service: Add support for native sockets for http

2026-02-13 02:00:28 +02:00
parent 4079b69338
commit 58ff2f6217
9 changed files with 47 additions and 6 deletions
--- a/roles/service/handlers/main.yaml
+++ b/roles/service/handlers/main.yaml
@@ -1,4 +1,11 @@
 ---
+- name: Restart socket for {{ service_name }}
+  ansible.builtin.systemd_service:
+    name: "{{ service_name }}.socket"
+    state: restarted
+    daemon_reload: true
+  ignore_errors: '{{ ansible_check_mode }}'
+
 - name: Restart socat socket for {{ service_name }}
  ansible.builtin.systemd_service:
    name: "{{ service_name }}-socat.socket"
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -28,8 +28,10 @@ argument_specs:
        elements: str
      service_container_http_port:
        description:
-          - Port inside the container where http requests will be proxied to.
-          - Required if service_domains is not empty.
+          - Port inside the container where http requests are proxied to.
+          - >-
+            If set to 0, /run/{{ service_name }}.sock on the host is bind mounted to /run/{{ service_name }}.sock inside the container
+            and http requests are proxied to it.
        type: int
        required: false
        default: 0
--- a/roles/service/tasks/main.yaml
+++ b/roles/service/tasks/main.yaml
@@ -22,6 +22,10 @@
  ansible.builtin.include_tasks: additional.yaml
  when: _service_additional_containers | length > 0

+- name: Native socket for {{ service_name }}
+  ansible.builtin.include_tasks: native_socket.yaml
+  when: _service_native_socket
+
 - name: Main container for {{ service_name }}
  ansible.builtin.import_role:
    name: container
--- a/roles/service/tasks/native_socket.yaml
+++ b/roles/service/tasks/native_socket.yaml
@@ -0,0 +1,7 @@
+---
+- name: Socket for {{ service_name }}
+  ansible.builtin.template:
+    src: service.socket.j2
+    dest: /etc/systemd/system/{{ service_name }}.socket
+    mode: "0644"
+  notify: Restart socket for {{ service_name }}
--- a/roles/service/tasks/proxy.yaml
+++ b/roles/service/tasks/proxy.yaml
@@ -11,7 +11,7 @@
    vhost_id: "{{ service_name }}"
    vhost_domains: "{{ service_domains }}"
    vhost_proxy_target_netproto: unix
-    vhost_proxy_target_socket: "/run/{{ service_name }}-socat.sock"
+    vhost_proxy_target_socket: "{{ _service_socket_path }}"
    vhost_proxy_headers: "{{ _service_proxy_headers }}"
    vhost_proxy_auth_socket: "{{ _service_oauth2_socket }}"
    vhost_proxy_auth_uri: /oauth2/auth
--- a/roles/service/templates/service.socket.j2
+++ b/roles/service/templates/service.socket.j2
@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+[Unit]
+Description={{ service_name }} socket
+
+[Socket]
+ListenStream=/run/{{ service_name }}.sock
--- a/roles/service/vars/main/general.yaml
+++ b/roles/service/vars/main/general.yaml
@@ -5,8 +5,9 @@ _service_static_ip: "{{ service_container_ip | length > 0 }}"
 _service_container_requires: >-
  {{
    service_requires
-    + ([_service_database_name + '.service'] if _service_setup_database else [])
-    + ([service_name + '-redis.service'] if service_redis else [])
+    + ([_service_database_name ~ '.service'] if _service_setup_database else [])
+    + ([service_name ~ '-redis.service'] if service_redis else [])
+    + ([service_name ~ '.socket'] if _service_native_socket else [])
  }}
 _service_container_wants: >-
  {{
--- a/roles/service/vars/main/mounts.yaml
+++ b/roles/service/vars/main/mounts.yaml
@@ -1,4 +1,9 @@
 ---
+_service_container_socket_mount:
+  type: bind
+  source: /run/{{ service_name }}
+  destination: /run/{{ service_name }}
+
 _service_volume_mounts: "{{ service_container_mounts | selectattr('type', '==', 'volume') }}"
 _service_template_mounts: "{{ service_container_mounts | selectattr('type', '==', 'template') }}"
 _service_copy_mounts: "{{ service_container_mounts | selectattr('type', '==', 'copy') }}"
@@ -15,7 +20,11 @@ _service_container_volume_mounts: >-
    ) |
    map('combine')
  }}
-_service_container_bind_mounts: "{{ service_container_mounts | selectattr('type', '==', 'bind') }}"
+_service_container_bind_mounts: >-
+  {{
+    service_container_mounts | selectattr('type', '==', 'bind') +
+    ([ _service_container_socket_mount ] if _service_native_socket else [])
+  }}
 _service_container_template_mounts: >-
  {{
    ([{'readonly': true}] * _service_template_mounts | length) |
--- a/roles/service/vars/main/proxy.yaml
+++ b/roles/service/vars/main/proxy.yaml
@@ -1,4 +1,9 @@
 ---
+_service_native_socket: "{{ service_domains | length > 0 and service_container_http_port == 0 }}"
+
+_service_socket_path: >-
+  /run/{{ service_name ~ ('-socat' if not _service_native_socket else '' ) }}.sock
+
 _service_replacement_host_header:
  Host: "{{ service_name }}:{{ service_container_http_port }}"
 _service_proxy_headers: "{{ _service_replacement_host_header if not service_proxy_pass_host_header else {} }}"