Port cloud service
This commit is contained in:
parent
0a1e0625ab
commit
b126304227
@ -27,6 +27,9 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items |
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
services_all_hosts: "{{ groups['asgard'] }}"
|
||||
services_all_services: "{{
|
||||
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |
|
||||
flatten | items2dict }}"
|
||||
|
||||
services:
|
||||
rproxy: {}
|
||||
|
@ -1,9 +0,0 @@
|
||||
---
|
||||
- name: "Deploy services"
|
||||
hosts: asgard
|
||||
|
||||
tasks:
|
||||
- include_tasks: tasks/services/c-deploy/01-service-deploy.yml
|
||||
with_items: "{{ host_services }}"
|
||||
loop_control:
|
||||
loop_var: service_name
|
@ -1 +0,0 @@
|
||||
{{ services[service_name].admin_password }}
|
@ -1 +0,0 @@
|
||||
{{ services[service_name].admin_user }}
|
@ -1 +0,0 @@
|
||||
{{ services[service_name].database_name }}
|
@ -1 +0,0 @@
|
||||
{{ services[service_name].database_password }}
|
@ -1 +0,0 @@
|
||||
{{ services[service_name].database_user }}
|
@ -1,3 +0,0 @@
|
||||
- block:
|
||||
- import_tasks: service-deploy/service.yml
|
||||
tags: "{{ service_name }}"
|
@ -1,48 +0,0 @@
|
||||
- block:
|
||||
|
||||
- name: Copy database name file
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.name.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.name"
|
||||
mode: 0600
|
||||
register: database_name_file
|
||||
|
||||
- name: Copy database user file
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.user.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.user"
|
||||
mode: 0600
|
||||
register: database_user_file
|
||||
|
||||
- name: Copy database password file
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password"
|
||||
mode: 0600
|
||||
register: database_password_file
|
||||
|
||||
- name: Copy admin user file
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.user.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.user"
|
||||
mode: 0600
|
||||
register: admin_user_file
|
||||
|
||||
- name: Copy admin password file
|
||||
template:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.password.j2"
|
||||
dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.password"
|
||||
mode: 0600
|
||||
register: admin_password_file
|
||||
|
||||
- name: Record changes
|
||||
set_fact:
|
||||
service_changed: true
|
||||
when:
|
||||
database_name_file is changed or
|
||||
database_user_file is changed or
|
||||
database_password_file is changed or
|
||||
admin_user_file is changed or
|
||||
admin_password_file is changed
|
||||
|
||||
become_user: "{{ service_user_name }}"
|
@ -1,70 +0,0 @@
|
||||
- block:
|
||||
|
||||
- name: Check if service configuration exists
|
||||
become: no
|
||||
delegate_to: localhost
|
||||
stat:
|
||||
path: "{{ local_service_home }}/.config/{{ service_user_name }}"
|
||||
register: local_service_path
|
||||
|
||||
- name: Synchronise service configuration
|
||||
copy:
|
||||
src: "{{ local_service_home }}/.config/{{ service_user_name }}"
|
||||
dest: "{{ service_home }}/.config"
|
||||
directory_mode: 0755
|
||||
mode: 0644
|
||||
register: service_synchronise
|
||||
when:
|
||||
local_service_path.stat.exists
|
||||
|
||||
- name: Configure {{ service_user_name }} SystemD service
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: /{{ service_home }}/.config/systemd/user/{{ item | basename | regex_replace('\.j2','') }}
|
||||
mode: 0644
|
||||
with_fileglob:
|
||||
- "{{ local_service_home }}/.config/systemd/user/*.j2"
|
||||
register: systemd_pod_service_files
|
||||
|
||||
- name: SystemD user daemon reload
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
scope: user
|
||||
when:
|
||||
systemd_pod_service_files is changed
|
||||
|
||||
- name: Reset service_changed variable
|
||||
set_fact:
|
||||
service_changed: false
|
||||
|
||||
- include_tasks: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "service.d/{{ service_name }}.yml"
|
||||
skip: true
|
||||
|
||||
- name: Enable the {{ service_name }} service
|
||||
systemd:
|
||||
name: "pod-{{ service_name }}.service"
|
||||
enabled: yes
|
||||
scope: user
|
||||
|
||||
- name: Start the {{ service_name }} service
|
||||
systemd:
|
||||
name: "pod-{{ service_name }}.service"
|
||||
state: started
|
||||
scope: user
|
||||
register: systemd_pod_service_start
|
||||
|
||||
- name: Restart the {{ service_name }} service
|
||||
systemd:
|
||||
name: "pod-{{ service_name }}.service"
|
||||
state: restarted
|
||||
scope: user
|
||||
when:
|
||||
(service_synchronise is changed or
|
||||
service_changed is true or
|
||||
systemd_pod_service_files is changed) and
|
||||
systemd_pod_service_start is not changed
|
||||
|
||||
become_user: "{{ service_user_name }}"
|
@ -100,3 +100,16 @@
|
||||
vars:
|
||||
services_service_name: "database"
|
||||
tags: "always"
|
||||
|
||||
- name: "deploy"
|
||||
ansible.builtin.include_role:
|
||||
name: "deploy/cloud"
|
||||
apply:
|
||||
tags:
|
||||
- "services:{{ services_service_name }}"
|
||||
- "services:deploy"
|
||||
- "services:deploy:{{ services_service_name }}"
|
||||
- "services:{{ services_service_name }}:deploy"
|
||||
vars:
|
||||
services_service_name: "cloud"
|
||||
tags: "always"
|
||||
|
76
plays/services/roles/deploy/cloud/tasks/main.yml
Normal file
76
plays/services/roles/deploy/cloud/tasks/main.yml
Normal file
@ -0,0 +1,76 @@
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "include"
|
||||
vars_from: "user"
|
||||
|
||||
- name: "set the version variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "deploy/include"
|
||||
vars_from: "versions"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "configure nginx"
|
||||
ansible.builtin.copy:
|
||||
src: "./config/nginx.conf"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
|
||||
mode: 0644
|
||||
register: services_deploy_cloud_config_files
|
||||
|
||||
- name: "configure nextcloud secrets"
|
||||
ansible.builtin.template:
|
||||
src: "./nextcloud/{{ item }}.j2"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||
mode: 0600
|
||||
loop:
|
||||
- "admin.password"
|
||||
- "admin.user"
|
||||
- "database.name"
|
||||
- "database.password"
|
||||
- "database.user"
|
||||
register: services_deploy_cloud_nextcloud_files
|
||||
|
||||
- name: "configure systemd service"
|
||||
ansible.builtin.template:
|
||||
src: "./systemd/{{ item }}.j2"
|
||||
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- "pod-cloud.service"
|
||||
- "container-cloud-nginx.service"
|
||||
- "container-cloud-nextcloud.service"
|
||||
- "container-cloud-cron.service"
|
||||
register: services_deploy_cloud_systemd_files
|
||||
|
||||
- name: "systemd user daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "user"
|
||||
when:
|
||||
services_deploy_cloud_systemd_files.changed
|
||||
|
||||
- name: "enable the service"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-{{ services_service_name }}.service"
|
||||
enabled: true
|
||||
scope: "user"
|
||||
|
||||
- name: "start the service"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-{{ services_service_name }}.service"
|
||||
state: "started"
|
||||
scope: "user"
|
||||
register: services_deploy_cloud_service_start
|
||||
|
||||
- name: "restart the service"
|
||||
ansible.builtin.systemd:
|
||||
name: "pod-{{ services_service_name }}.service"
|
||||
state: restarted
|
||||
scope: user
|
||||
when:
|
||||
(services_deploy_cloud_config_files.changed or
|
||||
services_deploy_cloud_nextcloud_files.changed or
|
||||
services_deploy_cloud_systemd_files.changed) and
|
||||
not services_deploy_cloud_service_start.changed
|
||||
|
||||
become_user: "{{ services_service_user_name }}"
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].admin_password }}
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].admin_user }}
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].database_name }}
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].database_password }}
|
@ -0,0 +1 @@
|
||||
{{ services[services_service_name].database_user }}
|
@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services['database'].address }} \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
--name=pod-cloud-cron \
|
||||
docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} \
|
||||
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \
|
||||
/cron.sh
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-cron.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-cron.ctr-id
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services['database'].address }} \
|
||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
@ -35,18 +35,18 @@ ExecStart=/usr/bin/podman run \
|
||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
||||
-e NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/admin.user \
|
||||
-e NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin.password \
|
||||
-e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[service_name].domain }}" \
|
||||
-e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[services_service_name].domain }}" \
|
||||
-e OVERWRITEPROTOCOL="https" \
|
||||
-e SMTP_HOST="{{ services[service_name].smtp_host }}" \
|
||||
-e SMTP_HOST="{{ services[services_service_name].smtp_host }}" \
|
||||
-e SMTP_SECURE="ssl" \
|
||||
-e SMTP_PORT=465 \
|
||||
-e SMTP_AUTHTYPE="PLAIN" \
|
||||
-e SMTP_NAME="{{ services[service_name].smtp_name }}" \
|
||||
-e SMTP_PASSWORD="{{ services[service_name].smtp_password }}" \
|
||||
-e SMTP_NAME="{{ services[services_service_name].smtp_name }}" \
|
||||
-e SMTP_PASSWORD="{{ services[services_service_name].smtp_password }}" \
|
||||
-e MAIL_FROM_ADDRESS="cloud" \
|
||||
-e MAIL_DOMAIN="{{ services[service_name].domain }}" \
|
||||
-e MAIL_DOMAIN="{{ services[services_service_name].domain }}" \
|
||||
--name=pod-cloud-nextcloud \
|
||||
docker.io/library/nextcloud:{{ versions.cloud.nextcloud }}
|
||||
docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nextcloud.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nextcloud.ctr-id
|
||||
PIDFile=%t/container-cloud-nextcloud.pid
|
@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \
|
||||
-v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \
|
||||
--name=pod-cloud-nginx \
|
||||
docker.io/library/nginx:stable
|
||||
docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nginx.ctr-id
|
||||
PIDFile=%t/container-cloud-nginx.pid
|
@ -8,6 +8,7 @@ services_deploy_versions:
|
||||
database:
|
||||
postgres: "15.0"
|
||||
cloud:
|
||||
nginx: "stable"
|
||||
nextcloud: "25-fpm"
|
||||
git:
|
||||
gitea: "1"
|
||||
|
@ -1,6 +1,3 @@
|
||||
services_all_services: "{{
|
||||
services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') |
|
||||
flatten | items2dict }}"
|
||||
services_rproxy_nginx_add_hosts: "\
|
||||
{% set add_host_list = [] %}\
|
||||
{% for service in ( services_all_services | dict2items ) %}\
|
||||
|
Loading…
Reference in New Issue
Block a user