Add Valkey infrastructure role as Redis-compatible cache service

- Implemented complete Valkey infrastructure role following PostgreSQL patterns - Provides 100% Redis-compatible high-performance data structure store - Configured for multi-application support with database isolation - Security-focused: localhost-only binding, password auth, systemd hardening - Arch Linux compatible: uses native Valkey package with Redis compatibility - Database allocation strategy: DB 0 reserved, DB 1+ for applications - Full systemd integration with security overrides and proper service management - Redis client compatibility maintained for seamless application integration - Ready for Authentik and future container workloads requiring cache services
2025-11-18 23:58:21 +01:00
parent ddbdefd27f
commit 3b062edeb6
10 changed files with 574 additions and 19 deletions
--- a/roles/valkey/tasks/main.yml
+++ b/roles/valkey/tasks/main.yml
@@ -0,0 +1,94 @@
+---
+# Valkey Infrastructure Role - Simplified Tasks
+
+- name: Install Valkey 
+  pacman:
+    name: valkey
+    state: present
+
+# Note: Arch Linux's redis package (which provides Valkey) creates the 'valkey' user automatically
+# We don't need to create users - just ensure data directory permissions
+
+- name: Create Valkey configuration directory
+  file:
+    path: /etc/valkey
+    state: directory
+    mode: '0755'
+
+- name: Check if Valkey data directory exists
+  stat:
+    path: "/var/lib/valkey"
+  register: valkey_data_dir
+
+- name: Ensure Valkey data directory permissions
+  file:
+    path: /var/lib/valkey
+    state: directory
+    owner: valkey
+    group: valkey
+    mode: '0750'
+
+- name: Deploy Valkey configuration file
+  template:
+    src: valkey.conf.j2
+    dest: /etc/valkey/valkey.conf
+    owner: valkey
+    group: valkey
+    mode: '0640'
+    backup: yes
+  notify: restart valkey
+
+- name: Create systemd override directory for Valkey security
+  file:
+    path: /etc/systemd/system/valkey.service.d
+    state: directory
+    mode: '0755'
+  when: valkey_systemd_security
+
+- name: Deploy Valkey systemd security override
+  template:
+    src: systemd-override.conf.j2
+    dest: /etc/systemd/system/valkey.service.d/override.conf
+    mode: '0644'
+  when: valkey_systemd_security
+  notify:
+    - reload systemd
+    - restart valkey
+
+- name: Enable and start Valkey service
+  systemd:
+    name: valkey
+    enabled: "{{ valkey_service_enabled }}"
+    state: "{{ valkey_service_state }}"
+    daemon_reload: yes
+
+- name: Wait for Valkey to be ready
+  wait_for:
+    port: "{{ valkey_port }}"
+    host: "{{ valkey_bind }}"
+    timeout: 30
+  when: valkey_service_state == "started"
+
+- name: Test Valkey connectivity
+  command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} ping
+  register: valkey_ping_result
+  changed_when: false
+  failed_when: valkey_ping_result.stdout != "PONG"
+  when: valkey_service_state == "started"
+
+- name: Display Valkey infrastructure status
+  debug:
+    msg: |
+      ✅ Valkey infrastructure ready!
+      
+      📡 Service: {{ valkey_bind }}:{{ valkey_port }}
+      🔒 Auth: Password protected
+      💾 Persistence: {{ 'RDB enabled' if valkey_save_enabled else 'Memory only' }}
+      🗄️ Databases: {{ valkey_databases }} available (0-{{ valkey_databases - 1 }})
+      
+      🏗️ Ready for applications to configure Valkey usage
+      
+      📋 Application Integration:
+      - Use database numbers 1-{{ valkey_databases - 1 }} for applications
+      - Database 0 reserved for system/testing
+      - Redis-compatible: applications can use REDIS_* or VALKEY_* env vars