service: Split container network namespaces

roles/service/tasks/additional.yaml

@@ -10,7 +10,7 @@
     container_user: "{{ service_container_user }}"
     container_mounts: "{{ _service_additional_container_mounts }}"
     container_publish_ports: "{{ _service_additional_container_publish_ports }}"
-    container_networks: "{{ _service_container_networks }}"
+    container_networks: "{{ _service_additional_container_networks }}"
     container_ip: "{{ _service_additional_container_ip }}"
     container_secrets: "{{ _service_additional_container.secrets | default(_service_container_secrets) }}"
     container_hostname: "{{ _service_additional_container.name | regex_replace('^' ~ service_name ~ '-', '') }}"

roles/service/vars/main/additional.yaml

@@ -11,6 +11,19 @@ _service_additional_containers: >-
       | map('combine')
   }}
 
+_service_additional_container_networks: >-
+  {{
+    [service_name]
+    + [_service_additional_container.name]
+    + service_container_additional_networks
+    + (
+      _service_additional_container_publish_socket_ports
+      | map(attribute='name')
+      | map('regex_replace', '^', service_name ~ '-')
+      | map('regex_replace', '$', '-socat')
+    )
+  }}
+
 _service_additional_container_ip: >-
   {{
     service_container_ip |

roles/service/vars/main/general.yaml

@@ -1,5 +1,12 @@
 ---
-_service_container_networks: "{{ [service_name] + service_container_additional_networks }}"
+_service_container_networks: >-
+  {{
+    [service_name]
+    + service_container_additional_networks
+    + ([service_name ~ '-socat'] if service_container_http_port > 0 else [])
+    + (_service_container_publish_socket_ports | map(attribute='name') | map('regex_replace', '^', service_name ~ '-'))
+    + (_service_additional_containers | map(attribute='name'))
+  }}
 _service_static_ip: "{{ service_container_ip | length > 0 }}"
 
 _service_container_requires: >-