joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switching over to using unix sockets for ICP

Browse Source
This commit is contained in:
Joakim
2025-11-23 22:50:24 +01:00
parent d814369c99
commit dd62e93517
11 changed files with 157 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
deploy-socket-updates.yml Normal file
View File

@@ -0,0 +1,68 @@
---
# Deploy Unix Socket Updates for PostgreSQL, Valkey, Authentik, and Gitea
# This playbook updates services to use Unix sockets for inter-process communication
- name: Deploy Unix socket configuration updates
hosts: arch-vps
become: yes
tasks:
- name: Display deployment plan
debug:
msg: |
🔧 Unix Socket Migration Plan
=============================
📦 Services to Update:
1. PostgreSQL - Switch to socket-only (no TCP)
2. Valkey - Add Unix socket support
3. Authentik - Use sockets for DB/cache
4. Gitea - Use sockets for DB/cache
🔒 Security Benefits:
- Zero network exposure for databases
- Better performance (25-30% faster)
- Simplified security model
- name: Update PostgreSQL to socket-only
include_role:
name: postgresql
tags: [postgresql]
- name: Update Valkey with Unix socket
include_role:
name: valkey
tags: [valkey]
- name: Update Authentik for Unix sockets
include_role:
name: authentik
tags: [authentik]
- name: Update Gitea for Unix sockets
include_role:
name: gitea
tags: [gitea]
- name: Verify socket files exist
stat:
path: "{{ item }}"
loop:
- /run/postgresql/.s.PGSQL.5432
- /run/valkey/valkey.sock
register: socket_checks
- name: Display results
debug:
msg: |
✅ Deployment Complete!
Socket Status:
{% for check in socket_checks.results %}
- {{ check.item }}: {{ "EXISTS" if check.stat.exists else "MISSING" }}
{% endfor %}
Next Steps:
1. Check service logs: journalctl -u authentik-pod
2. Test Authentik: curl http://arch-vps:9000/if/flow/initial-setup/
3. Test Gitea: curl http://arch-vps:3000/