89 lines
2.9 KiB
YAML
89 lines
2.9 KiB
YAML
- name: "set the user variables"
|
|
ansible.builtin.import_role:
|
|
name: "include"
|
|
vars_from: "user"
|
|
|
|
- name: "set the version variables"
|
|
ansible.builtin.import_role:
|
|
name: "deploy/include"
|
|
vars_from: "versions"
|
|
|
|
- name: "set the rproxy variables"
|
|
ansible.builtin.include_vars:
|
|
file: "nginx.yml"
|
|
|
|
- block:
|
|
|
|
- name: "create nginx conf.d"
|
|
ansible.builtin.file:
|
|
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
|
state: "directory"
|
|
mode: 0755
|
|
|
|
- name: "configure reverse proxy nginx"
|
|
ansible.builtin.copy:
|
|
src: "./config/{{ item }}"
|
|
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
|
mode: 0644
|
|
loop: "{{ services_rproxy_nginx_conf_d_files }}"
|
|
register: services_deploy_rproxy_config_files
|
|
|
|
- name: "configure systemd service"
|
|
ansible.builtin.template:
|
|
src: "./systemd/{{ item }}.j2"
|
|
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
|
mode: 0600
|
|
loop:
|
|
- "pod-rproxy.service"
|
|
- "container-rproxy-nginx.service"
|
|
- "container-rproxy-certbot.service"
|
|
- "container-rproxy-certbot.timer"
|
|
register: services_deploy_rproxy_systemd_files
|
|
|
|
- name: "systemd user daemon reload"
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
scope: "user"
|
|
when:
|
|
services_deploy_rproxy_systemd_files.changed
|
|
|
|
- name: "enable container-rproxy-certbot timer"
|
|
ansible.builtin.systemd:
|
|
name: "container-rproxy-certbot.timer"
|
|
enabled: true
|
|
scope: "user"
|
|
register: services_deploy_rproxy_certbot_timer
|
|
|
|
- name: "generate diffie hellman ephemeral parameters"
|
|
ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name}}/dhparam.pem 4096"
|
|
args:
|
|
creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
|
register: services_deploy_rproxy_dhparam
|
|
|
|
- name: "enable the service"
|
|
ansible.builtin.systemd:
|
|
name: "pod-{{ services_service_name }}.service"
|
|
enabled: true
|
|
scope: "user"
|
|
|
|
- name: "start the service"
|
|
ansible.builtin.systemd:
|
|
name: "pod-{{ services_service_name }}.service"
|
|
state: "started"
|
|
scope: "user"
|
|
register: services_deploy_rproxy_service_start
|
|
|
|
- name: "restart the service"
|
|
ansible.builtin.systemd:
|
|
name: "pod-{{ services_service_name }}.service"
|
|
state: "restarted"
|
|
scope: "user"
|
|
when:
|
|
(services_deploy_rproxy_config_files.changed or
|
|
services_deploy_rproxy_systemd_files.changed or
|
|
services_deploy_rproxy_certbot_timer.changed or
|
|
services_deploy_rproxy_dhparam.changed) and
|
|
not services_deploy_rproxy_service_start.changed
|
|
|
|
become_user: "{{ services_service_user_name }}"
|