diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.d/lrproxy.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.d/lrproxy.yml deleted file mode 100644 index 984c354..0000000 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.d/lrproxy.yml +++ /dev/null @@ -1,53 +0,0 @@ -- block: - - - name: Synchronise service configuration - copy: - src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/" - dest: "{{ service_home }}/.config/{{ service_user_name }}" - directory_mode: 0755 - mode: 0644 - register: rproxy_synchronise - - - name: Generate Diffie Hellman ephemeral parameters - command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096 - args: - creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem" - register: dhparam - - - name: Create the .ssh directory for {{ service_user_name }} - file: - path: "{{ service_home }}/.ssh" - state: directory - mode: 0700 - - - name: Generate SSH keypair for rsync - openssh_keypair: - path: "{{ service_home }}/.ssh/valkyrie-pod-rproxy" - type: ed25519 - register: rsync_keypair - - - name: Configure public key on valkyrie - delegate_to: valkyrie - become_user: pod-rproxy - authorized_key: - user: pod-rproxy - state: present - key: "{{ rsync_keypair.public_key }}" - key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding - - - name: Enable rsync-certificates timer - systemd: - name: rsync-certificates.timer - enabled: yes - scope: user - register: rsync_certificates_timer - - - name: Record changes - set_fact: - service_changed: true - when: - rproxy_synchronise is changed or - dhparam is changed or - rsync_certificates_timer is changed - - become_user: "{{ service_user_name }}" diff --git a/playbooks/tasks/services/c-deploy/service-deploy/service.d/rproxy.yml b/playbooks/tasks/services/c-deploy/service-deploy/service.d/rproxy.yml deleted file mode 100644 index 52922aa..0000000 --- a/playbooks/tasks/services/c-deploy/service-deploy/service.d/rproxy.yml +++ /dev/null @@ -1,32 +0,0 @@ -- block: - - - name: Synchronise service configuration - copy: - src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/" - dest: "{{ service_home }}/.config/{{ service_user_name }}" - directory_mode: 0755 - mode: 0644 - register: rproxy_synchronise - - - name: Generate Diffie Hellman ephemeral parameters - command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096 - args: - creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem" - register: dhparam - - - name: Enable container-rproxy-certbot timer - systemd: - name: container-rproxy-certbot.timer - enabled: yes - scope: user - register: container_rproxy_certbot_timer - - - name: Record changes - set_fact: - service_changed: true - when: - rproxy_synchronise is changed or - dhparam is changed or - container_rproxy_certbot_timer is changed - - become_user: "{{ service_user_name }}" diff --git a/plays/services/main.yml b/plays/services/main.yml index 1ce8519..d4bb782 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -41,3 +41,37 @@ loop_control: loop_var: "services_service_name" tags: "always" + +- name: "services : valkyrie" + hosts: "valkyrie" + tasks: + - name: "deploy" + ansible.builtin.include_role: + name: "deploy/rproxy" + apply: + tags: + - "services:{{ services_service_name }}" + - "services:deploy" + - "services:deploy:{{ services_service_name }}" + - "services:{{ services_service_name }}:deploy" + vars: + services_service_name: "rproxy" + services_all_hosts: "{{ groups['asgard'] }}" + tags: "always" + +- name: "services : yggdrasil" + hosts: "yggdrasil" + tasks: + - name: "deploy" + ansible.builtin.include_role: + name: "deploy/lrproxy" + apply: + tags: + - "services:{{ services_service_name }}" + - "services:deploy" + - "services:deploy:{{ services_service_name }}" + - "services:{{ services_service_name }}:deploy" + vars: + services_service_name: "lrproxy" + services_all_hosts: "{{ groups['asgard'] }}" + tags: "always" diff --git a/plays/services/roles/deploy/lrproxy/tasks/main.yml b/plays/services/roles/deploy/lrproxy/tasks/main.yml index 8818ef7..c6bbb5a 100644 --- a/plays/services/roles/deploy/lrproxy/tasks/main.yml +++ b/plays/services/roles/deploy/lrproxy/tasks/main.yml @@ -4,10 +4,8 @@ vars_from: "user" - name: "set the rproxy variables" - ansible.builtin.import_role: - name: "deploy/rproxy" - tasks_from: "" - vars_from: "nginx" + ansible.builtin.include_vars: + file: "nginx.yml" - block: diff --git a/plays/services/roles/deploy/lrproxy/vars/nginx.yml b/plays/services/roles/deploy/lrproxy/vars/nginx.yml new file mode 120000 index 0000000..b95be74 --- /dev/null +++ b/plays/services/roles/deploy/lrproxy/vars/nginx.yml @@ -0,0 +1 @@ +../../rproxy/vars/nginx.yml \ No newline at end of file diff --git a/plays/services/roles/deploy/rproxy/tasks/main.yml b/plays/services/roles/deploy/rproxy/tasks/main.yml new file mode 100644 index 0000000..6d00e7d --- /dev/null +++ b/plays/services/roles/deploy/rproxy/tasks/main.yml @@ -0,0 +1,83 @@ +- name: "set the user variables" + ansible.builtin.import_role: + name: "include" + vars_from: "user" + +- name: "set the rproxy variables" + ansible.builtin.include_vars: + file: "nginx.yml" + +- block: + + - name: "create nginx conf.d" + ansible.builtin.file: + path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d" + state: "directory" + mode: 0755 + + - name: "configure reverse proxy nginx" + ansible.builtin.copy: + src: "setup/{{ item }}" + dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}" + mode: 0644 + loop: "{{ services_rproxy_nginx_conf_d_files }}" + register: services_deploy_rproxy_config_files + + - name: "configure systemd service" + ansible.builtin.template: + src: "./systemd/{{ item }}.j2" + dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}" + mode: 0644 + loop: + - "pod-rproxy.service" + - "container-rproxy-nginx.service" + - "container-rproxy-certbot.service" + - "container-rproxy-certbot.timer" + register: services_deploy_rproxy_systemd_files + + - name: "systemd user daemon reload" + systemd: + daemon_reload: true + scope: "user" + when: + services_deploy_rproxy_systemd_files.changed + + - name: "enable container-rproxy-certbot timer" + ansible.builtin.systemd: + name: "container-rproxy-certbot.timer" + enabled: true + scope: "user" + register: services_deploy_rproxy_certbot_timer + + - name: "generate diffie hellman ephemeral parameters" + ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096" + args: + creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem" + register: services_deploy_rproxy_dhparam + + - name: "enable the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + enabled: true + scope: "user" + + - name: "start the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: "started" + scope: "user" + register: services_deploy_rproxy_service_start + + - name: "restart the service" + ansible.builtin.systemd: + name: "pod-{{ services_service_name }}.service" + state: restarted + scope: user + when: + (services_deploy_rproxy_config_files.changed or + services_deploy_rproxy_systemd_files.changed or + services_deploy_rproxy_certbot_timer.changed or + services_deploy_rproxy_dhparam.changed) and + not services_deploy_rproxy_service_start.changed + + become_user: "{{ services_service_user_name }}" diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 similarity index 100% rename from playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.service.j2 rename to plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.service.j2 diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer.j2 similarity index 100% rename from playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-certbot.timer.j2 rename to plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-certbot.timer.j2 diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 similarity index 96% rename from playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2 rename to plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 index 0bfc1d3..ac236ba 100644 --- a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2 +++ b/plays/services/roles/deploy/rproxy/templates/systemd/container-rproxy-nginx.service.j2 @@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \ --replace \ --label "io.containers.autoupdate=image" \ -dt \ - {{ service_rproxy_hosts }} \ + {{ services_rproxy_nginx_add_hosts }} \ -v /etc/resolv.conf:/etc/resolv.conf:ro \ -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \ -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \ diff --git a/playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 b/plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2 similarity index 100% rename from playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/pod-rproxy.service.j2 rename to plays/services/roles/deploy/rproxy/templates/systemd/pod-rproxy.service.j2