Compare commits

..

No commits in common. "3f62c8e58369fb36a28534b0bcd8010a9fed521f" and "1ad6c6110a839a8149dc784d08d59b4d594d02fe" have entirely different histories.

18 changed files with 105 additions and 106 deletions

View File

@ -40,7 +40,6 @@ Enhances system security with roles focused on security measures, user configura
- **[User Alarm](./roles/user-alarm/)**: Manages the alarm user. - **[User Alarm](./roles/user-alarm/)**: Manages the alarm user.
- **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access. - **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access.
- **[SSHD](./roles/sshd/)**: Configures SSH daemon settings. - **[SSHD](./roles/sshd/)**: Configures SSH daemon settings.
- **[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)**: Freezes and defrost maintenance services to prevent dangerous inteactions between services
## Virtual Private Network (VPN) ## Virtual Private Network (VPN)
Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections. Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections.

View File

@ -74,7 +74,7 @@ Contact me for more details:
## Showcases ## Showcases
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup: The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Service Freezer](./roles/system-maintenance-service-freezer)... [ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton)...
## License ## License

View File

@ -35,8 +35,8 @@ path_system_maintenance_service_freezer_script: "{{path_administrator_scripts}}s
# Runtime Variables # Runtime Variables
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
nginx_matomo_tracking: false # Activates matomo tracking on all html pages nginx_matomo_tracking: false # Activates matomo tracking on all html pages
nginx_www_redirect: true # Implements an redirect from all www. domains to the main domain
execute_updates: true # Executes updates execute_updates: true # Executes updates
force_backup_before_update: true # Activates the backup before the update procedure
# Domain Names # Domain Names
domain_akaunting: "akaunting.{{top_domain}}" domain_akaunting: "akaunting.{{top_domain}}"

View File

@ -1,9 +1,9 @@
[Unit] [Unit]
Description=backup docker volumes to local folder Description=docker volume backup
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services }}" --ignore "backup-docker-to-local,backup-remote-to-local,backup-data-to-usb" --max_attempts 600' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-docker-to-local") | join(',') }}"'
ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py ExecStart=/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service' ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -4,6 +4,6 @@ OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services }}" --ignore "backup-docker-to-local,backup-remote-to-local,backup-data-to-usb" --max_attempts 600' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "backup-remote-to-local") | join(',') }}"'
ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh ExecStart=/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service' ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -6,7 +6,7 @@ services:
env_file: .env env_file: .env
environment: environment:
- "POSTGRES_HOST_AUTH_METHOD=trust" - "POSTGRES_HOST_AUTH_METHOD=trust"
image: postgres:15-alpine image: postgres:alpine
volumes: volumes:
- database:/var/lib/postgresql/data - database:/var/lib/postgresql/data

View File

@ -11,7 +11,7 @@ x-application-defaults: &application-defaults
- TZ=Etc/UTC - TZ=Etc/UTC
x-database-defaults: &database-defaults x-database-defaults: &database-defaults
image: postgres:13-alpine image: postgres:alpine
ports: ports:
- "9432:5432" - "9432:5432"
networks: networks:

View File

@ -2,7 +2,7 @@ version: '3'
services: services:
database: database:
restart: always restart: always
image: postgres:14-alpine image: postgres:alpine
shm_size: 256mb shm_size: 256mb
networks: networks:
- internal_network - internal_network

View File

@ -4,7 +4,7 @@ services:
synapse: synapse:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
restart: always restart: unless-stopped
logging: logging:
driver: journald driver: journald
volumes: volumes:
@ -18,24 +18,24 @@ services:
- "127.0.0.1:{{http_port}}:8008" - "127.0.0.1:{{http_port}}:8008"
depends_on: depends_on:
- database - database
database: database:
logging: logging:
driver: journald driver: journald
image: mariadb image: postgres:alpine
restart: always restart: unless-stopped
environment:
MYSQL_DATABASE: "matrix"
MYSQL_USER: "matrix"
MYSQL_PASSWORD: "{{matrix_database_password}}"
MYSQL_ROOT_PASSWORD: "{{matrix_database_password}}"
MARIADB_AUTO_UPGRADE: "1"
volumes: volumes:
- database:/var/lib/mysql - database:/var/lib/postgresql/data
environment:
- POSTGRES_DB=matrix
- POSTGRES_USER=matrix
- POSTGRES_PASSWORD={{matrix_database_password}}
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
healthcheck: healthcheck:
test: "/usr/bin/mariadb --user=matrix --password={{matrix_database_password}} --execute \"SHOW DATABASES;\"" test: ["CMD-SHELL", "pg_isready -U matrix"]
interval: 3s interval: 10s
timeout: 1s timeout: 5s
retries: 5 retries: 6
# bridges # bridges
#mautrix-telegram: #mautrix-telegram:

View File

@ -9,7 +9,7 @@ listeners:
- names: [client, federation] - names: [client, federation]
compress: false compress: false
database: database:
name: mysql name: psycopg2
args: args:
user: matrix user: matrix
password: {{matrix_database_password}} password: {{matrix_database_password}}

View File

@ -28,21 +28,21 @@ services:
database: database:
logging: logging:
driver: journald driver: journald
image: mariadb options:
restart: always tag: "mybb_database"
environment: environment:
MYSQL_DATABASE: "mybb" POSTGRES_DB: mybb
MYSQL_USER: "mybb" POSTGRES_PASSWORD: "{{mybb_database_password}}"
MYSQL_PASSWORD: "{{mybb_database_password}}" POSTGRES_USER: mybb
MYSQL_ROOT_PASSWORD: "{{mybb_database_password}}" image: postgres:alpine
MARIADB_AUTO_UPGRADE: "1"
volumes: volumes:
- database:/var/lib/mysql - database:/var/lib/postgresql/data:rw
restart: always
healthcheck: healthcheck:
test: "/usr/bin/mariadb --user=mybb --password={{mybb_database_password}} --execute \"SHOW DATABASES;\"" test: ["CMD-SHELL", "pg_isready -U mybb"]
interval: 3s interval: 10s
timeout: 1s timeout: 5s
retries: 5 retries: 6
volumes: volumes:
database: database:
data: data:

View File

@ -17,7 +17,7 @@ services:
- redis - redis
restart: "always" restart: "always"
database: database:
image: postgres:13-alpine image: postgres:alpine
env_file: env_file:
- .env - .env
volumes: volumes:

View File

@ -1,90 +1,71 @@
import argparse import argparse
import subprocess import subprocess
import time import time
import os
def service_file_exists(service_name, service_type="service"):
"""Check if a systemd service file exists."""
# Paths where service files can be stored
path = "/etc/systemd/system/"
service_file_name = service_name + "." + service_type
full_path = os.path.join(path, service_file_name)
print(f"Checking {full_path}") # Added debug output
if os.path.isfile(full_path):
return True
else:
print(f"File not found.") # Debug output if file is not found
def check_service_active(service_name): def check_service_active(service_name):
"""Check if a service is active or activating.""" """Check if a service is active."""
result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE) result = subprocess.run(['systemctl', 'is-active', service_name], stdout=subprocess.PIPE)
service_status = result.stdout.decode('utf-8').strip() return result.stdout.decode('utf-8').strip() == 'active'
return service_status in ['active', 'activating']
def freeze(services_to_wait_for, ignored_services, max_attempts): def service_exists(service_name):
"""Check if a service exists."""
result = subprocess.run(['systemctl', 'status', service_name], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return result.returncode == 0
def freeze(services_to_wait_for, ignored_services):
# Filter services that exist and are not in the ignored list # Filter services that exist and are not in the ignored list
for service in services_to_wait_for: active_services = [service for service in services_to_wait_for if service_exists(service) and service not in ignored_services]
print(f"\nFreezing: {service}")
if service in ignored_services: while active_services:
print(f"{service} will be ignored.") for service in active_services:
else: if not check_service_active(service):
attempt=0 print(f"{service} stopped.")
break_time_sec=5 # Disable the service
while check_service_active(service): subprocess.run(['systemctl', 'disable', service])
attempt += 1 print(f"{service} disabled.")
print(f"({attempt}/{max_attempts}) Waiting for {break_time_sec} seconds for {service} to stop...")
time.sleep(break_time_sec)
if attempt > max_attempts:
raise Exception(f"Error: Maximum attempts ({max_attempts}) reached. Exit.")
# Stop and disable the corresponding timer, if it exists # Stop and disable the corresponding timer, if it exists
if service_file_exists(service,"timer"):
timer_name = service + ".timer" timer_name = service + ".timer"
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
if timer_name in timer_check.stdout.decode():
subprocess.run(['systemctl', 'stop', timer_name]) subprocess.run(['systemctl', 'stop', timer_name])
subprocess.run(['systemctl', 'disable', timer_name]) subprocess.run(['systemctl', 'disable', timer_name])
print(f"{timer_name} stopped and disabled.") print(f"{timer_name} stopped and disabled.")
active_services.remove(service)
else: else:
print(f"Skipped.") print(f"Waiting for {service} to stop...")
time.sleep(5)
print("\nAll required services have stopped.") print("All required services have stopped.")
def defrost(services_to_wait_for, ignored_services): def defrost(services_to_wait_for, ignored_services):
for service in services_to_wait_for: for service in services_to_wait_for:
print(f"\nUnfreezing: {service}") if service not in ignored_services and service_exists(service):
if service in ignored_services: # Enable the service
print(f"{service} will be ignored.") subprocess.run(['systemctl', 'enable', service])
elif service_file_exists(service,"timer"): print(f"{service} enabled.")
# Start and enable the corresponding timer, if it exists # Start and enable the corresponding timer, if it exists
timer_name = service + ".timer" timer_name = service + ".timer"
timer_check = subprocess.run(['systemctl', 'list-timers', '--all', timer_name], stdout=subprocess.PIPE)
if timer_name in timer_check.stdout.decode():
subprocess.run(['systemctl', 'start', timer_name]) subprocess.run(['systemctl', 'start', timer_name])
subprocess.run(['systemctl', 'enable', timer_name]) subprocess.run(['systemctl', 'enable', timer_name])
print(f"{timer_name} started and enabled.") print(f"{timer_name} started and enabled.")
else:
print(f"Skipped.")
print("\nAll required services are started.")
def main(services_to_wait_for, ignored_services, action, max_attempts): def main(services_to_wait_for, ignored_services, action):
print(f"Services to wait for: {services_to_wait_for}")
print(f"Services to ignore: {ignored_services}")
if action == 'freeze': if action == 'freeze':
print("Freezing services."); # Code to handle freeze action
freeze(services_to_wait_for, ignored_services, max_attempts) freeze(services_to_wait_for, ignored_services)
elif action == 'defrost': elif action == 'defrost':
print("Unfreezing services.");
defrost(services_to_wait_for, ignored_services) defrost(services_to_wait_for, ignored_services)
print('\nOverview:')
subprocess.run(['systemctl', 'list-timers'])
if __name__ == "__main__": if __name__ == "__main__":
parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers') parser = argparse.ArgumentParser(description='freezes and defrost systemctl services and timers')
parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.') parser.add_argument('action', choices=['freeze', 'defrost'], help='Action to perform: freeze or defrost services.')
parser.add_argument('services', help='Comma-separated list of services to apply the action to') parser.add_argument('services', help='Comma-separated list of services to apply the action to')
parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='') parser.add_argument('--ignore', help='Comma-separated list of services to ignore in the action', default='')
parser.add_argument('--max_attempts', type=int, default=60, help='Maximum number of attempts for freezing services')
args = parser.parse_args() args = parser.parse_args()
services_to_wait_for = args.services.split(',') services_to_wait_for = args.services.split(',')
ignored_services = args.ignore.split(',') if args.ignore else [] ignored_services = args.ignore.split(',') if args.ignore else []
max_attempts = args.max_attempts main(services_to_wait_for, ignored_services,args.action)
main(services_to_wait_for, ignored_services,args.action,max_attempts)

View File

@ -0,0 +1,9 @@
- name: "reload system-maintenance-service-freeze.service"
systemd:
name: system-maintenance-service-freeze.service
daemon_reload: yes
- name: "reload system-maintenance-service-defrost.service"
systemd:
name: system-maintenance-service-defrost.service
daemon_reload: yes

View File

@ -5,6 +5,16 @@
dest: "{{path_system_maintenance_service_freezer_script}}" dest: "{{path_system_maintenance_service_freezer_script}}"
when: run_once_system_maintenance_service_freeze is not defined when: run_once_system_maintenance_service_freeze is not defined
- name: Configure system-maintenance-service for each action
loop:
- freeze
- defrost
template:
src: system-maintenance-service-freezer.service.j2
dest: "/etc/systemd/system/system-maintenance-service-{{ item }}.service"
notify: "reload system-maintenance-service-{{ item }} service"
when: run_once_system_maintenance_service_freeze is not defined
- name: run the system_maintenance_service_freezer tasks once - name: run the system_maintenance_service_freezer tasks once
set_fact: set_fact:
run_once_system_maintenance_service_freeze: true run_once_system_maintenance_service_freeze: true
@ -13,7 +23,7 @@
- name: "restart system-maintenance-service.service" - name: "restart system-maintenance-service.service"
systemd: systemd:
name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service name: system-maintenance-service-{{system_maintenance_service_freeze_action}}.service
state: restarted state: restart
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action when: maintenance_service_freeze_action_last is not defined or maintenance_service_freeze_action_last != system_maintenance_service_freeze_action

View File

@ -1,5 +1,5 @@
[Unit] [Unit]
Description={{item}} systemctl maintenance services Description={{item}} systemctl maintanance services
OnFailure=systemd-notifier@%n.service OnFailure=systemd-notifier@%n.service
[Service] [Service]

View File

@ -4,7 +4,6 @@ OnFailure=systemd-notifier@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
{% if force_backup_before_update | bool %}ExecStartPre=/bin/sh -c 'systemctl start backup-docker-to-local.service'{% endif %}
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"' ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_maintenance_service_freezer_script }} freeze "{{ system_maintenance_services | reject('equalto', "update-docker") | join(',') }}"'
ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}' ExecStart=/bin/sh -c '/usr/bin/python {{update_docker_script}} {{path_docker_compose_instances}}'
ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service' ExecStartPost=/bin/sh -c 'systemctl start system-maintenance-service-defrost.service'

View File

@ -236,9 +236,10 @@
domain_mappings: "{{redirect_domain_mappings}}" domain_mappings: "{{redirect_domain_mappings}}"
- name: setup www redirect - name: setup www redirect
hosts: www_redirect hosts: all
become: true become: true
roles: roles:
- role: nginx-www-redirect - role: nginx-www-redirect
when: nginx_www_redirect | bool
- import_playbook: destructor.yml - import_playbook: destructor.yml