Use generic name for service config directory

This commit is contained in:
Wojciech Kozlowski 2023-07-18 23:18:00 +02:00
parent fbd8050b56
commit ba2da1bde6
11 changed files with 24 additions and 37 deletions

View File

@ -9,14 +9,14 @@
- name: "configure nginx"
ansible.builtin.copy:
src: "./config/nginx.conf"
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
dest: "{{ services_service_user_home }}/.config/service/nginx.conf"
mode: 0644
register: services_deploy_cloud_config_files
- name: "configure nextcloud secrets"
ansible.builtin.template:
src: "./nextcloud/{{ item }}"
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
dest: "{{ services_service_user_home }}/.config/service/{{ item }}"
mode: 0600
loop:
- "database.name"

View File

@ -26,9 +26,9 @@ ExecStart=/usr/bin/podman run \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
-v ./.config/pod-cloud/database.name:/run/secrets/database.name:ro \
-v ./.config/pod-cloud/database.user:/run/secrets/database.user:ro \
-v ./.config/pod-cloud/database.password:/run/secrets/database.password:ro \
-v ./.config/service/database.name:/run/secrets/database.name:ro \
-v ./.config/service/database.user:/run/secrets/database.user:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \
-e POSTGRES_HOST=pod-database:5432 \
-e POSTGRES_DB_FILE=/run/secrets/database.name \
-e POSTGRES_USER_FILE=/run/secrets/database.user \

View File

@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-cloud/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
--name=pod-cloud-nginx \

View File

@ -9,9 +9,7 @@
- name: "configure postgres password"
ansible.builtin.template:
src: "./postgres/database.password"
dest: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
database.password"
dest: "{{ services_service_user_home }}/.config/service/database.password"
mode: 0600
register: services_deploy_database_password_file

View File

@ -21,7 +21,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-database/database.password:/run/secrets/database.password:ro \
-v ./.config/service/database.password:/run/secrets/database.password:ro \
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \

View File

@ -12,32 +12,28 @@
- name: "{{ services_service_name }} : create nginx conf.d"
ansible.builtin.file:
path: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
state: "directory"
mode: 0755
- name: "{{ services_service_name }} : generic nginx reverse proxy configuration"
ansible.builtin.copy:
src: "./config/nginx.conf"
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx.conf"
dest: "{{ services_service_user_home }}/.config/service/nginx.conf"
mode: 0644
register: services_deploy_rproxy_generic_config
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
ansible.builtin.copy:
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
dest: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/stream.conf"
dest: "{{ services_service_user_home }}/.config/service/stream.conf"
mode: 0644
register: services_deploy_rproxy_stream_config
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
ansible.builtin.copy:
src: "{{ item }}"
dest: "\
{{ services_service_user_home }}/.config/\
{{ services_service_user_name }}/nginx-conf.d/{{ item | basename }}"
dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}"
mode: 0644
loop: "{{ services_deploy_rproxy_nginx_subdomain_config_files }}"
register: services_deploy_rproxy_subdomain_config_files
@ -72,12 +68,9 @@
- name: "{{ services_service_name }} : generate diffie hellman ephemeral parameters"
ansible.builtin.command: >-
openssl dhparam
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
4096
openssl dhparam --out /{{ services_service_user_home }}/.config/service/dhparam.pem 4096
args:
creates: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
creates: "{{ services_service_user_home }}/.config/service/dhparam.pem"
register: services_deploy_rproxy_dhparam
- name: "{{ services_service_name }} : get uid"

View File

@ -15,7 +15,7 @@ ExecStart=/usr/bin/podman run \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-certbot \

View File

@ -22,11 +22,11 @@ ExecStart=/usr/bin/podman run \
-dt \
{{ services_rproxy_nginx_add_hosts }} \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-{{ services_service_name }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/pod-{{ services_service_name }}/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/pod-{{ services_service_name }}/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/pod-{{ services_service_name }}/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v {{ services_data_directory }}/pod-{{ services_service_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-nginx \

View File

@ -54,18 +54,14 @@
https://{{ services[services_service_name].repo.user }}:\
{{ services[services_service_name].repo.token }}@\
git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
dest: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
wojciechkozlowski.eu"
dest: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu"
recursive: true
register: services_deploy_www_webiste_git
- name: "generate static page using hugo"
ansible.builtin.command:
cmd: "hugo"
chdir: "\
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
wojciechkozlowski.eu"
chdir: "{{ services_service_user_home }}/.config/service/wojciechkozlowski.eu"
when:
services_deploy_www_webiste_git.changed

View File

@ -22,7 +22,7 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
-dt \
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
--name=pod-www-nginx \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10

View File

@ -25,7 +25,7 @@
- name: "{{ services_service_name }} : directories : create service configuration directory"
ansible.builtin.file:
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}"
path: "{{ services_service_user_home }}/.config/service"
state: "directory"
mode: 0755