Use path variables for bhyve. Changes #31

Use path variables for Unbound. Changes #31
Use path variables for Rspamd. Changes #31
2022-07-04 02:58:24 +02:00 · 2022-07-04 02:57:18 +02:00 · 2022-07-04 02:56:34 +02:00 · 2022-07-04 02:55:56 +02:00 · 2022-07-04 02:54:03 +02:00 · 2022-07-04 02:53:23 +02:00
27 changed files with 137 additions and 116 deletions
--- a/group_vars/freebsd
+++ b/group_vars/freebsd
@ -1,2 +1,5 @@
 ---
 ansible_python_interpreter: /usr/local/bin/python3.8
+s6_etc_dir: /etc/s6-rc
+s6_live_dir: /run/s6-rc
+s6_scan_dir: /run/service
--- a/roles/bhyve-s6/tasks/main.yml
+++ b/roles/bhyve-s6/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Define bhyve guest service definitions
  file:
-    path: '/etc/s6-rc/service/bhyve-{{ item.0.name }}{{ item.1 }}'
+    path: '{{ s6_etc_dir }}/service/bhyve-{{ item.0.name }}{{ item.1 }}'
    state: directory
    owner: root
    group: wheel
@ -16,7 +16,7 @@

 - name: Instantiating service templates
  template:
-    dest: '/etc/s6-rc/service/bhyve-{{ item.0.name }}{{ item.1.name }}'
+    dest: '{{ s6_etc_dir }}/service/bhyve-{{ item.0.name }}{{ item.1.name }}'
    src: 'bhyve{{ item.1.name }}.j2'
    owner: root
    group: wheel
@ -34,7 +34,7 @@

 - name: Start enabled bhyve guests
  command: >
-    fdmove -c 2 1 s6-rc -v 2 -u change bhyve-{{ item.name }}
+    fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -v 2 -u change bhyve-{{ item.name }}
  register: change
  when: item.enabled | default
  changed_when: change.stdout | length > 0
@ -52,13 +52,13 @@
  notify:
    - Reload s6-rc
  with_items:
-    - /etc/s6-rc/service/bhyve
-    - /etc/s6-rc/service/bhyve-disabled
-    - /etc/s6-rc/service/bhyve-enabled
+    - '{{ s6_etc_dir }}/service/bhyve'
+    - '{{ s6_etc_dir }}/service/bhyve-disabled'
+    - '{{ s6_etc_dir }}/service/bhyve-enabled'

 - name: Declare bhyve service as bundle
  copy:
-    dest: '/etc/s6-rc/service/{{ item }}/type'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}/type'
    content: bundle
    owner: root
    group: wheel
@ -72,7 +72,7 @@

 - name: Define bhyve service bundles
  template:
-    dest: '/etc/s6-rc/service/{{ item }}/contents'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}/contents'
    src: '{{ item }}-contents.j2'
    owner: root
    group: wheel
@ -89,13 +89,13 @@

 - name: Stop disabled bhyve guests
  command: >
-    fdmove -c 2 1 s6-rc -v 2 -d change bhyve-disabled
+    fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -v 2 -d change bhyve-disabled
  register: change
  changed_when: change.stdout | length > 0

 - name: Autostart enabled bhyve guests
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: '^bhyve-enabled$'
    line: 'bhyve-enabled'
  notify:
--- a/roles/dovecot/handlers/main.yml
+++ b/roles/dovecot/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded

 - name: Reload Dovecot
-  command: s6-svc -h /run/service/dovecot
+  command: s6-svc -h {{ s6_scan_dir }}/dovecot

 - name: Restart Dovecot
-  command: s6-svc -wR -T 5000 -ru /run/service/dovecot
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/dovecot

 - name: Restart Dovecot log
-  command: s6-svc -wR -T 5000 -ru /run/service/dovecot-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/dovecot-log
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -63,7 +63,7 @@

 - name: Create Dovecot service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -76,7 +76,7 @@

 - name: Generate Dovecot service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -89,7 +89,7 @@

 - name: Generate Dovecot service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -123,7 +123,7 @@
    group: acme
    regexp: '^DEPLOY_DOVECOT_PEM_PATH='
    state: present
-    line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h /run/service/dovecot"'
+    line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'

 - name: Flush handlers
  meta: flush_handlers
@ -137,20 +137,20 @@
    group: wheel

 - name: Deploy X.509 certificate to Dovecot
-  command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h /run/service/dovecot"'
+  command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'
  args:
    creates: /usr/local/etc/dovecot/fullchain.pem
  notify:
    - Reload Dovecot

 - name: Start Dovecot
-  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change dovecot
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change dovecot
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable Dovecot
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^dovecot$"
    line: dovecot
    state: present
--- a/roles/dovecot/templates/acme_dovecot.j2
+++ b/roles/dovecot/templates/acme_dovecot.j2
@ -1 +1 @@
-acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h /run/service/dovecot
+acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h {{ s6_scan_dir }}/dovecot
--- a/roles/haproxy/handlers/main.yml
+++ b/roles/haproxy/handlers/main.yml
@ -5,13 +5,13 @@
    state: reloaded

 - name: Restart HAProxy
-  command: s6-svc -wU -T 5000 -ru /run/service/haproxy
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy

 - name: Restart HAProxy log
-  command: s6-svc -wU -T 5000 -ru /run/service/haproxy-log
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy-log

 - name: Reload HAProxy
-  command: s6-svc -2 /run/service/haproxy
+  command: s6-svc -2 {{ s6_scan_dir }}/haproxy

 - name: Restart acme-renew
-  command: s6-svc -wU -T 5000 -ru /run/service/acme-renew
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/acme-renew
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -200,7 +200,7 @@
  meta: flush_handlers

 - name: Start HAProxy
-  command: fdmove -c 2 1 s6-rc -u -v 2 change haproxy
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change haproxy
  register: change
  changed_when: change.stdout | length > 0

@ -243,7 +243,7 @@
    path: /var/db/acme/account.conf
    regex: '^DEPLOY_HAPROXY_RELOAD='
    state: present
-    line: 'DEPLOY_HAPROXY_RELOAD="sudo s6-svc -h /run/service/haproxy"'
+    line: 'DEPLOY_HAPROXY_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/haproxy"'

 - name: Allow acme user to reload haproxy
  template:
@ -309,7 +309,7 @@
  meta: flush_handlers

 - name: Start acme renew service
-  command: fdmove -c 2 1 s6-rc -u -v 2 change acme-renew
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change acme-renew
  register: change
  changed_when: change.stdout | length > 0

--- a/roles/haproxy/templates/acme.j2
+++ b/roles/haproxy/templates/acme.j2
@ -1 +1 @@
-acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h /run/service/haproxy
+acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h {{ s6_scan_dir }}/haproxy
--- a/roles/mlmmj/handlers/main.yml
+++ b/roles/mlmmj/handlers/main.yml
@ -1,9 +1,9 @@
 ---
 - name: Restart Postfix
-  command: s6-svc -wU -T 5000 -ru /run/service/postfix
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix

 - name: Reload Postfix
-  command: s6-svc -h /run/service/postfix
+  command: s6-svc -h {{ s6_scan_dir }}/postfix

 - name: Rebuild mlmmj virtual aliases
  command: postmap hash:/usr/local/etc/postfix/virtual_mlmmj
@ -17,4 +17,4 @@
    state: reloaded

 - name: Restart mlmmj-maintd
-  command: s6-svc -wU -T 5000 -ru /run/service/mlmmj-maintd
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/mlmmj-maintd
--- a/roles/mlmmj/tasks/main.yml
+++ b/roles/mlmmj/tasks/main.yml
@ -19,7 +19,6 @@
    home: /var/vmail/mlmmj
    shell: /sbin/nologin

-
 - name: Create lists directory
  file:
    path: /var/vmail/mlmmj
@ -73,7 +72,7 @@

 - name: Create mlmmj-maintd service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -85,7 +84,7 @@

 - name: Generate mlmmj-maintd service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -97,7 +96,7 @@

 - name: Generate mlmmj-maintd service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -113,13 +112,13 @@
  meta: flush_handlers

 - name: Start mlmmj-maintd
-  command: fdmove -c 2 1 s6-rc -u -v 2 change mlmmj-maintd
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change mlmmj-maintd
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable mlmmj-maintd
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^mlmmj-maintd$"
    line: "mlmmj-maintd"
  notify:
@ -269,7 +268,7 @@
 - name: Set moderate subscription
  copy:
    dest: '/var/vmail/mlmmj/{{ item.name }}/control/submod'
-    content: ''
+    content: '{{ item.subscription_moderators | default([]) | join("\n") }}'
    force: no
    owner: mlmmj
    group: mlmmj
--- a/roles/nsd/handlers/main.yml
+++ b/roles/nsd/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded

 - name: Reload nsd
-  command: s6-svc -h /run/service/nsd
+  command: s6-svc -h {{ s6_scan_dir }}/nsd

 - name: Restart nsd
-  command: s6-svc -wR -T 5000 -ru /run/service/nsd
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/nsd

 - name: Restart nsd log
-  command: s6-svc -wR -T 5000 -ru /run/service/nsd-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/nsd-log
--- a/roles/nsd/tasks/main.yml
+++ b/roles/nsd/tasks/main.yml
@ -14,7 +14,7 @@

 - name: Create nsd service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -27,7 +27,7 @@

 - name: Generate nsd service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -40,7 +40,7 @@

 - name: Generate nsd service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -67,13 +67,13 @@
  meta: flush_handlers

 - name: Start nsd
-  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change nsd
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change nsd
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable nsd
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^nsd$"
    line: nsd
    state: present
--- a/roles/openntpd/handlers/main.yml
+++ b/roles/openntpd/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded

 - name: Restart OpenNTPD
-  command: s6-svc -wR -T 5000 -ru /run/service/openntpd
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/openntpd

 - name: Restart OpenNTPD log
-  command: s6-svc -wR -T 5000 -ru /run/service/openntpd-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/openntpd-log
--- a/roles/openntpd/tasks/main.yml
+++ b/roles/openntpd/tasks/main.yml
@ -14,7 +14,7 @@

 - name: Create OpenNTPD service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -27,7 +27,7 @@

 - name: Generate OpenNTPD service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -40,7 +40,7 @@

 - name: Generate OpenNTPD service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -67,13 +67,13 @@
  meta: flush_handlers

 - name: Start OpenNTPD
-  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change openntpd
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change openntpd
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable OpenNTPD
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^openntpd$"
    line: openntpd
    state: present
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@ -5,13 +5,13 @@
    state: reloaded

 - name: Restart Postfix
-  command: s6-svc -wU -T 5000 -ru /run/service/postfix
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix

 - name: Restart Postfix log
-  command: s6-svc -wU -T 5000 -ru /run/service/postfix-log
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix-log

 - name: Reload Postfix
-  command: s6-svc -h /run/service/postfix
+  command: s6-svc -h {{ s6_scan_dir }}/postfix

 - name: Rebuild Postfix maps
  command: 'postmap {{ item.type }}:{{ item.name }}'
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@ -53,7 +53,7 @@

 - name: Create Postfix service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -62,7 +62,7 @@

 - name: Generate Postfix service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -74,7 +74,7 @@

 - name: Generate Postfix service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -129,13 +129,13 @@
  meta: flush_handlers

 - name: Start Postfix
-  command: fdmove -c 2 1 s6-rc -u -v 2 change postfix
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change postfix
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable Postfix
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^postfix$"
    line: "postfix"
  notify:
--- a/roles/redis/handlers/main.yml
+++ b/roles/redis/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded

 - name: 'Restart redis-{{ redis_instance }}'
-  command: s6-svc -wR -T 15000 -ru /run/service/redis-{{ redis_instance }}
+  command: s6-svc -wR -T 15000 -ru {{ s6_scan_dir }}/redis-{{ redis_instance }}

 - name: 'Restart redis-{{ redis_instance }} log'
-  command: s6-svc -wR -T 5000 -ru /run/service/redis-{{ redis_instance }}-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/redis-{{ redis_instance }}-log
--- a/roles/redis/tasks/main.yml
+++ b/roles/redis/tasks/main.yml
@ -30,7 +30,7 @@

 - name: 'Create redis-{{ redis_instance }} service directories'
  file:
-    path: '/etc/s6-rc/service/redis-{{ redis_instance}}{{ item }}'
+    path: '{{ s6_etc_dir }}/service/redis-{{ redis_instance}}{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -43,7 +43,7 @@

 - name: 'Generate redis-{{ redis_instance }} service scripts'
  template:
-    dest: '/etc/s6-rc/service/redis-{{ redis_instance }}{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/redis-{{ redis_instance }}{{ item }}'
    src: 'redis{{ item }}.j2'
    mode: 0555
    owner: root
@ -56,7 +56,7 @@

 - name: 'Generate redis-{{ redis_instance }} service configuration'
  copy:
-    dest: '/etc/s6-rc/service/redis-{{ redis_instance}}{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/redis-{{ redis_instance}}{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -83,13 +83,13 @@
  meta: flush_handlers

 - name: 'Start redis-{{ redis_instance }}'
-  command: 'fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change redis-{{ redis_instance }}'
+  command: 'fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change redis-{{ redis_instance }}'
  register: change
  changed_when: change.stdout | length > 0

 - name: 'Enable redis-{{ redis_instance }}'
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^redis-{{ redis_instance }}$"
    line: 'redis-{{ redis_instance }}'
    state: present
--- a/roles/restic/handlers/main.yml
+++ b/roles/restic/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded

 - name: Restart restic
-  command: s6-svc -wU -T 5000 -ru /run/service/restic
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/restic

 - name: Restart restic-log
-  command: s6-svc -wU -T 5000 -ru /run/service/restic-log
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/restic-log
--- a/roles/restic/tasks/main.yml
+++ b/roles/restic/tasks/main.yml
@ -53,7 +53,7 @@
  meta: flush_handlers

 - name: Start restic renew service
-  command: fdmove -c 2 1 s6-rc -u -v 2 change restic
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change restic
  register: change
  changed_when: change.stdout | length > 0

--- a/roles/rspamd/handlers/main.yml
+++ b/roles/rspamd/handlers/main.yml
@ -5,16 +5,16 @@
    state: reloaded

 - name: Restart Rspamd
-  command: s6-svc -wR -T 5000 -ru /run/service/rspamd
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/rspamd

 - name: Restart Rspamd log
-  command: s6-svc -wR -T 5000 -ru /run/service/rspamd-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/rspamd-log

 - name: Restart HAProxy
-  command: s6-svc -wU -T 5000 -ru /run/service/haproxy
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy

 - name: Restart HAProxy log
-  command: s6-svc -wU -T 5000 -ru /run/service/haproxy-log
+  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy-log

 - name: Reload HAProxy
-  command: s6-svc -2 /run/service/haproxy
+  command: s6-svc -2 {{ s6_scan_dir }}/haproxy
--- a/roles/rspamd/tasks/main.yml
+++ b/roles/rspamd/tasks/main.yml
@ -43,7 +43,7 @@

 - name: Create Rspamd service directories
  file:
-    path: '/etc/s6-rc/service/{{ item }}'
+    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -56,7 +56,7 @@

 - name: Generate Rspamd service scripts
  template:
-    dest: '/etc/s6-rc/service/{{ item }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -69,7 +69,7 @@

 - name: Generate Rspamd service configuration
  copy:
-    dest: '/etc/s6-rc/service/{{ item.name }}'
+    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -86,13 +86,13 @@
  meta: flush_handlers

 - name: Start Rspamd
-  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change rspamd
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change rspamd
  register: change
  changed_when: change.stdout | length > 0

 - name: Enable Rspamd
  lineinfile:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^rspamd$"
    line: rspamd
    state: present
--- a/roles/s6-rc/tasks/main.yml
+++ b/roles/s6-rc/tasks/main.yml
@ -11,13 +11,13 @@
    group: wheel
    mode: 0755
  with_items:
-    - /etc/s6-rc
-    - /etc/s6-rc/service
-    - /etc/s6-rc/service/enabled
+    - '{{ s6_etc_dir }}'
+    - '{{ s6_etc_dir }}/service'
+    - '{{ s6_etc_dir }}/service/enabled'

 - name: Define enabled services bundle
  copy:
-    dest: /etc/s6-rc/service/enabled/type
+    dest: '{{ s6_etc_dir }}/service/enabled/type'
    content: bundle
    owner: root
    group: wheel
@ -25,7 +25,7 @@

 - name: Default to an empty set of enabled servics
  file:
-    path: /etc/s6-rc/service/enabled/contents
+    path: '{{ s6_etc_dir }}/service/enabled/contents'
    state: touch
    owner: root
    group: wheel
@ -46,15 +46,15 @@
  command: >
    s6-rc-compile -v 2 .compiled.{{ s6_uuid }} service
  args:
-    creates: /etc/s6-rc/compiled
-    chdir: /etc/s6-rc
+    creates: '{{ s6_etc_dir }}/compiled'
+    chdir: '{{ s6_etc_dir }}'

 - name: Link to the latest service database
  command: >
    env ln -shf .compiled.{{ s6_uuid }} compiled
  args:
-    creates: /etc/s6-rc/compiled
-    chdir: /etc/s6-rc
+    creates: '{{ s6_etc_dir }}/compiled'
+    chdir: '{{ s6_etc_dir }}'

 - name: Make sure that tmpfs support is loaded early
  lineinfile:
@ -72,7 +72,7 @@

 - name: Generate s6-svscan startup script
  template:
-    dest: /etc/s6-rc/scan
+    dest: '{{ s6_etc_dir }}/scan'
    src: scan.j2
    owner: root
    group: wheel
@ -82,7 +82,7 @@
  lineinfile:
    path: /etc/ttys
    regexp: '^null'
-    line: 'null    "/etc/s6-rc/scan"               vt100   on secure'
+    line: 'null    "{{ s6_etc_dir }}/scan"               vt100   on secure'
  notify:
    - Reload /etc/ttys

--- a/roles/s6-rc/templates/s6-rc.j2
+++ b/roles/s6-rc/templates/s6-rc.j2
@ -5,6 +5,13 @@
 # REQUIRE: NETWORKING daemon
 # KEYWORD: shutdown

+etc_dir="{{ s6_etc_dir }}"
+scan_dir="{{ s6_scan_dir }}"
+live_dir="{{ s6_live_dir }}"
+
+EX_UNAVAILABLE=69
+EX_CONFIG=78
+
 . /etc/rc.subr

 export PATH="$PATH:/usr/local/bin:/usr/local/sbin"
@ -27,7 +34,7 @@ s6_wait()
 {
 	local i=0

-	while ! s6-svscanctl -z /run/service 2>/dev/null; do
+	while ! s6-svscanctl -z "$scan_dir" 2>/dev/null; do
 		if [ $i -ge $s6_timeout ]; then
 			echo "Timeout waiting for s6-svscan." >&2
 			return 1
@ -48,19 +55,19 @@ s6_wait()

 s6_rc_init()
 {
-	if [ ! -e /run/s6-rc ]; then
-		s6-rc-init /run/service
+	if [ ! -e "$live_dir" ]; then
+		s6-rc-init -l "$live_dir" "$scan_dir"
 	fi
 }

 s6_rc_up()
 {
-	s6-rc -v 2 -u -t $up_timeout change enabled
+	s6-rc -l "$live_dir" -v 2 -u -t "$up_timeout" change enabled
 }

 s6_rc_down()
 {
-	s6-rc -v 2 -d -a -t $down_timeout change
+	s6-rc -l "$live_dir" -v 2 -d -a -t "$down_timeout" change
 }

 s6_rc_start()
@ -82,16 +89,26 @@ s6_rc_reload()
 {
 	local uuid="$(uuidgen)"

-	cd /etc/s6-rc
-	echo "Compiling new s6-rc service database."
-	s6-rc-compile -v 2 ".compiled.$uuid" service
+	cd "$etc_dir"
+	echo "Compiling the s6-rc service definitions into a services database: $etc_dir/service -> $etc_dir/.compiled.$uuid."
+	if ! s6-rc-compile -v 2 ".compiled.$uuid" service; then
+		echo "Failed to compile the service definitions into a services database." >&2
+		return $EX_CONFIG
+	fi

-	if s6-rc-update -v 2 -t $update_timeout "/etc/s6-rc/.compiled.$uuid"; then
+	echo "Updating the running s6-rc service manager to the latest compiled services database: $etc_dir/.compiled.$uuid."
+	if s6-rc-update -l "$live_dir" -v 2 -t $update_timeout "$etc_dir/.compiled.$uuid"; then
+		echo "Marking the running services database as selected default configuration: .compiled.$uuid -> compiled."
 		ln -shf ".compiled.$uuid" compiled
-		echo "Updated s6-rc service database."

-		echo "Deleting old service databases."
-		find -s . -mindepth 1 -maxdepth 1 -type d -name '.compiled.*' -not -name ".compiled.$uuid" -print0 | xargs -0 rm -r
+		echo "Deleting stale services databases."
+		if ! find -s . -mindepth 1 -maxdepth 1 -type d -name '.compiled.*' -not -name ".compiled.$uuid" -print0 | xargs -0 rm -r; then
+			echo "Failed to delete stale services databases." >&2
+			return $EX_CONFIG
+		fi
+	else
+		echo "Failed to update the running s6-rc manager to the latest service database." >&2
+		return $EX_CONFIG
 	fi
 }

@ -99,19 +116,20 @@ s6_rc_status()
 {
 	local result=0

-	if s6-svscanctl -z /run/service 2>/dev/null; then
-		echo "The s6-svscan supervisor is responsible."
+	# Check if s6-svscan is responsive by asking it to invoke its reaper (almost a NOP)
+	if s6-svscanctl -z "$scan_dir" 2>/dev/null; then
+		echo "The s6-svscan supervisor is responsive."
 	else
 		echo "The s6-svscan supervisor is unavailable."
 		result=1
 	fi

-	if [ -e /run/s6-rc ]; then
-		echo "The s6-rc service manager is initialized."
+	if [ -e "$live_dir" ]; then
+		echo "The s6-rc service manager has been initialized."

 		echo
 		echo "These services are currently active:"
-		s6-rc -a list
+		s6-rc -l "$live_dir" -a list
 	else
 		echo "The s6-rc service manager is uninitalized."
 		result=1
--- a/roles/s6-rc/templates/scan.j2
+++ b/roles/s6-rc/templates/scan.j2
@ -1,6 +1,7 @@
 #!/bin/sh -e

 export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
+scan_dir="{{ s6_scan_dir }}"

-install -d -o root -g wheel -m 755 /run/service
-exec s6-svscan /run/service
+install -d -o root -g wheel -m 755 -- "$scan_dir"
+exec s6-svscan "$scan_dir"
--- a/roles/unbound/handlers/main.yml
+++ b/roles/unbound/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded

 - name: Reload unbound
-  command: s6-svc -h /run/service/unbound
+  command: s6-svc -h {{ s6_scan_dir }}/unbound

 - name: Restart unbound
-  command: s6-svc -wR -T 5000 -ru /run/service/unbound
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/unbound

 - name: Restart unbound log
-  command: s6-svc -wR -T 5000 -ru /run/service/unbound-log
+  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/unbound-log
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@ -67,7 +67,7 @@
  meta: flush_handlers

 - name: Start unbound
-  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change unbound
+  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change unbound
  register: change
  changed_when: change.stdout | length > 0
Author	SHA1	Message	Date
Crest	f8704927fb	Use path variables for bhyve. Changes #31	2022-07-04 02:58:24 +02:00
Crest	50a3a3d270	Use path variables for Unbound. Changes #31	2022-07-04 02:57:18 +02:00
Crest	53f05a7071	Use path variables for Rspamd. Changes #31	2022-07-04 02:56:34 +02:00
Crest	e7eeb4039a	Use path variables for restic. Changes #31	2022-07-04 02:55:56 +02:00
Crest	b00f1a4c44	Use path variables for Redis. Changes #31	2022-07-04 02:54:03 +02:00
Crest	6a8cee385b	Use path variables for Postfix. Changes #31	2022-07-04 02:53:23 +02:00
Crest	96b6c8fe4b	Use path variables for OpenNTPD. Changes #31	2022-07-04 02:49:53 +02:00
Crest	8f23dd83b0	Use path variables for NSD. Changes #31	2022-07-04 02:47:17 +02:00
Crest	493a459466	Use path variables for mlmmj. Changes #31	2022-07-04 02:46:45 +02:00
Crest	6f18f4a005	Use path variables for HAProxy. Changes #31	2022-07-04 02:46:09 +02:00
Crest	b9d4e0b0d0	Use s6 path variables for Dovecot Updates #31	2022-07-04 02:44:47 +02:00
Crest	803ebdbded	Improve s6-rc rc.d script * Deduplicate path literals * Pass live directory to s6-rc invocations Changes #31	2022-07-04 02:42:22 +02:00
Crest	050fb34846	Deduplicate path literals Changes #31	2022-07-04 02:41:15 +02:00
Crest	b7db27558b	Collect duplicated path literals into variables. The `s6` roles used to contain lots of repetitions of the same paths. Collect the paths in variables to remove duplicated path literals. Changes #31.	2022-07-04 02:36:48 +02:00