6,13 +6,6 @@ - block: - - name: "{{ services_service_name }} : configure hosts file" - ansible.builtin.template: - src: "hosts" - dest: "{{ services_service_user_home }}/.config/service/hosts" - mode: 0644 - register: services_deploy_rproxy_hosts_file - - name: "{{ services_service_name }} : create nginx conf.d" ansible.builtin.file: path: "{{ services_service_user_home }}/.config/service/nginx-conf.d" @@ -48,26 +41,6 @@ mode: 0600 register: services_deploy_rproxy_crontabs_root - - name: "{{ services_service_name }} : configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "\ - {{ services_service_user_home }}/.config/systemd/user/\ - {{ item | replace('rproxy', services_service_name) }}" - mode: 0600 - loop: - - "pod-rproxy.service" - - "pod-rproxy-nginx.service" - - "pod-rproxy-certbot.service" - register: services_deploy_rproxy_systemd_files - - - name: "{{ services_service_name }} : systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_rproxy_systemd_files.changed - - name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters" ansible.builtin.command: >- openssl dhparam --out /{{ services_service_user_home }}/.config/service/dhparam.pem 4096 @@ -75,33 +48,24 @@ creates: "{{ services_service_user_home }}/.config/service/dhparam.pem" register: services_deploy_rproxy_dhparam - - name: "{{ services_service_name }} : get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "{{ services_service_name }} : get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_rproxy_service_active_state - - - name: "{{ services_service_name }} : restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - (services_deploy_rproxy_hosts_file.changed or - services_deploy_rproxy_generic_config.changed or - services_deploy_rproxy_stream_config.changed or - services_deploy_rproxy_subdomain_config_files.changed or - services_deploy_rproxy_crontabs_root.changed or - services_deploy_rproxy_systemd_files.changed or - services_deploy_rproxy_dhparam.changed) and - services_deploy_rproxy_service_active_state.stdout == "active" + - name: "{{ services_service_name }} : configure hosts file" + ansible.builtin.template: + src: "./hosts" + dest: "{{ services_service_user_home }}/.config/service/hosts" + mode: 0644 + register: services_deploy_rproxy_hosts_file become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" + vars: + services_deploy_pod_needs_restart: "{{ + services_deploy_rproxy_generic_config.changed or + services_deploy_rproxy_stream_config.changed or + services_deploy_rproxy_subdomain_config_files.changed or + services_deploy_rproxy_crontabs_root.changed or + services_deploy_rproxy_dhparam.changed or + services_deploy_rproxy_hosts_file.changed + }}" diff --git a/playbooks/roles/services/deploy/rproxy/templates/hosts b/playbooks/roles/services/deploy/rproxy/templates/hosts index 75511c8..e6bf2fb 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/hosts +++ b/playbooks/roles/services/deploy/rproxy/templates/hosts @@ -3,7 +3,7 @@ ff02::1 ip6-allnodes ff02::2 ip6-allrouters -127.0.1.1 {{ services_service_name }} +127.0.1.1 pod-{{ services_service_name }} {% for service in ( services_all_services | dict2items ) %} {{ service.value.inet6_address }} pod-{{ service.key }} diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-certbot.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-certbot.service deleted file mode 100644 index 54e53f0..0000000 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-certbot.service +++ /dev/null @@ -1,40 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-{{ services_service_name }}.service pod-{{ services_service_name }}-nginx.service -After=pod-{{ services_service_name }}.service pod-{{ services_service_name }}-nginx.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ - -v var-lib-letsencrypt:/var/lib/letsencrypt \ - -v var-www-html:/var/www/html \ - -v ./.config/service/crontabs-root:/etc/crontabs/root \ - -v /etc/timezone:/etc/timezone:ro \ - -v /etc/localtime:/etc/localtime:ro \ - --name=%N \ - --entrypoint=/usr/sbin/crond \ - docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }} -f -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-nginx.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-nginx.service deleted file mode 100644 index cb4bef8..0000000 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/pod-rproxy-nginx.service +++ /dev/null @@ -1,45 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-{{ services_service_name }}.service -After=pod-{{ services_service_name }}.service -Wants=pod-{{ services_service_name }}-certbot.service -Before=pod-{{ services_service_name }}-certbot.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf' -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/hosts:/etc/hosts:ro \ - -v %t/resolver.conf:/etc/nginx/resolver.conf:ro \ - -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \ - -v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \ - -v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ - -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ - -v var-www-html:/var/www/html \ - --name=%N \ - docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/rproxy/vars/main.yml b/playbooks/roles/services/deploy/rproxy/vars/main.yml new file mode 100644 index 0000000..5214e28 --- /dev/null +++ b/playbooks/roles/services/deploy/rproxy/vars/main.yml @@ -0,0 +1,39 @@ +--- +services_deploy_pod: + wants: + - "nginx" + containers: + nginx: + image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}" + wants: + - "certbot" + exec_start_pre: + - >- + /usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' + {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf' + podman_run_args: + - "-v ./.config/service/hosts:/etc/hosts:ro" + - "-v %t/resolver.conf:/etc/nginx/resolver.conf:ro" + - "-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro" + - "-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro" + - "-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro" + - "-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro" + - "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\ + /etc/letsencrypt:ro" + - "-v var-lib-letsencrypt:/var/lib/letsencrypt:ro" + - "-v var-www-html:/var/www/html" + certbot: + image: "docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }}" + binds_to: + - "nginx" + podman_run_args: + - "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\ + /etc/letsencrypt" + - "-v var-lib-letsencrypt:/var/lib/letsencrypt" + - "-v var-www-html:/var/www/html" + - "-v ./.config/service/crontabs-root:/etc/crontabs/root" + - "-v /etc/timezone:/etc/timezone:ro" + - "-v /etc/localtime:/etc/localtime:ro" + - "--entrypoint=/usr/sbin/crond" + cmd_args: + - "-f" diff --git a/playbooks/roles/services/deploy/www/tasks/main.yml b/playbooks/roles/services/deploy/www/tasks/main.yml index 3e74817..42702aa 100644 --- a/playbooks/roles/services/deploy/www/tasks/main.yml +++ b/playbooks/roles/services/deploy/www/tasks/main.yml @@ -31,23 +31,6 @@ - block: - - name: "configure systemd service" - ansible.builtin.template: - src: "./systemd/{{ item }}" - dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" - mode: 0600 - loop: - - "pod-www.service" - - "pod-www-nginx.service" - register: services_deploy_www_systemd_files - - - name: "systemd user daemon reload" - ansible.builtin.systemd: - daemon_reload: true - scope: "user" - when: - services_deploy_www_systemd_files.changed - - name: "clone website repository" ansible.builtin.git: repo: "\ @@ -66,27 +49,8 @@ when: services_deploy_www_webiste_git.changed - - name: "get uid" - ansible.builtin.getent: - database: "passwd" - key: "{{ services_service_user_name }}" - - - name: "get service status" - ansible.builtin.command: >- - systemctl --user show --property ActiveState --value - pod-{{ services_service_name }}.service - environment: - XDG_RUNTIME_DIR: "/run/user/{{ getent_passwd[services_service_user_name].1 }}" - changed_when: false - register: services_deploy_www_service_active_state - - - name: "restart the service" - ansible.builtin.systemd: - name: "pod-{{ services_service_name }}.service" - state: "restarted" - scope: "user" - when: - services_deploy_www_systemd_files.changed and - services_deploy_www_service_active_state.stdout == "active" - become_user: "{{ services_service_user_name }}" + +- name: "{{ services_service_name }} : configure systemd service" + ansible.builtin.include_role: + name: "services/deploy/pod" diff --git a/playbooks/roles/services/deploy/www/templates/systemd/pod-www-nginx.service b/playbooks/roles/services/deploy/www/templates/systemd/pod-www-nginx.service deleted file mode 100644 index 0091401..0000000 --- a/playbooks/roles/services/deploy/www/templates/systemd/pod-www-nginx.service +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -BindsTo=pod-www.service -After=pod-www.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.ctr-id -ExecStart=/usr/bin/podman run \ - --conmon-pidfile %t/%N.pid \ - --cidfile %t/%N.ctr-id \ - --cgroups=no-conmon \ - --pod-id-file %t/pod-www.pod-id \ - --replace \ - --label "io.containers.autoupdate=image" \ - --log-driver=journald \ - -dt \ - -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \ - --name=%N \ - docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} -ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%N.ctr-id -t 10 -ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%N.ctr-id -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/www/templates/systemd/pod-www.service b/playbooks/roles/services/deploy/www/templates/systemd/pod-www.service deleted file mode 100644 index cbdb2cf..0000000 --- a/playbooks/roles/services/deploy/www/templates/systemd/pod-www.service +++ /dev/null @@ -1,33 +0,0 @@ -[Unit] -Description=Podman %n -Documentation=man:podman-generate-systemd(1) -Wants=network.target -After=network-online.target -Wants=pod-www-nginx.service -Before=pod-www-nginx.service -OnFailure=status-mail@%n.service - -[Service] -Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=on-failure -TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%N.pid %t/%N.pod-id -ExecStartPre=/usr/bin/podman pod create \ - --infra-conmon-pidfile %t/%N.pid \ - --pod-id-file %t/%N.pod-id \ - --name=%N \ - --network=none \ - --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/%N.pod-id -ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman pod inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" %N) > {{ services_containers_directory }}/%N/pidfile' -ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www -ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-www -ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/%N.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/%N.pod-id -ExecStopPost=/bin/rm -f {{ services_containers_directory }}/%N/pidfile -PIDFile=%t/%N.pid -Type=forking - -[Install] -WantedBy=multi-user.target default.target diff --git a/playbooks/roles/services/deploy/www/vars/main.yml b/playbooks/roles/services/deploy/www/vars/main.yml new file mode 100644 index 0000000..f4b1ede --- /dev/null +++ b/playbooks/roles/services/deploy/www/vars/main.yml @@ -0,0 +1,9 @@ +--- +services_deploy_pod: + wants: + - "nginx" + containers: + nginx: + image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}" + podman_run_args: + - "-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro"