27 changed files with 116 additions and 137 deletions
--- a/group_vars/freebsd
+++ b/group_vars/freebsd
@ -1,5 +1,2 @@
 ---
 ansible_python_interpreter: /usr/local/bin/python3.8
 s6_etc_dir: /etc/s6-rc
 s6_live_dir: /run/s6-rc
 s6_scan_dir: /run/service
--- a/roles/bhyve-s6/tasks/main.yml
+++ b/roles/bhyve-s6/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Define bhyve guest service definitions
  file:
-    path: '{{ s6_etc_dir }}/service/bhyve-{{ item.0.name }}{{ item.1 }}'
+    path: '/etc/s6-rc/service/bhyve-{{ item.0.name }}{{ item.1 }}'
    state: directory
    owner: root
    group: wheel
@ -16,7 +16,7 @@
 - name: Instantiating service templates
  template:
-    dest: '{{ s6_etc_dir }}/service/bhyve-{{ item.0.name }}{{ item.1.name }}'
+    dest: '/etc/s6-rc/service/bhyve-{{ item.0.name }}{{ item.1.name }}'
    src: 'bhyve{{ item.1.name }}.j2'
    owner: root
    group: wheel
@ -34,7 +34,7 @@
 - name: Start enabled bhyve guests
  command: >
-    fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -v 2 -u change bhyve-{{ item.name }}
+    fdmove -c 2 1 s6-rc -v 2 -u change bhyve-{{ item.name }}
  register: change
  when: item.enabled | default
  changed_when: change.stdout | length > 0
@ -52,13 +52,13 @@
  notify:
    - Reload s6-rc
  with_items:
-    - '{{ s6_etc_dir }}/service/bhyve'
+    - /etc/s6-rc/service/bhyve
-    - '{{ s6_etc_dir }}/service/bhyve-disabled'
+    - /etc/s6-rc/service/bhyve-disabled
-    - '{{ s6_etc_dir }}/service/bhyve-enabled'
+    - /etc/s6-rc/service/bhyve-enabled
 - name: Declare bhyve service as bundle
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}/type'
+    dest: '/etc/s6-rc/service/{{ item }}/type'
    content: bundle
    owner: root
    group: wheel
@ -72,7 +72,7 @@
 - name: Define bhyve service bundles
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}/contents'
+    dest: '/etc/s6-rc/service/{{ item }}/contents'
    src: '{{ item }}-contents.j2'
    owner: root
    group: wheel
@ -89,13 +89,13 @@
 - name: Stop disabled bhyve guests
  command: >
-    fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -v 2 -d change bhyve-disabled
+    fdmove -c 2 1 s6-rc -v 2 -d change bhyve-disabled
  register: change
  changed_when: change.stdout | length > 0
 - name: Autostart enabled bhyve guests
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: '^bhyve-enabled$'
    line: 'bhyve-enabled'
  notify:
--- a/roles/dovecot/handlers/main.yml
+++ b/roles/dovecot/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded
 - name: Reload Dovecot
-  command: s6-svc -h {{ s6_scan_dir }}/dovecot
+  command: s6-svc -h /run/service/dovecot
 - name: Restart Dovecot
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/dovecot
+  command: s6-svc -wR -T 5000 -ru /run/service/dovecot
 - name: Restart Dovecot log
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/dovecot-log
+  command: s6-svc -wR -T 5000 -ru /run/service/dovecot-log
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@ -63,7 +63,7 @@
 - name: Create Dovecot service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -76,7 +76,7 @@
 - name: Generate Dovecot service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -89,7 +89,7 @@
 - name: Generate Dovecot service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -123,7 +123,7 @@
    group: acme
    regexp: '^DEPLOY_DOVECOT_PEM_PATH='
    state: present
-    line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'
+    line: 'DEPLOY_DOVECOT_RELOAD="sudo s6-svc -h /run/service/dovecot"'
 - name: Flush handlers
  meta: flush_handlers
@ -137,20 +137,20 @@
    group: wheel
 - name: Deploy X.509 certificate to Dovecot
-  command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h {{ s6_scan_dir }}/dovecot"'
+  command: 'env sudo -Hu acme acme.sh --debug --home /var/db/acme --install-cert --domain {{ ansible_fqdn }} --cert-file /usr/local/etc/dovecot/cert.pem --key-file /usr/local/etc/dovecot/privkey.pem --fullchain-file /usr/local/etc/dovecot/fullchain.pem --reloadcmd "sudo s6-svc -h /run/service/dovecot"'
  args:
    creates: /usr/local/etc/dovecot/fullchain.pem
  notify:
    - Reload Dovecot
 - name: Start Dovecot
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change dovecot
+  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change dovecot
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable Dovecot
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^dovecot$"
    line: dovecot
    state: present
--- a/roles/dovecot/templates/acme_dovecot.j2
+++ b/roles/dovecot/templates/acme_dovecot.j2
@ -1 +1 @@
-acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h {{ s6_scan_dir }}/dovecot
+acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h /run/service/dovecot
--- a/roles/haproxy/handlers/main.yml
+++ b/roles/haproxy/handlers/main.yml
@ -5,13 +5,13 @@
    state: reloaded
 - name: Restart HAProxy
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy
+  command: s6-svc -wU -T 5000 -ru /run/service/haproxy
 - name: Restart HAProxy log
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy-log
+  command: s6-svc -wU -T 5000 -ru /run/service/haproxy-log
 - name: Reload HAProxy
-  command: s6-svc -2 {{ s6_scan_dir }}/haproxy
+  command: s6-svc -2 /run/service/haproxy
 - name: Restart acme-renew
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/acme-renew
+  command: s6-svc -wU -T 5000 -ru /run/service/acme-renew
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -200,7 +200,7 @@
  meta: flush_handlers
 - name: Start HAProxy
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change haproxy
+  command: fdmove -c 2 1 s6-rc -u -v 2 change haproxy
  register: change
  changed_when: change.stdout | length > 0
@ -243,7 +243,7 @@
    path: /var/db/acme/account.conf
    regex: '^DEPLOY_HAPROXY_RELOAD='
    state: present
-    line: 'DEPLOY_HAPROXY_RELOAD="sudo s6-svc -h {{ s6_scan_dir }}/haproxy"'
+    line: 'DEPLOY_HAPROXY_RELOAD="sudo s6-svc -h /run/service/haproxy"'
 - name: Allow acme user to reload haproxy
  template:
@ -309,7 +309,7 @@
  meta: flush_handlers
 - name: Start acme renew service
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change acme-renew
+  command: fdmove -c 2 1 s6-rc -u -v 2 change acme-renew
  register: change
  changed_when: change.stdout | length > 0
--- a/roles/haproxy/templates/acme.j2
+++ b/roles/haproxy/templates/acme.j2
@ -1 +1 @@
-acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h {{ s6_scan_dir }}/haproxy
+acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h /run/service/haproxy
--- a/roles/mlmmj/handlers/main.yml
+++ b/roles/mlmmj/handlers/main.yml
@ -1,9 +1,9 @@
 ---
 - name: Restart Postfix
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix
+  command: s6-svc -wU -T 5000 -ru /run/service/postfix
 - name: Reload Postfix
-  command: s6-svc -h {{ s6_scan_dir }}/postfix
+  command: s6-svc -h /run/service/postfix
 - name: Rebuild mlmmj virtual aliases
  command: postmap hash:/usr/local/etc/postfix/virtual_mlmmj
@ -17,4 +17,4 @@
    state: reloaded
 - name: Restart mlmmj-maintd
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/mlmmj-maintd
+  command: s6-svc -wU -T 5000 -ru /run/service/mlmmj-maintd
--- a/roles/mlmmj/tasks/main.yml
+++ b/roles/mlmmj/tasks/main.yml
@ -19,6 +19,7 @@
    home: /var/vmail/mlmmj
    shell: /sbin/nologin
 - name: Create lists directory
  file:
    path: /var/vmail/mlmmj
@ -72,7 +73,7 @@
 - name: Create mlmmj-maintd service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -84,7 +85,7 @@
 - name: Generate mlmmj-maintd service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -96,7 +97,7 @@
 - name: Generate mlmmj-maintd service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -112,13 +113,13 @@
  meta: flush_handlers
 - name: Start mlmmj-maintd
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change mlmmj-maintd
+  command: fdmove -c 2 1 s6-rc -u -v 2 change mlmmj-maintd
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable mlmmj-maintd
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^mlmmj-maintd$"
    line: "mlmmj-maintd"
  notify:
@ -268,7 +269,7 @@
 - name: Set moderate subscription
  copy:
    dest: '/var/vmail/mlmmj/{{ item.name }}/control/submod'
-    content: '{{ item.subscription_moderators | default([]) | join("\n") }}'
+    content: ''
    force: no
    owner: mlmmj
    group: mlmmj
--- a/roles/nsd/handlers/main.yml
+++ b/roles/nsd/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded
 - name: Reload nsd
-  command: s6-svc -h {{ s6_scan_dir }}/nsd
+  command: s6-svc -h /run/service/nsd
 - name: Restart nsd
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/nsd
+  command: s6-svc -wR -T 5000 -ru /run/service/nsd
 - name: Restart nsd log
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/nsd-log
+  command: s6-svc -wR -T 5000 -ru /run/service/nsd-log
--- a/roles/nsd/tasks/main.yml
+++ b/roles/nsd/tasks/main.yml
@ -14,7 +14,7 @@
 - name: Create nsd service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -27,7 +27,7 @@
 - name: Generate nsd service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -40,7 +40,7 @@
 - name: Generate nsd service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -67,13 +67,13 @@
  meta: flush_handlers
 - name: Start nsd
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change nsd
+  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change nsd
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable nsd
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^nsd$"
    line: nsd
    state: present
--- a/roles/openntpd/handlers/main.yml
+++ b/roles/openntpd/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded
 - name: Restart OpenNTPD
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/openntpd
+  command: s6-svc -wR -T 5000 -ru /run/service/openntpd
 - name: Restart OpenNTPD log
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/openntpd-log
+  command: s6-svc -wR -T 5000 -ru /run/service/openntpd-log
--- a/roles/openntpd/tasks/main.yml
+++ b/roles/openntpd/tasks/main.yml
@ -14,7 +14,7 @@
 - name: Create OpenNTPD service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -27,7 +27,7 @@
 - name: Generate OpenNTPD service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -40,7 +40,7 @@
 - name: Generate OpenNTPD service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -67,13 +67,13 @@
  meta: flush_handlers
 - name: Start OpenNTPD
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change openntpd
+  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change openntpd
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable OpenNTPD
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^openntpd$"
    line: openntpd
    state: present
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@ -5,13 +5,13 @@
    state: reloaded
 - name: Restart Postfix
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix
+  command: s6-svc -wU -T 5000 -ru /run/service/postfix
 - name: Restart Postfix log
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix-log
+  command: s6-svc -wU -T 5000 -ru /run/service/postfix-log
 - name: Reload Postfix
-  command: s6-svc -h {{ s6_scan_dir }}/postfix
+  command: s6-svc -h /run/service/postfix
 - name: Rebuild Postfix maps
  command: 'postmap {{ item.type }}:{{ item.name }}'
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@ -53,7 +53,7 @@
 - name: Create Postfix service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -62,7 +62,7 @@
 - name: Generate Postfix service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -74,7 +74,7 @@
 - name: Generate Postfix service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -129,13 +129,13 @@
  meta: flush_handlers
 - name: Start Postfix
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change postfix
+  command: fdmove -c 2 1 s6-rc -u -v 2 change postfix
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable Postfix
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^postfix$"
    line: "postfix"
  notify:
--- a/roles/redis/handlers/main.yml
+++ b/roles/redis/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded
 - name: 'Restart redis-{{ redis_instance }}'
-  command: s6-svc -wR -T 15000 -ru {{ s6_scan_dir }}/redis-{{ redis_instance }}
+  command: s6-svc -wR -T 15000 -ru /run/service/redis-{{ redis_instance }}
 - name: 'Restart redis-{{ redis_instance }} log'
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/redis-{{ redis_instance }}-log
+  command: s6-svc -wR -T 5000 -ru /run/service/redis-{{ redis_instance }}-log
--- a/roles/redis/tasks/main.yml
+++ b/roles/redis/tasks/main.yml
@ -30,7 +30,7 @@
 - name: 'Create redis-{{ redis_instance }} service directories'
  file:
-    path: '{{ s6_etc_dir }}/service/redis-{{ redis_instance}}{{ item }}'
+    path: '/etc/s6-rc/service/redis-{{ redis_instance}}{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -43,7 +43,7 @@
 - name: 'Generate redis-{{ redis_instance }} service scripts'
  template:
-    dest: '{{ s6_etc_dir }}/service/redis-{{ redis_instance }}{{ item }}'
+    dest: '/etc/s6-rc/service/redis-{{ redis_instance }}{{ item }}'
    src: 'redis{{ item }}.j2'
    mode: 0555
    owner: root
@ -56,7 +56,7 @@
 - name: 'Generate redis-{{ redis_instance }} service configuration'
  copy:
-    dest: '{{ s6_etc_dir }}/service/redis-{{ redis_instance}}{{ item.name }}'
+    dest: '/etc/s6-rc/service/redis-{{ redis_instance}}{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -83,13 +83,13 @@
  meta: flush_handlers
 - name: 'Start redis-{{ redis_instance }}'
-  command: 'fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change redis-{{ redis_instance }}'
+  command: 'fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change redis-{{ redis_instance }}'
  register: change
  changed_when: change.stdout | length > 0
 - name: 'Enable redis-{{ redis_instance }}'
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^redis-{{ redis_instance }}$"
    line: 'redis-{{ redis_instance }}'
    state: present
--- a/roles/restic/handlers/main.yml
+++ b/roles/restic/handlers/main.yml
@ -5,7 +5,7 @@
    state: reloaded
 - name: Restart restic
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/restic
+  command: s6-svc -wU -T 5000 -ru /run/service/restic
 - name: Restart restic-log
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/restic-log
+  command: s6-svc -wU -T 5000 -ru /run/service/restic-log
--- a/roles/restic/tasks/main.yml
+++ b/roles/restic/tasks/main.yml
@ -53,7 +53,7 @@
  meta: flush_handlers
 - name: Start restic renew service
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change restic
+  command: fdmove -c 2 1 s6-rc -u -v 2 change restic
  register: change
  changed_when: change.stdout | length > 0
--- a/roles/rspamd/handlers/main.yml
+++ b/roles/rspamd/handlers/main.yml
@ -5,16 +5,16 @@
    state: reloaded
 - name: Restart Rspamd
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/rspamd
+  command: s6-svc -wR -T 5000 -ru /run/service/rspamd
 - name: Restart Rspamd log
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/rspamd-log
+  command: s6-svc -wR -T 5000 -ru /run/service/rspamd-log
 - name: Restart HAProxy
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy
+  command: s6-svc -wU -T 5000 -ru /run/service/haproxy
 - name: Restart HAProxy log
-  command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/haproxy-log
+  command: s6-svc -wU -T 5000 -ru /run/service/haproxy-log
 - name: Reload HAProxy
-  command: s6-svc -2 {{ s6_scan_dir }}/haproxy
+  command: s6-svc -2 /run/service/haproxy
--- a/roles/rspamd/tasks/main.yml
+++ b/roles/rspamd/tasks/main.yml
@ -43,7 +43,7 @@
 - name: Create Rspamd service directories
  file:
-    path: '{{ s6_etc_dir }}/service/{{ item }}'
+    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
@ -56,7 +56,7 @@
 - name: Generate Rspamd service scripts
  template:
-    dest: '{{ s6_etc_dir }}/service/{{ item }}'
+    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
@ -69,7 +69,7 @@
 - name: Generate Rspamd service configuration
  copy:
-    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
+    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
@ -86,13 +86,13 @@
  meta: flush_handlers
 - name: Start Rspamd
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change rspamd
+  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change rspamd
  register: change
  changed_when: change.stdout | length > 0
 - name: Enable Rspamd
  lineinfile:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    regexp: "^rspamd$"
    line: rspamd
    state: present
--- a/roles/s6-rc/tasks/main.yml
+++ b/roles/s6-rc/tasks/main.yml
@ -11,13 +11,13 @@
    group: wheel
    mode: 0755
  with_items:
-    - '{{ s6_etc_dir }}'
+    - /etc/s6-rc
-    - '{{ s6_etc_dir }}/service'
+    - /etc/s6-rc/service
-    - '{{ s6_etc_dir }}/service/enabled'
+    - /etc/s6-rc/service/enabled
 - name: Define enabled services bundle
  copy:
-    dest: '{{ s6_etc_dir }}/service/enabled/type'
+    dest: /etc/s6-rc/service/enabled/type
    content: bundle
    owner: root
    group: wheel
@ -25,7 +25,7 @@
 - name: Default to an empty set of enabled servics
  file:
-    path: '{{ s6_etc_dir }}/service/enabled/contents'
+    path: /etc/s6-rc/service/enabled/contents
    state: touch
    owner: root
    group: wheel
@ -46,15 +46,15 @@
  command: >
    s6-rc-compile -v 2 .compiled.{{ s6_uuid }} service
  args:
-    creates: '{{ s6_etc_dir }}/compiled'
+    creates: /etc/s6-rc/compiled
-    chdir: '{{ s6_etc_dir }}'
+    chdir: /etc/s6-rc
 - name: Link to the latest service database
  command: >
    env ln -shf .compiled.{{ s6_uuid }} compiled
  args:
-    creates: '{{ s6_etc_dir }}/compiled'
+    creates: /etc/s6-rc/compiled
-    chdir: '{{ s6_etc_dir }}'
+    chdir: /etc/s6-rc
 - name: Make sure that tmpfs support is loaded early
  lineinfile:
@ -72,7 +72,7 @@
 - name: Generate s6-svscan startup script
  template:
-    dest: '{{ s6_etc_dir }}/scan'
+    dest: /etc/s6-rc/scan
    src: scan.j2
    owner: root
    group: wheel
@ -82,7 +82,7 @@
  lineinfile:
    path: /etc/ttys
    regexp: '^null'
-    line: 'null    "{{ s6_etc_dir }}/scan"               vt100   on secure'
+    line: 'null    "/etc/s6-rc/scan"               vt100   on secure'
  notify:
    - Reload /etc/ttys
--- a/roles/s6-rc/templates/s6-rc.j2
+++ b/roles/s6-rc/templates/s6-rc.j2
@ -5,13 +5,6 @@
 # REQUIRE: NETWORKING daemon
 # KEYWORD: shutdown
 etc_dir="{{ s6_etc_dir }}"
 scan_dir="{{ s6_scan_dir }}"
 live_dir="{{ s6_live_dir }}"
 EX_UNAVAILABLE=69
 EX_CONFIG=78
 . /etc/rc.subr
 export PATH="$PATH:/usr/local/bin:/usr/local/sbin"
@ -34,7 +27,7 @@ s6_wait()
 {
 	local i=0
-	while ! s6-svscanctl -z "$scan_dir" 2>/dev/null; do
+	while ! s6-svscanctl -z /run/service 2>/dev/null; do
 		if [ $i -ge $s6_timeout ]; then
 			echo "Timeout waiting for s6-svscan." >&2
 			return 1
@ -55,19 +48,19 @@ s6_wait()
 s6_rc_init()
 {
-	if [ ! -e "$live_dir" ]; then
+	if [ ! -e /run/s6-rc ]; then
-		s6-rc-init -l "$live_dir" "$scan_dir"
+		s6-rc-init /run/service
 	fi
 }
 s6_rc_up()
 {
-	s6-rc -l "$live_dir" -v 2 -u -t "$up_timeout" change enabled
+	s6-rc -v 2 -u -t $up_timeout change enabled
 }
 s6_rc_down()
 {
-	s6-rc -l "$live_dir" -v 2 -d -a -t "$down_timeout" change
+	s6-rc -v 2 -d -a -t $down_timeout change
 }
 s6_rc_start()
@ -89,26 +82,16 @@ s6_rc_reload()
 {
 	local uuid="$(uuidgen)"
-	cd "$etc_dir"
+	cd /etc/s6-rc
-	echo "Compiling the s6-rc service definitions into a services database: $etc_dir/service -> $etc_dir/.compiled.$uuid."
+	echo "Compiling new s6-rc service database."
-	if ! s6-rc-compile -v 2 ".compiled.$uuid" service; then
+	s6-rc-compile -v 2 ".compiled.$uuid" service
 		echo "Failed to compile the service definitions into a services database." >&2
 		return $EX_CONFIG
 	fi
-	echo "Updating the running s6-rc service manager to the latest compiled services database: $etc_dir/.compiled.$uuid."
+	if s6-rc-update -v 2 -t $update_timeout "/etc/s6-rc/.compiled.$uuid"; then
 	if s6-rc-update -l "$live_dir" -v 2 -t $update_timeout "$etc_dir/.compiled.$uuid"; then
 		echo "Marking the running services database as selected default configuration: .compiled.$uuid -> compiled."
 		ln -shf ".compiled.$uuid" compiled
 		echo "Updated s6-rc service database."
-		echo "Deleting stale services databases."
+		echo "Deleting old service databases."
-		if ! find -s . -mindepth 1 -maxdepth 1 -type d -name '.compiled.*' -not -name ".compiled.$uuid" -print0 | xargs -0 rm -r; then
+		find -s . -mindepth 1 -maxdepth 1 -type d -name '.compiled.*' -not -name ".compiled.$uuid" -print0 | xargs -0 rm -r
 			echo "Failed to delete stale services databases." >&2
 			return $EX_CONFIG
 		fi
 	else
 		echo "Failed to update the running s6-rc manager to the latest service database." >&2
 		return $EX_CONFIG
 	fi
 }
@ -116,20 +99,19 @@ s6_rc_status()
 {
 	local result=0
-	# Check if s6-svscan is responsive by asking it to invoke its reaper (almost a NOP)
+	if s6-svscanctl -z /run/service 2>/dev/null; then
-	if s6-svscanctl -z "$scan_dir" 2>/dev/null; then
+		echo "The s6-svscan supervisor is responsible."
 		echo "The s6-svscan supervisor is responsive."
 	else
 		echo "The s6-svscan supervisor is unavailable."
 		result=1
 	fi
-	if [ -e "$live_dir" ]; then
+	if [ -e /run/s6-rc ]; then
-		echo "The s6-rc service manager has been initialized."
+		echo "The s6-rc service manager is initialized."
 		echo
 		echo "These services are currently active:"
-		s6-rc -l "$live_dir" -a list
+		s6-rc -a list
 	else
 		echo "The s6-rc service manager is uninitalized."
 		result=1
--- a/roles/s6-rc/templates/scan.j2
+++ b/roles/s6-rc/templates/scan.j2
@ -1,7 +1,6 @@
 #!/bin/sh -e
 export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
 scan_dir="{{ s6_scan_dir }}"
-install -d -o root -g wheel -m 755 -- "$scan_dir"
+install -d -o root -g wheel -m 755 /run/service
-exec s6-svscan "$scan_dir"
+exec s6-svscan /run/service
--- a/roles/unbound/handlers/main.yml
+++ b/roles/unbound/handlers/main.yml
@ -5,10 +5,10 @@
    state: reloaded
 - name: Reload unbound
-  command: s6-svc -h {{ s6_scan_dir }}/unbound
+  command: s6-svc -h /run/service/unbound
 - name: Restart unbound
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/unbound
+  command: s6-svc -wR -T 5000 -ru /run/service/unbound
 - name: Restart unbound log
-  command: s6-svc -wR -T 5000 -ru {{ s6_scan_dir }}/unbound-log
+  command: s6-svc -wR -T 5000 -ru /run/service/unbound-log
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@ -67,7 +67,7 @@
  meta: flush_handlers
 - name: Start unbound
-  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change unbound
+  command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change unbound
  register: change
  changed_when: change.stdout | length > 0
`@ -1 +1 @@`
	`acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h {{ s6_scan_dir }}/dovecot`	`acme ALL=NOPASSWD:/usr/local/bin/s6-svc -h /run/service/dovecot`