Joakim
0507e3291d
- Change reverse_proxy from https:// to http:// backend - Use authentik_http_port instead of authentik_https_port - Remove unnecessary TLS transport configuration - Remove health check for non-existent endpoint This aligns the Ansible template with the working configuration where authentik only serves HTTP internally and Caddy handles SSL.
136 lines
4.5 KiB
YAML
136 lines
4.5 KiB
YAML
---
|
|
# Valkey Infrastructure Role - Simplified Tasks
|
|
|
|
- name: Install Valkey
|
|
pacman:
|
|
name: valkey
|
|
state: present
|
|
|
|
# Note: Arch Linux's redis package (which provides Valkey) creates the 'valkey' user automatically
|
|
# We don't need to create users - just ensure data directory permissions
|
|
|
|
- name: Create Valkey configuration directory
|
|
file:
|
|
path: /etc/valkey
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Check if Valkey data directory exists
|
|
stat:
|
|
path: "/var/lib/valkey"
|
|
register: valkey_data_dir
|
|
|
|
- name: Ensure Valkey data directory permissions
|
|
file:
|
|
path: /var/lib/valkey
|
|
state: directory
|
|
owner: valkey
|
|
group: valkey
|
|
mode: '0750'
|
|
|
|
- name: Create Valkey Unix socket directory
|
|
file:
|
|
path: "{{ valkey_unix_socket_path | dirname }}"
|
|
state: directory
|
|
owner: valkey
|
|
group: valkey
|
|
mode: '0775'
|
|
when: valkey_unix_socket_enabled
|
|
|
|
- name: Ensure socket directory is accessible
|
|
file:
|
|
path: "{{ valkey_unix_socket_path | dirname }}"
|
|
owner: valkey
|
|
group: valkey
|
|
mode: '0775'
|
|
recurse: yes
|
|
when: valkey_unix_socket_enabled
|
|
|
|
- name: Deploy Valkey configuration file
|
|
template:
|
|
src: valkey.conf.j2
|
|
dest: /etc/valkey/valkey.conf
|
|
owner: valkey
|
|
group: valkey
|
|
mode: '0640'
|
|
backup: yes
|
|
notify: restart valkey
|
|
|
|
- name: Enable and start Valkey service
|
|
systemd:
|
|
name: valkey
|
|
enabled: "{{ valkey_service_enabled }}"
|
|
state: "{{ valkey_service_state }}"
|
|
daemon_reload: true
|
|
register: valkey_service_result
|
|
|
|
- name: Wait for Valkey to be ready (TCP)
|
|
wait_for:
|
|
port: "{{ valkey_port }}"
|
|
host: "{{ valkey_bind }}"
|
|
timeout: 30
|
|
when: valkey_service_state == "started" and not valkey_unix_socket_enabled
|
|
|
|
- name: Wait for Valkey socket file to exist
|
|
wait_for:
|
|
path: "{{ valkey_unix_socket_path }}"
|
|
timeout: 30
|
|
when: valkey_service_state == "started" and valkey_unix_socket_enabled
|
|
|
|
- name: Wait for Valkey to be ready (Unix Socket) - Try without auth first
|
|
command: redis-cli -s {{ valkey_unix_socket_path }} ping
|
|
register: valkey_socket_ping_noauth
|
|
until: >
|
|
valkey_socket_ping_noauth.stdout == "PONG" or
|
|
"NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr)
|
|
retries: 15
|
|
delay: 2
|
|
changed_when: false
|
|
failed_when: false
|
|
when: valkey_service_state == "started" and valkey_unix_socket_enabled
|
|
|
|
- name: Wait for Valkey to be ready (Unix Socket) - Try with auth if needed
|
|
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
|
|
register: valkey_socket_ping_auth
|
|
until: valkey_socket_ping_auth.stdout == "PONG"
|
|
retries: 5
|
|
delay: 2
|
|
changed_when: false
|
|
failed_when: valkey_socket_ping_auth.rc != 0
|
|
when: >
|
|
valkey_service_state == "started" and valkey_unix_socket_enabled and
|
|
(valkey_socket_ping_noauth.stdout != "PONG") and
|
|
("NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr) or valkey_socket_ping_noauth.rc != 0)
|
|
|
|
- name: Test Valkey connectivity (TCP)
|
|
command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} ping
|
|
register: valkey_ping_result_tcp
|
|
changed_when: false
|
|
failed_when: valkey_ping_result_tcp.stdout != "PONG"
|
|
when: valkey_service_state == "started" and not valkey_unix_socket_enabled
|
|
|
|
- name: Test Valkey connectivity (Unix Socket)
|
|
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
|
|
register: valkey_ping_result_socket
|
|
changed_when: false
|
|
failed_when: valkey_ping_result_socket.stdout != "PONG"
|
|
when: valkey_service_state == "started" and valkey_unix_socket_enabled
|
|
|
|
- name: Display Valkey infrastructure status
|
|
debug:
|
|
msg: |
|
|
✅ Valkey infrastructure ready!
|
|
|
|
📡 Service: {% if valkey_unix_socket_enabled %}Unix Socket ({{ valkey_unix_socket_path }}){% else %}{{ valkey_bind }}:{{ valkey_port }}{% endif %}
|
|
🔒 Auth: Password protected
|
|
💾 Persistence: {{ 'RDB enabled' if valkey_save_enabled else 'Memory only' }}
|
|
🗄️ Databases: {{ valkey_databases }} available (0-{{ valkey_databases - 1 }})
|
|
|
|
🏗️ Ready for applications to configure Valkey usage
|
|
|
|
📋 Application Integration:
|
|
- Use database numbers 1-{{ valkey_databases - 1 }} for applications
|
|
- Database 0 reserved for system/testing
|
|
- {% if valkey_unix_socket_enabled %}Unix socket: {{ valkey_unix_socket_path }}{% else %}TCP: {{ valkey_bind }}:{{ valkey_port }}{% endif %}
|
|
- Redis-compatible: applications can use REDIS_* or VALKEY_* env vars
|