Use generic name for service config directory
This commit is contained in:
parent
fbd8050b56
commit
ba2da1bde6
@ -9,14 +9,14 @@
|
|||||||
- name: "configure nginx"
|
- name: "configure nginx"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./config/nginx.conf"
|
src: "./config/nginx.conf"
|
||||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
|
dest: "{{ services_service_user_home }}/.config/service/nginx.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_deploy_cloud_config_files
|
register: services_deploy_cloud_config_files
|
||||||
|
|
||||||
- name: "configure nextcloud secrets"
|
- name: "configure nextcloud secrets"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./nextcloud/{{ item }}"
|
src: "./nextcloud/{{ item }}"
|
||||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
dest: "{{ services_service_user_home }}/.config/service/{{ item }}"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
loop:
|
loop:
|
||||||
- "database.name"
|
- "database.name"
|
||||||
|
@ -26,9 +26,9 @@ ExecStart=/usr/bin/podman run \
|
|||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
-v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \
|
-v ./.config/service/database.name:/run/secrets/database.name:ro \
|
||||||
-v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \
|
-v ./.config/service/database.user:/run/secrets/database.user:ro \
|
||||||
-v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \
|
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
||||||
-e POSTGRES_HOST=pod-database:5432 \
|
-e POSTGRES_HOST=pod-database:5432 \
|
||||||
-e POSTGRES_DB_FILE=/run/secrets/database.name \
|
-e POSTGRES_DB_FILE=/run/secrets/database.name \
|
||||||
-e POSTGRES_USER_FILE=/run/secrets/database.user \
|
-e POSTGRES_USER_FILE=/run/secrets/database.user \
|
||||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
--name=pod-cloud-nginx \
|
--name=pod-cloud-nginx \
|
||||||
|
@ -9,9 +9,7 @@
|
|||||||
- name: "configure postgres password"
|
- name: "configure postgres password"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./postgres/database.password"
|
src: "./postgres/database.password"
|
||||||
dest: "\
|
dest: "{{ services_service_user_home }}/.config/service/database.password"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
|
||||||
database.password"
|
|
||||||
mode: 0600
|
mode: 0600
|
||||||
register: services_deploy_database_password_file
|
register: services_deploy_database_password_file
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-database/database.password:/run/secrets/database.password:ro \
|
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
||||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
||||||
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
||||||
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
|
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
|
||||||
|
@ -12,32 +12,28 @@
|
|||||||
|
|
||||||
- name: "{{ services_service_name }} : create nginx conf.d"
|
- name: "{{ services_service_name }} : create nginx conf.d"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "\
|
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
|
- name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./config/nginx.conf"
|
src: "./config/nginx.conf"
|
||||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
|
dest: "{{ services_service_user_home }}/.config/service/nginx.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_deploy_rproxy_generic_config
|
register: services_deploy_rproxy_generic_config
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
||||||
dest: "\
|
dest: "{{ services_service_user_home }}/.config/service/stream.conf"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"
|
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_deploy_rproxy_stream_config
|
register: services_deploy_rproxy_stream_config
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "\
|
dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}"
|
||||||
{{ services_service_user_home }}/.config/\
|
|
||||||
{{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}"
|
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
|
loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
|
||||||
register: services_deploy_rproxy_subdomain_config_files
|
register: services_deploy_rproxy_subdomain_config_files
|
||||||
@ -72,12 +68,9 @@
|
|||||||
|
|
||||||
- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
|
- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
openssl dhparam
|
openssl dhparam --out /{{ services_service_user_home }}/.config/service/dhparam.pem 4096
|
||||||
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
|
|
||||||
4096
|
|
||||||
args:
|
args:
|
||||||
creates: "\
|
creates: "{{ services_service_user_home }}/.config/service/dhparam.pem"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
|
||||||
register: services_deploy_rproxy_dhparam
|
register: services_deploy_rproxy_dhparam
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : get uid"
|
- name: "{{ services_service_name }} : get uid"
|
||||||
|
@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||||
-v var-www-html:/var/www/html \
|
-v var-www-html:/var/www/html \
|
||||||
--name=pod-{{ services_service_name }}-certbot \
|
--name=pod-{{ services_service_name }}-certbot \
|
||||||
|
@ -22,11 +22,11 @@ ExecStart=/usr/bin/podman run \
|
|||||||
-dt \
|
-dt \
|
||||||
{{ services_rproxy_nginx_add_hosts }} \
|
{{ services_rproxy_nginx_add_hosts }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \
|
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
-v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
-v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||||
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||||
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||||
-v var-www-html:/var/www/html \
|
-v var-www-html:/var/www/html \
|
||||||
--name=pod-{{ services_service_name }}-nginx \
|
--name=pod-{{ services_service_name }}-nginx \
|
||||||
|
@ -54,18 +54,14 @@
|
|||||||
https://{{ services[services_service_name].repo.user }}:\
|
https://{{ services[services_service_name].repo.user }}:\
|
||||||
{{ services[services_service_name].repo.token }}@\
|
{{ services[services_service_name].repo.token }}@\
|
||||||
git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
|
git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
|
||||||
dest: "\
|
dest: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
|
||||||
wojciechkozlowski.eu"
|
|
||||||
recursive: true
|
recursive: true
|
||||||
register: services_deploy_www_webiste_git
|
register: services_deploy_www_webiste_git
|
||||||
|
|
||||||
- name: "generate static page using hugo"
|
- name: "generate static page using hugo"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: "hugo"
|
cmd: "hugo"
|
||||||
chdir: "\
|
chdir: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu"
|
||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
|
||||||
wojciechkozlowski.eu"
|
|
||||||
when:
|
when:
|
||||||
services_deploy_www_webiste_git.changed
|
services_deploy_www_webiste_git.changed
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
||||||
--name=pod-www-nginx \
|
--name=pod-www-nginx \
|
||||||
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
||||||
|
@ -25,7 +25,7 @@
|
|||||||
|
|
||||||
- name: "{{ services_service_name }} : directories : create service configuration directory"
|
- name: "{{ services_service_name }} : directories : create service configuration directory"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}"
|
path: "{{ services_service_user_home }}/.config/service"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user