From ba2da1bde6bce8c527a7d27ab603fe136d64dd13 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Tue, 18 Jul 2023 23:18:00 +0200 Subject: [PATCH] Use generic name for service config directory --- .../services/deploy/cloud/tasks/main.yml | 4 ++-- .../systemd/container-cloud-nextcloud.service | 6 +++--- .../systemd/container-cloud-nginx.service | 2 +- .../services/deploy/database/tasks/main.yml | 4 +--- .../container-database-postgres.service | 2 +- .../services/deploy/rproxy/tasks/main.yml | 19 ++++++------------- .../systemd/container-rproxy-certbot.service | 2 +- .../systemd/container-rproxy-nginx.service | 10 +++++----- .../roles/services/deploy/www/tasks/main.yml | 8 ++------ .../systemd/container-www-nginx.service | 2 +- .../setup/user/tasks/include/directories.yml | 2 +- 11 files changed, 24 insertions(+), 37 deletions(-) diff --git a/playbooks/roles/services/deploy/cloud/tasks/main.yml b/playbooks/roles/services/deploy/cloud/tasks/main.yml index 914e823..4cdb754 100644 --- a/playbooks/roles/services/deploy/cloud/tasks/main.yml +++ b/playbooks/roles/services/deploy/cloud/tasks/main.yml @@ -9,14 +9,14 @@ - name: "configure nginx" ansible.builtin.copy: src: "./config/nginx.conf" - dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf" + dest: "{{ services_service_user_home }}/.config/service/nginx.conf" mode: 0644 register: services_deploy_cloud_config_files - name: "configure nextcloud secrets" ansible.builtin.template: src: "./nextcloud/{{ item }}" - dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" + dest: "{{ services_service_user_home }}/.config/service/{{ item }}" mode: 0600 loop: - "database.name" diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service index 896b39d..13bb7d4 100644 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service +++ b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nextcloud.service @@ -26,9 +26,9 @@ ExecStart=/usr/bin/podman run \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ -v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \ - -v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \ - -v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \ - -v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \ + -v ./.config/service/database.name:/run/secrets/database.name:ro \ + -v ./.config/service/database.user:/run/secrets/database.user:ro \ + -v ./.config/service/database.password:/run/secrets/database.password:ro \ -e POSTGRES_HOST=pod-database:5432 \ -e POSTGRES_DB_FILE=/run/secrets/database.name \ -e POSTGRES_USER_FILE=/run/secrets/database.user \ diff --git a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service index 900afdc..4caf718 100644 --- a/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service +++ b/playbooks/roles/services/deploy/cloud/templates/systemd/container-cloud-nginx.service @@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ -v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \ -v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \ --name=pod-cloud-nginx \ diff --git a/playbooks/roles/services/deploy/database/tasks/main.yml b/playbooks/roles/services/deploy/database/tasks/main.yml index 1a139a7..ea6efe5 100644 --- a/playbooks/roles/services/deploy/database/tasks/main.yml +++ b/playbooks/roles/services/deploy/database/tasks/main.yml @@ -9,9 +9,7 @@ - name: "configure postgres password" ansible.builtin.template: src: "./postgres/database.password" - dest: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\ - database.password" + dest: "{{ services_service_user_home }}/.config/service/database.password" mode: 0600 register: services_deploy_database_password_file diff --git a/playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service b/playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service index 931c6b8..98703b0 100644 --- a/playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service +++ b/playbooks/roles/services/deploy/database/templates/systemd/container-database-postgres.service @@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-database/database.password:/run/secrets/database.password:ro \ + -v ./.config/service/database.password:/run/secrets/database.password:ro \ -e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \ -v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \ -e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \ diff --git a/playbooks/roles/services/deploy/rproxy/tasks/main.yml b/playbooks/roles/services/deploy/rproxy/tasks/main.yml index c956af3..7c5d356 100644 --- a/playbooks/roles/services/deploy/rproxy/tasks/main.yml +++ b/playbooks/roles/services/deploy/rproxy/tasks/main.yml @@ -12,32 +12,28 @@ - name: "{{ services_service_name }} : create nginx conf.d" ansible.builtin.file: - path: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d" + path: "{{ services_service_user_home }}/.config/service/nginx-conf.d" state: "directory" mode: 0755 - name: "{{ services_service_name }} : generic nginx reverse proxy configuration" ansible.builtin.copy: src: "./config/nginx.conf" - dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf" + dest: "{{ services_service_user_home }}/.config/service/nginx.conf" mode: 0644 register: services_deploy_rproxy_generic_config - name: "{{ services_service_name }} : stream nginx reverse proxy configuration" ansible.builtin.copy: src: "{{ services_deploy_rproxy_nginx_stream_config }}" - dest: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf" + dest: "{{ services_service_user_home }}/.config/service/stream.conf" mode: 0644 register: services_deploy_rproxy_stream_config - name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration" ansible.builtin.copy: src: "{{ item }}" - dest: "\ - {{ services_service_user_home }}/.config/\ - {{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}" + dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}" mode: 0644 loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}" register: services_deploy_rproxy_subdomain_config_files @@ -72,12 +68,9 @@ - name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters" ansible.builtin.command: >- - openssl dhparam - --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem - 4096 + openssl dhparam --out /{{ services_service_user_home }}/.config/service/dhparam.pem 4096 args: - creates: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem" + creates: "{{ services_service_user_home }}/.config/service/dhparam.pem" register: services_deploy_rproxy_dhparam - name: "{{ services_service_name }} : get uid" diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service index f8ed97c..35636b8 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-certbot.service @@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \ --pod-id-file %t/pod-{{ services_service_name }}.pod-id \ --replace \ -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ + -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \ -v var-lib-letsencrypt:/var/lib/letsencrypt \ -v var-www-html:/var/www/html \ --name=pod-{{ services_service_name }}-certbot \ diff --git a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service index e8a5236..3ee8f6f 100644 --- a/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service +++ b/playbooks/roles/services/deploy/rproxy/templates/systemd/container-rproxy-nginx.service @@ -22,11 +22,11 @@ ExecStart=/usr/bin/podman run \ -dt \ {{ services_rproxy_nginx_add_hosts }} \ -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \ - -v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \ - -v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ - -v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ + -v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \ + -v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \ + -v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \ + -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \ -v var-lib-letsencrypt:/var/lib/letsencrypt:ro \ -v var-www-html:/var/www/html \ --name=pod-{{ services_service_name }}-nginx \ diff --git a/playbooks/roles/services/deploy/www/tasks/main.yml b/playbooks/roles/services/deploy/www/tasks/main.yml index 1416f6a..2376b7b 100644 --- a/playbooks/roles/services/deploy/www/tasks/main.yml +++ b/playbooks/roles/services/deploy/www/tasks/main.yml @@ -54,18 +54,14 @@ https://{{ services[services_service_name].repo.user }}:\ {{ services[services_service_name].repo.token }}@\ git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git" - dest: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\ - wojciechkozlowski.eu" + dest: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu" recursive: true register: services_deploy_www_webiste_git - name: "generate static page using hugo" ansible.builtin.command: cmd: "hugo" - chdir: "\ - {{ services_service_user_home }}/.config/{{ services_service_user_name }}/\ - wojciechkozlowski.eu" + chdir: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu" when: services_deploy_www_webiste_git.changed diff --git a/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service b/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service index 637414f..0319082 100644 --- a/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service +++ b/playbooks/roles/services/deploy/www/templates/systemd/container-www-nginx.service @@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \ --label "io.containers.autoupdate=image" \ -dt \ -v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \ - -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \ + -v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \ --name=pod-www-nginx \ docker.io/library/nginx:{{ services_service_deploy_versions.nginx }} ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10 diff --git a/playbooks/roles/services/setup/user/tasks/include/directories.yml b/playbooks/roles/services/setup/user/tasks/include/directories.yml index 94315a8..7516b12 100644 --- a/playbooks/roles/services/setup/user/tasks/include/directories.yml +++ b/playbooks/roles/services/setup/user/tasks/include/directories.yml @@ -25,7 +25,7 @@ - name: "{{ services_service_name }} : directories : create service configuration directory" ansible.builtin.file: - path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}" + path: "{{ services_service_user_home }}/.config/service" state: "directory" mode: 0755