Port rproxy service
This commit is contained in:
parent
21b93f71ce
commit
c8a9242706
@ -1,53 +0,0 @@
|
|||||||
- block:
|
|
||||||
|
|
||||||
- name: Synchronise service configuration
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/"
|
|
||||||
dest: "{{ service_home }}/.config/{{ service_user_name }}"
|
|
||||||
directory_mode: 0755
|
|
||||||
mode: 0644
|
|
||||||
register: rproxy_synchronise
|
|
||||||
|
|
||||||
- name: Generate Diffie Hellman ephemeral parameters
|
|
||||||
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
|
|
||||||
args:
|
|
||||||
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
|
|
||||||
register: dhparam
|
|
||||||
|
|
||||||
- name: Create the .ssh directory for {{ service_user_name }}
|
|
||||||
file:
|
|
||||||
path: "{{ service_home }}/.ssh"
|
|
||||||
state: directory
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- name: Generate SSH keypair for rsync
|
|
||||||
openssh_keypair:
|
|
||||||
path: "{{ service_home }}/.ssh/valkyrie-pod-rproxy"
|
|
||||||
type: ed25519
|
|
||||||
register: rsync_keypair
|
|
||||||
|
|
||||||
- name: Configure public key on valkyrie
|
|
||||||
delegate_to: valkyrie
|
|
||||||
become_user: pod-rproxy
|
|
||||||
authorized_key:
|
|
||||||
user: pod-rproxy
|
|
||||||
state: present
|
|
||||||
key: "{{ rsync_keypair.public_key }}"
|
|
||||||
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
|
|
||||||
|
|
||||||
- name: Enable rsync-certificates timer
|
|
||||||
systemd:
|
|
||||||
name: rsync-certificates.timer
|
|
||||||
enabled: yes
|
|
||||||
scope: user
|
|
||||||
register: rsync_certificates_timer
|
|
||||||
|
|
||||||
- name: Record changes
|
|
||||||
set_fact:
|
|
||||||
service_changed: true
|
|
||||||
when:
|
|
||||||
rproxy_synchronise is changed or
|
|
||||||
dhparam is changed or
|
|
||||||
rsync_certificates_timer is changed
|
|
||||||
|
|
||||||
become_user: "{{ service_user_name }}"
|
|
@ -1,32 +0,0 @@
|
|||||||
- block:
|
|
||||||
|
|
||||||
- name: Synchronise service configuration
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/"
|
|
||||||
dest: "{{ service_home }}/.config/{{ service_user_name }}"
|
|
||||||
directory_mode: 0755
|
|
||||||
mode: 0644
|
|
||||||
register: rproxy_synchronise
|
|
||||||
|
|
||||||
- name: Generate Diffie Hellman ephemeral parameters
|
|
||||||
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
|
|
||||||
args:
|
|
||||||
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
|
|
||||||
register: dhparam
|
|
||||||
|
|
||||||
- name: Enable container-rproxy-certbot timer
|
|
||||||
systemd:
|
|
||||||
name: container-rproxy-certbot.timer
|
|
||||||
enabled: yes
|
|
||||||
scope: user
|
|
||||||
register: container_rproxy_certbot_timer
|
|
||||||
|
|
||||||
- name: Record changes
|
|
||||||
set_fact:
|
|
||||||
service_changed: true
|
|
||||||
when:
|
|
||||||
rproxy_synchronise is changed or
|
|
||||||
dhparam is changed or
|
|
||||||
container_rproxy_certbot_timer is changed
|
|
||||||
|
|
||||||
become_user: "{{ service_user_name }}"
|
|
@ -41,3 +41,37 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "services_service_name"
|
loop_var: "services_service_name"
|
||||||
tags: "always"
|
tags: "always"
|
||||||
|
|
||||||
|
- name: "services : valkyrie"
|
||||||
|
hosts: "valkyrie"
|
||||||
|
tasks:
|
||||||
|
- name: "deploy"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "deploy/rproxy"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- "services:{{ services_service_name }}"
|
||||||
|
- "services:deploy"
|
||||||
|
- "services:deploy:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}:deploy"
|
||||||
|
vars:
|
||||||
|
services_service_name: "rproxy"
|
||||||
|
services_all_hosts: "{{ groups['asgard'] }}"
|
||||||
|
tags: "always"
|
||||||
|
|
||||||
|
- name: "services : yggdrasil"
|
||||||
|
hosts: "yggdrasil"
|
||||||
|
tasks:
|
||||||
|
- name: "deploy"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "deploy/lrproxy"
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
- "services:{{ services_service_name }}"
|
||||||
|
- "services:deploy"
|
||||||
|
- "services:deploy:{{ services_service_name }}"
|
||||||
|
- "services:{{ services_service_name }}:deploy"
|
||||||
|
vars:
|
||||||
|
services_service_name: "lrproxy"
|
||||||
|
services_all_hosts: "{{ groups['asgard'] }}"
|
||||||
|
tags: "always"
|
||||||
|
@ -4,10 +4,8 @@
|
|||||||
vars_from: "user"
|
vars_from: "user"
|
||||||
|
|
||||||
- name: "set the rproxy variables"
|
- name: "set the rproxy variables"
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.include_vars:
|
||||||
name: "deploy/rproxy"
|
file: "nginx.yml"
|
||||||
tasks_from: ""
|
|
||||||
vars_from: "nginx"
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
|
1
plays/services/roles/deploy/lrproxy/vars/nginx.yml
Symbolic link
1
plays/services/roles/deploy/lrproxy/vars/nginx.yml
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../rproxy/vars/nginx.yml
|
83
plays/services/roles/deploy/rproxy/tasks/main.yml
Normal file
83
plays/services/roles/deploy/rproxy/tasks/main.yml
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
- name: "set the user variables"
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: "include"
|
||||||
|
vars_from: "user"
|
||||||
|
|
||||||
|
- name: "set the rproxy variables"
|
||||||
|
ansible.builtin.include_vars:
|
||||||
|
file: "nginx.yml"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: "create nginx conf.d"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "configure reverse proxy nginx"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "setup/{{ item }}"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
|
loop: "{{ services_rproxy_nginx_conf_d_files }}"
|
||||||
|
register: services_deploy_rproxy_config_files
|
||||||
|
|
||||||
|
- name: "configure systemd service"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "./systemd/{{ item }}.j2"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
|
loop:
|
||||||
|
- "pod-rproxy.service"
|
||||||
|
- "container-rproxy-nginx.service"
|
||||||
|
- "container-rproxy-certbot.service"
|
||||||
|
- "container-rproxy-certbot.timer"
|
||||||
|
register: services_deploy_rproxy_systemd_files
|
||||||
|
|
||||||
|
- name: "systemd user daemon reload"
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: "user"
|
||||||
|
when:
|
||||||
|
services_deploy_rproxy_systemd_files.changed
|
||||||
|
|
||||||
|
- name: "enable container-rproxy-certbot timer"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "container-rproxy-certbot.timer"
|
||||||
|
enabled: true
|
||||||
|
scope: "user"
|
||||||
|
register: services_deploy_rproxy_certbot_timer
|
||||||
|
|
||||||
|
- name: "generate diffie hellman ephemeral parameters"
|
||||||
|
ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096"
|
||||||
|
args:
|
||||||
|
creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||||
|
register: services_deploy_rproxy_dhparam
|
||||||
|
|
||||||
|
- name: "enable the service"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "pod-{{ services_service_name }}.service"
|
||||||
|
enabled: true
|
||||||
|
scope: "user"
|
||||||
|
|
||||||
|
- name: "start the service"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "pod-{{ services_service_name }}.service"
|
||||||
|
state: "started"
|
||||||
|
scope: "user"
|
||||||
|
register: services_deploy_rproxy_service_start
|
||||||
|
|
||||||
|
- name: "restart the service"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "pod-{{ services_service_name }}.service"
|
||||||
|
state: restarted
|
||||||
|
scope: user
|
||||||
|
when:
|
||||||
|
(services_deploy_rproxy_config_files.changed or
|
||||||
|
services_deploy_rproxy_systemd_files.changed or
|
||||||
|
services_deploy_rproxy_certbot_timer.changed or
|
||||||
|
services_deploy_rproxy_dhparam.changed) and
|
||||||
|
not services_deploy_rproxy_service_start.changed
|
||||||
|
|
||||||
|
become_user: "{{ services_service_user_name }}"
|
@ -20,7 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
-dt \
|
-dt \
|
||||||
{{ service_rproxy_hosts }} \
|
{{ services_rproxy_nginx_add_hosts }} \
|
||||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
Loading…
Reference in New Issue
Block a user