diff --git a/group_vars/asgard/vars.yml b/group_vars/asgard/vars.yml index 591d889..ba289e8 100644 --- a/group_vars/asgard/vars.yml +++ b/group_vars/asgard/vars.yml @@ -27,6 +27,9 @@ vpn_bridge_dnat: "{{ services_host_services | dict2items | # services # -------------------------------------------------------------------------------------------------- services_all_hosts: "{{ groups['asgard'] }}" +services_all_services: "{{ + services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | + flatten | items2dict }}" services: rproxy: {} diff --git a/playbooks/02c-services-deploy.yml b/playbooks/02c-services-deploy.yml deleted file mode 100644 index c0046e1..0000000 --- a/playbooks/02c-services-deploy.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: "Deploy services" - hosts: asgard - - tasks: - - include_tasks: tasks/services/c-deploy/01-service-deploy.yml - with_items: "{{ host_services }}" - loop_control: - loop_var: service_name diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 deleted file mode 100644 index 1a9a3cf..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.password.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].admin_password }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 deleted file mode 100644 index 12cfa4e..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/admin.user.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].admin_user }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 deleted file mode 100644 index b7f793c..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.name.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].database_name }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 deleted file mode 100644 index 7df230a..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.password.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].database_password }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 deleted file mode 100644 index 40c0a3f..0000000 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud.template/database.user.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ services[service_name].database_user }} diff --git a/playbooks/tasks/services/c-deploy/01-service-deploy.yml b/playbooks/tasks/services/c-deploy/01-service-deploy.yml deleted file mode 100644 index 7fb99aa..0000000 --- a/playbooks/tasks/services/c-deploy/01-service-deploy.yml +++ /dev/null @@ -1,3 +0,0 @@ -- block: - - import_tasks: service-deploy/service.yml - tags: "{{ service_name }}" diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml deleted file mode 100644 index 7048cf1..0000000 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.d/cloud.yml +++ /dev/null @@ -1,48 +0,0 @@ -- block: - - - name: Copy database name file - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.name.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/database.name" - mode: 0600 - register: database_name_file - - - name: Copy database user file - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.user.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/database.user" - mode: 0600 - register: database_user_file - - - name: Copy database password file - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/database.password.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/database.password" - mode: 0600 - register: database_password_file - - - name: Copy admin user file - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.user.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.user" - mode: 0600 - register: admin_user_file - - - name: Copy admin password file - template: - src: "{{ local_service_home }}/.config/{{ service_user_name }}.template/admin.password.j2" - dest: "{{ service_home }}/.config/{{ service_user_name }}/admin.password" - mode: 0600 - register: admin_password_file - - - name: Record changes - set_fact: - service_changed: true - when: - database_name_file is changed or - database_user_file is changed or - database_password_file is changed or - admin_user_file is changed or - admin_password_file is changed - - become_user: "{{ service_user_name }}" diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.yml deleted file mode 100644 index 28a6f56..0000000 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.yml +++ /dev/null @@ -1,70 +0,0 @@ -- block: - - - name: Check if service configuration exists - become: no - delegate_to: localhost - stat: - path: "{{ local_service_home }}/.config/{{ service_user_name }}" - register: local_service_path - - - name: Synchronise service configuration - copy: - src: "{{ local_service_home }}/.config/{{ service_user_name }}" - dest: "{{ service_home }}/.config" - directory_mode: 0755 - mode: 0644 - register: service_synchronise - when: - local_service_path.stat.exists - - - name: Configure {{ service_user_name }} SystemD service - template: - src: "{{ item }}" - dest: /{{ service_home }}/.config/systemd/user/{{ item | basename | regex_replace('\.j2','') }} - mode: 0644 - with_fileglob: - - "{{ local_service_home }}/.config/systemd/user/*.j2" - register: systemd_pod_service_files - - - name: SystemD user daemon reload - systemd: - daemon_reload: true - scope: user - when: - systemd_pod_service_files is changed - - - name: Reset service_changed variable - set_fact: - service_changed: false - - - include_tasks: "{{ item }}" - with_first_found: - - files: - - "service.d/{{ service_name }}.yml" - skip: true - - - name: Enable the {{ service_name }} service - systemd: - name: "pod-{{ service_name }}.service" - enabled: yes - scope: user - - - name: Start the {{ service_name }} service - systemd: - name: "pod-{{ service_name }}.service" - state: started - scope: user - register: systemd_pod_service_start - - - name: Restart the {{ service_name }} service - systemd: - name: "pod-{{ service_name }}.service" - state: restarted - scope: user - when: - (service_synchronise is changed or - service_changed is true or - systemd_pod_service_files is changed) and - systemd_pod_service_start is not changed - - become_user: "{{ service_user_name }}" diff --git a/plays/services/main.yml b/plays/services/main.yml index 460316a..7aaf8a5 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -100,3 +100,16 @@ vars: services_service_name: "database" tags: "always" + + - name: "deploy" + ansible.builtin.include_role: + name: "deploy/cloud" + apply: + tags: + - "services:{{ services_service_name }}" + - "services:deploy" + - "services:deploy:{{ services_service_name }}" + - "services:{{ services_service_name }}:deploy" + vars: + services_service_name: "cloud" + tags: "always" diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud/nginx.conf b/plays/services/roles/deploy/cloud/files/config/nginx.conf similarity index 100% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/pod-cloud/nginx.conf rename to plays/services/roles/deploy/cloud/files/config/nginx.conf diff --git a/plays/services/roles/deploy/cloud/tasks/main.yml b/plays/services/roles/deploy/cloud/tasks/main.yml new file mode 100644 index 0000000..2c1af9f --- /dev/null +++ b/plays/services/roles/deploy/cloud/tasks/main.yml @@ -0,0 +1,76 @@ +- name: "set the user variables" + ansible.builtin.import_role: + name: "include" + vars_from: "user" + +- name: "set the version variables" + ansible.builtin.import_role: + name: "deploy/include" + vars_from: "versions" + +- block: + + - name: "configure nginx" + ansible.builtin.copy: + src: "./config/nginx.conf" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf" + mode: 0644 + register: services_deploy_cloud_config_files + + - name: "configure nextcloud secrets" + ansible.builtin.template: + src: "./nextcloud/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" + mode: 0600 + loop: + - "admin.password" + - "admin.user" + - "database.name" + - "database.password" + - "database.user" + register: services_deploy_cloud_nextcloud_files + + - name: "configure systemd service" + ansible.builtin.template: + src: "./systemd/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + mode: 0644 + loop: + - "pod-cloud.service" + - "container-cloud-nginx.service" + - "container-cloud-nextcloud.service" + - "container-cloud-cron.service" + register: services_deploy_cloud_systemd_files + + - name: "systemd user daemon reload" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_cloud_systemd_files.changed + + - name: "enable the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + enabled: true + scope: "user" + + - name: "start the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "started" + scope: "user" + register: services_deploy_cloud_service_start + + - name: "restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: restarted + scope: user + when: + (services_deploy_cloud_config_files.changed or + services_deploy_cloud_nextcloud_files.changed or + services_deploy_cloud_systemd_files.changed) and + not services_deploy_cloud_service_start.changed + + become_user: "{{ services_service_user_name }}" diff --git a/plays/services/roles/deploy/cloud/templates/nextcloud/admin.password.j2 b/plays/services/roles/deploy/cloud/templates/nextcloud/admin.password.j2 new file mode 100644 index 0000000..1c56cd1 --- /dev/null +++ b/plays/services/roles/deploy/cloud/templates/nextcloud/admin.password.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].admin_password }} diff --git a/plays/services/roles/deploy/cloud/templates/nextcloud/admin.user.j2 b/plays/services/roles/deploy/cloud/templates/nextcloud/admin.user.j2 new file mode 100644 index 0000000..51591fe --- /dev/null +++ b/plays/services/roles/deploy/cloud/templates/nextcloud/admin.user.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].admin_user }} diff --git a/plays/services/roles/deploy/cloud/templates/nextcloud/database.name.j2 b/plays/services/roles/deploy/cloud/templates/nextcloud/database.name.j2 new file mode 100644 index 0000000..549d8c5 --- /dev/null +++ b/plays/services/roles/deploy/cloud/templates/nextcloud/database.name.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].database_name }} diff --git a/plays/services/roles/deploy/cloud/templates/nextcloud/database.password.j2 b/plays/services/roles/deploy/cloud/templates/nextcloud/database.password.j2 new file mode 100644 index 0000000..37c8246 --- /dev/null +++ b/plays/services/roles/deploy/cloud/templates/nextcloud/database.password.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].database_password }} diff --git a/plays/services/roles/deploy/cloud/templates/nextcloud/database.user.j2 b/plays/services/roles/deploy/cloud/templates/nextcloud/database.user.j2 new file mode 100644 index 0000000..4fa88f0 --- /dev/null +++ b/plays/services/roles/deploy/cloud/templates/nextcloud/database.user.j2 @@ -0,0 +1 @@ +{{ services[services_service_name].database_user }} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 similarity index 87% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 rename to plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 index 7a28c30..08d728d 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-cron.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-cron.service.j2 @@ -20,12 +20,12 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - --add-host=pod-database:{{ services['database'].address }} \ + --add-host=pod-database:{{ services_all_services['database'].address }} \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-cron \ - docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} \ + docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} \ /cron.sh ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-cron.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-cron.ctr-id diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 similarity index 81% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 rename to plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 index f52536a..5e59215 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nextcloud.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nextcloud.service.j2 @@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - --add-host=pod-database:{{ services['database'].address }} \ + --add-host=pod-database:{{ services_all_services['database'].address }} \ -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ @@ -35,18 +35,18 @@ ExecStart=/usr/bin/podman run \ -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ -e NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/admin.user \ -e NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/admin.password \ - -e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[service_name].domain }}" \ + -e NEXTCLOUD_TRUSTED_DOMAINS="{{ services[services_service_name].domain }}" \ -e OVERWRITEPROTOCOL="https" \ - -e SMTP_HOST="{{ services[service_name].smtp_host }}" \ + -e SMTP_HOST="{{ services[services_service_name].smtp_host }}" \ -e SMTP_SECURE="ssl" \ -e SMTP_PORT=465 \ -e SMTP_AUTHTYPE="PLAIN" \ - -e SMTP_NAME="{{ services[service_name].smtp_name }}" \ - -e SMTP_PASSWORD="{{ services[service_name].smtp_password }}" \ + -e SMTP_NAME="{{ services[services_service_name].smtp_name }}" \ + -e SMTP_PASSWORD="{{ services[services_service_name].smtp_password }}" \ -e MAIL_FROM_ADDRESS="cloud" \ - -e MAIL_DOMAIN="{{ services[service_name].domain }}" \ + -e MAIL_DOMAIN="{{ services[services_service_name].domain }}" \ --name=pod-cloud-nextcloud \ - docker.io/library/nextcloud:{{ versions.cloud.nextcloud }} + docker.io/library/nextcloud:{{ services_deploy_versions.cloud.nextcloud }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nextcloud.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nextcloud.ctr-id PIDFile=%t/container-cloud-nextcloud.pid diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nginx.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 similarity index 94% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nginx.service.j2 rename to plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 index 06d8d14..96d67e8 100644 --- a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/container-cloud-nginx.service.j2 +++ b/plays/services/roles/deploy/cloud/templates/systemd/container-cloud-nginx.service.j2 @@ -25,7 +25,7 @@ ExecStart=/usr/bin/podman run \ -v /var/lib/yggdrasil/data/pod-cloud/nextcloud/_data:/var/www/html \ -v /var/lib/yggdrasil/data/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-nginx \ - docker.io/library/nginx:stable + docker.io/library/nginx:{{ services_deploy_versions.cloud.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-cloud-nginx.ctr-id -t 10 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-cloud-nginx.ctr-id PIDFile=%t/container-cloud-nginx.pid diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 b/plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 similarity index 100% rename from playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-cloud/.config/systemd/user/pod-cloud.service.j2 rename to plays/services/roles/deploy/cloud/templates/systemd/pod-cloud.service.j2 diff --git a/plays/services/roles/deploy/include/vars/versions.yml b/plays/services/roles/deploy/include/vars/versions.yml index 4af4663..92180cb 100644 --- a/plays/services/roles/deploy/include/vars/versions.yml +++ b/plays/services/roles/deploy/include/vars/versions.yml @@ -8,6 +8,7 @@ services_deploy_versions: database: postgres: "15.0" cloud: + nginx: "stable" nextcloud: "25-fpm" git: gitea: "1" diff --git a/plays/services/roles/deploy/rproxy/vars/nginx.yml b/plays/services/roles/deploy/rproxy/vars/nginx.yml index ed0c1e9..74b8b29 100644 --- a/plays/services/roles/deploy/rproxy/vars/nginx.yml +++ b/plays/services/roles/deploy/rproxy/vars/nginx.yml @@ -1,6 +1,3 @@ -services_all_services: "{{ - services_all_hosts | map('extract', hostvars, 'services_host_services') | map('dict2items') | - flatten | items2dict }}" services_rproxy_nginx_add_hosts: "\ {% set add_host_list = [] %}\ {% for service in ( services_all_services | dict2items ) %}\