Initial commit

Basic roles for installing podman, creating containers, networks and services
2024-07-28 16:13:03 +03:00
commit 5c46597261
24 changed files with 515 additions and 0 deletions
--- a/roles/service/tasks/main.yaml
+++ b/roles/service/tasks/main.yaml
@@ -0,0 +1,23 @@
+---
+- name: Mounts for {{ service_name }}
+  ansible.builtin.include_tasks: mounts.yaml
+  when: service_container_mounts | length > 0
+
+- name: Main container for {{ service_name }}
+  ansible.builtin.import_role:
+    name: container
+  vars:
+    container_name: "{{ service_name }}"
+    container_image: "{{ service_container_image }}"
+    container_mounts: "{{ _service_container_mounts }}"
+    container_publish_ports: "{{ service_container_publish_ports }}"
+    container_networks:
+      - "{{ service_name }}"
+    container_env: "{{ service_container_env }}"
+    container_requires: "{{ service_requires }}"
+    container_wants: "{{ [service_name + '-socat.socket'] if service_domains | length > 0 else [] }}"
+    container_auto_update: "{{ service_auto_update }}"
+
+- name: Reverse proxy for {{ service_name }}
+  ansible.builtin.include_tasks: proxy.yaml
+  when: service_domains | length > 0
--- a/roles/service/tasks/mounts.yaml
+++ b/roles/service/tasks/mounts.yaml
@@ -0,0 +1,22 @@
+---
+- name: Initialize variables
+  ansible.builtin.set_fact:
+    _service_container_mounts: []
+
+- name: Set container named mounts
+  ansible.builtin.set_fact:
+    _service_container_mounts: >
+      {{ _service_container_mounts + 
+      [mount | combine({'source': service_name + '-' + mount.source})] }}
+  when: mount.type == 'volume'
+  loop: "{{ service_container_mounts }}"
+  loop_control:
+    loop_var: mount
+
+- name: Set container named mounts
+  ansible.builtin.set_fact:
+    _service_container_mounts: "{{ _service_container_mounts + [mount] }}"
+  when: mount.type == 'bind'
+  loop: "{{ service_container_mounts }}"
+  loop_control:
+    loop_var: mount
--- a/roles/service/tasks/proxy.yaml
+++ b/roles/service/tasks/proxy.yaml
@@ -0,0 +1,35 @@
+---
+- name: Socat socket for {{ service_name }}
+  ansible.builtin.template:
+    src: socat.socket.j2
+    dest: /etc/systemd/system/{{ service_name }}-socat.socket
+    mode: "0644"
+  notify: Restart socat socket for {{ service_name }}
+
+- name: Socat container for {{ service_name }}
+  ansible.builtin.include_role:
+    name: container
+  vars:
+    container_name: "{{ service_name }}-socat"
+    container_image: "docker.io/alpine/socat:latest"
+    container_command:
+      - "ACCEPT-FD:3,fork"
+      - "TCP:{{ service_name }}:{{ service_container_http_port }}"
+    container_user: nobody
+    container_networks:
+      - "{{ service_name }}"
+    container_requires:
+      - "{{ service_name }}-socat.socket"
+      - "{{ service_name }}.service"
+    container_auto_start: false
+    container_auto_update: "{{ service_auto_update }}"
+
+- name: Reverse proxy for {{ service_name }}
+  ansible.builtin.import_role:
+    name: uumas.general.vhost
+  vars:
+    vhost_type: reverse_proxy
+    vhost_id: "{{ service_name }}"
+    vhost_domains: "{{ service_domains }}"
+    vhost_proxy_target_netproto: unix
+    vhost_proxy_target_socket: "/run/{{ service_name }}-socat.sock"