service: Add support for native sockets for http

roles/service/handlers/main.yaml

@@ -1,4 +1,11 @@
 ---
+- name: Restart socket for {{ service_name }}
+  ansible.builtin.systemd_service:
+    name: "{{ service_name }}.socket"
+    state: restarted
+    daemon_reload: true
+  ignore_errors: '{{ ansible_check_mode }}'
+
 - name: Restart socat socket for {{ service_name }}
   ansible.builtin.systemd_service:
     name: "{{ service_name }}-socat.socket"

roles/service/meta/argument_specs.yaml

@@ -28,8 +28,10 @@ argument_specs:
         elements: str
       service_container_http_port:
         description:
-          - Port inside the container where http requests will be proxied to.
+          - Port inside the container where http requests are proxied to.
-          - Required if service_domains is not empty.
+          - >-
+            If set to 0, /run/{{ service_name }}.sock on the host is bind mounted to /run/{{ service_name }}.sock inside the container
+            and http requests are proxied to it.
         type: int
         required: false
         default: 0

roles/service/tasks/main.yaml

@@ -22,6 +22,10 @@
   ansible.builtin.include_tasks: additional.yaml
   when: _service_additional_containers | length > 0
 
+- name: Native socket for {{ service_name }}
+  ansible.builtin.include_tasks: native_socket.yaml
+  when: _service_native_socket
+
 - name: Main container for {{ service_name }}
   ansible.builtin.import_role:
     name: container

roles/service/tasks/native_socket.yaml

@@ -0,0 +1,7 @@
+---
+- name: Socket for {{ service_name }}
+  ansible.builtin.template:
+    src: service.socket.j2
+    dest: /etc/systemd/system/{{ service_name }}.socket
+    mode: "0644"
+  notify: Restart socket for {{ service_name }}

roles/service/tasks/proxy.yaml

@@ -11,7 +11,7 @@
     vhost_id: "{{ service_name }}"
     vhost_domains: "{{ service_domains }}"
     vhost_proxy_target_netproto: unix
-    vhost_proxy_target_socket: "/run/{{ service_name }}-socat.sock"
+    vhost_proxy_target_socket: "{{ _service_socket_path }}"
     vhost_proxy_headers: "{{ _service_proxy_headers }}"
     vhost_proxy_auth_socket: "{{ _service_oauth2_socket }}"
     vhost_proxy_auth_uri: /oauth2/auth

roles/service/templates/service.socket.j2

@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+[Unit]
+Description={{ service_name }} socket
+
+[Socket]
+ListenStream=/run/{{ service_name }}.sock

roles/service/vars/main/general.yaml

@@ -5,8 +5,9 @@ _service_static_ip: "{{ service_container_ip | length > 0 }}"
 _service_container_requires: >-
   {{
     service_requires
-    + ([_service_database_name + '.service'] if _service_setup_database else [])
+    + ([_service_database_name ~ '.service'] if _service_setup_database else [])
-    + ([service_name + '-redis.service'] if service_redis else [])
+    + ([service_name ~ '-redis.service'] if service_redis else [])
+    + ([service_name ~ '.socket'] if _service_native_socket else [])
   }}
 _service_container_wants: >-
   {{

roles/service/vars/main/mounts.yaml

@@ -1,4 +1,9 @@
 ---
+_service_container_socket_mount:
+  type: bind
+  source: /run/{{ service_name }}
+  destination: /run/{{ service_name }}
+
 _service_volume_mounts: "{{ service_container_mounts | selectattr('type', '==', 'volume') }}"
 _service_template_mounts: "{{ service_container_mounts | selectattr('type', '==', 'template') }}"
 _service_copy_mounts: "{{ service_container_mounts | selectattr('type', '==', 'copy') }}"
@@ -15,7 +20,11 @@ _service_container_volume_mounts: >-
     ) |
     map('combine')
   }}
-_service_container_bind_mounts: "{{ service_container_mounts | selectattr('type', '==', 'bind') }}"
+_service_container_bind_mounts: >-
+  {{
+    service_container_mounts | selectattr('type', '==', 'bind') +
+    ([ _service_container_socket_mount ] if _service_native_socket else [])
+  }}
 _service_container_template_mounts: >-
   {{
     ([{'readonly': true}] * _service_template_mounts | length) |

roles/service/vars/main/proxy.yaml

@@ -1,4 +1,9 @@
 ---
+_service_native_socket: "{{ service_domains | length > 0 and service_container_http_port == 0 }}"
+
+_service_socket_path: >-
+  /run/{{ service_name ~ ('-socat' if not _service_native_socket else '' ) }}.sock
+
 _service_replacement_host_header:
   Host: "{{ service_name }}:{{ service_container_http_port }}"
 _service_proxy_headers: "{{ _service_replacement_host_header if not service_proxy_pass_host_header else {} }}"