Make socat its own role

roles/socat/README.md

@@ -0,0 +1 @@
+Sets up a socat container along with a systemd socket unit to forward traffic to it

roles/socat/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+socat_target_container: "{{ socat_service_name }}"
+socat_container_ip: ""
+socat_auto_update: true

roles/socat/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Restart socat socket for {{ socat_service_name }}
+  ansible.builtin.set_fact:
+    systemd_restart_units: "{{ systemd_restart_units + [socat_service_name ~ '-socat.socket'] }}" # noqa: var-naming[no-role-prefix]
+  changed_when: true
+  notify: Apply systemd unit restarts

roles/socat/meta/argument_specs.yaml

@@ -0,0 +1,28 @@
+---
+argument_specs:
+  main:
+    description: Sets up a socat container along with a systemd socket unit to forward traffic to it
+    options:
+      socat_service_name:
+        description: Name of the socat service, used for systemd unit and container naming
+        type: str
+        required: true
+      socat_target_container:
+        description: Name of the container to forward traffic to
+        type: str
+        required: false
+        default: "{{ socat_service_name }}"
+      socat_target_http_port:
+        description: Port on the target container to forward traffic to
+        type: int
+        required: true
+      socat_container_ip:
+        description: IP address to assign to the socat container.
+        type: str
+        required: false
+        default: ""
+      socat_auto_update:
+        description: Whether to automatically update the socat container
+        type: bool
+        required: false
+        default: true

roles/socat/tasks/main.yaml

@@ -0,0 +1,28 @@
+---
+- name: Socat socket for {{ socat_service_name }}
+  ansible.builtin.template:
+    src: socat.socket.j2
+    dest: /etc/systemd/system/{{ socat_service_name }}-socat.socket
+    mode: "0644"
+  notify:
+    - Reload systemd daemon
+    - Restart socat socket for {{ socat_service_name }}
+
+- name: Socat container for {{ socat_service_name }}
+  ansible.builtin.import_role:
+    name: container
+  vars:
+    container_name: "{{ socat_service_name }}-socat"
+    container_image: "docker.io/alpine/socat:latest"
+    container_command:
+      - "ACCEPT-FD:3,fork"
+      - "TCP:{{ socat_target_container }}:{{ socat_target_http_port }}"
+    container_user: nobody
+    container_networks:
+      - "{{ socat_service_name }}-socat"
+    container_ip: "{{ socat_container_ip }}"
+    container_requires:
+      - "{{ socat_service_name }}-socat.socket"
+      - "{{ socat_target_container }}.service"
+    container_auto_start: false
+    container_auto_update: "{{ socat_auto_update }}"

roles/socat/templates/socat.socket.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+[Unit]
+Description={{ socat_service_name }} socat socket
+Requires={{ socat_target_container }}.service
+
+[Socket]
+ListenStream=/run/{{ socat_service_name }}-socat.sock