Make socat its own role

roles/service/handlers/main.yaml

@@ -5,17 +5,3 @@
     state: restarted
     daemon_reload: true
   ignore_errors: '{{ ansible_check_mode }}'
-
-- name: Restart socat socket for {{ service_name }}
-  ansible.builtin.systemd_service:
-    name: "{{ service_name }}-socat.socket"
-    state: restarted
-    daemon_reload: true
-  ignore_errors: '{{ ansible_check_mode }}'
-
-- name: Restart socat socket for {{ service_name ~ '-oauth2-proxy' }}
-  ansible.builtin.systemd_service:
-    name: "{{ service_name }}-oauth2-proxy-socat.socket"
-    state: restarted
-    daemon_reload: true
-  ignore_errors: '{{ ansible_check_mode }}'

roles/service/tasks/main.yaml

@@ -47,13 +47,15 @@
     container_auto_update: "{{ service_auto_update }}"
 
 - name: Socat for {{ service_name }}
-  ansible.builtin.include_tasks: socat.yaml
+  ansible.builtin.include_role:
+    name: socat
   when: service_container_http_port > 0
   vars:
     socat_service_name: "{{ service_name }}"
     socat_target_http_port: "{{ service_container_http_port }}"
     socat_container_ip: >-
       {{ service_container_ip | ansible.utils.ipmath(3) if _service_static_ip else '' }}
+    socat_auto_update: "{{ service_auto_update }}"
 
 - name: Reverse proxy for {{ service_name }}
   ansible.builtin.include_tasks: proxy.yaml

roles/service/tasks/oauth2_proxy.yaml

@@ -30,8 +30,10 @@
     container_auto_update: "{{ service_auto_update }}"
 
 - name: Socat for OAuth2 Proxy for {{ service_name }}
-  ansible.builtin.import_tasks: socat.yaml
+  ansible.builtin.import_role:
+    name: socat
   vars:
     socat_service_name: "{{ service_name }}-oauth2-proxy"
     socat_target_http_port: 4180
     socat_container_ip: ""
+    socat_auto_update: "{{ service_auto_update }}"

roles/socat/README.md

@@ -0,0 +1 @@
+Sets up a socat container along with a systemd socket unit to forward traffic to it

roles/socat/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+socat_target_container: "{{ socat_service_name }}"
+socat_container_ip: ""
+socat_auto_update: true

roles/socat/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Restart socat socket for {{ socat_service_name }}
+  ansible.builtin.set_fact:
+    systemd_restart_units: "{{ systemd_restart_units + [socat_service_name ~ '-socat.socket'] }}" # noqa: var-naming[no-role-prefix]
+  changed_when: true
+  notify: Apply systemd unit restarts

roles/socat/meta/argument_specs.yaml

@@ -0,0 +1,28 @@
+---
+argument_specs:
+  main:
+    description: Sets up a socat container along with a systemd socket unit to forward traffic to it
+    options:
+      socat_service_name:
+        description: Name of the socat service, used for systemd unit and container naming
+        type: str
+        required: true
+      socat_target_container:
+        description: Name of the container to forward traffic to
+        type: str
+        required: false
+        default: "{{ socat_service_name }}"
+      socat_target_http_port:
+        description: Port on the target container to forward traffic to
+        type: int
+        required: true
+      socat_container_ip:
+        description: IP address to assign to the socat container.
+        type: str
+        required: false
+        default: ""
+      socat_auto_update:
+        description: Whether to automatically update the socat container
+        type: bool
+        required: false
+        default: true

roles/socat/tasks/main.yaml

@@ -4,7 +4,9 @@
     src: socat.socket.j2
     dest: /etc/systemd/system/{{ socat_service_name }}-socat.socket
     mode: "0644"
-  notify: Restart socat socket for {{ socat_service_name }}
+  notify:
+    - Reload systemd daemon
+    - Restart socat socket for {{ socat_service_name }}
 
 - name: Socat container for {{ socat_service_name }}
   ansible.builtin.import_role:
@@ -14,13 +16,13 @@
     container_image: "docker.io/alpine/socat:latest"
     container_command:
       - "ACCEPT-FD:3,fork"
-      - "TCP:{{ socat_service_name }}:{{ socat_target_http_port }}"
+      - "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}"
     container_user: nobody
     container_networks:
-      - "{{ socat_service_name }}"
+      - "{{ socat_service_name }}-socat"
     container_ip: "{{ socat_container_ip }}"
     container_requires:
       - "{{ socat_service_name }}-socat.socket"
-      - "{{ socat_service_name }}.service"
+      - "{{ socat_target_container }}.service"
     container_auto_start: false
-    container_auto_update: "{{ service_auto_update }}"
+    container_auto_update: "{{ socat_auto_update }}"

roles/socat/templates/socat.socket.j2

@@ -1,6 +1,7 @@
 # {{ ansible_managed }}
 [Unit]
 Description={{ socat_service_name }} socat socket
+Requires={{ socat_target_container }}.service
 
 [Socket]
 ListenStream=/run/{{ socat_service_name }}-socat.sock