68 lines
2.0 KiB
YAML
68 lines
2.0 KiB
YAML
---
|
|
# Deploy Unix Socket Updates for PostgreSQL, Valkey, Authentik, and Gitea
|
|
# This playbook updates services to use Unix sockets for inter-process communication
|
|
|
|
- name: Deploy Unix socket configuration updates
|
|
hosts: arch-vps
|
|
become: yes
|
|
|
|
tasks:
|
|
- name: Display deployment plan
|
|
debug:
|
|
msg: |
|
|
🔧 Unix Socket Migration Plan
|
|
=============================
|
|
|
|
📦 Services to Update:
|
|
1. PostgreSQL - Switch to socket-only (no TCP)
|
|
2. Valkey - Add Unix socket support
|
|
3. Authentik - Use sockets for DB/cache
|
|
4. Gitea - Use sockets for DB/cache
|
|
|
|
🔒 Security Benefits:
|
|
- Zero network exposure for databases
|
|
- Better performance (25-30% faster)
|
|
- Simplified security model
|
|
|
|
- name: Update PostgreSQL to socket-only
|
|
include_role:
|
|
name: postgresql
|
|
tags: [postgresql]
|
|
|
|
- name: Update Valkey with Unix socket
|
|
include_role:
|
|
name: valkey
|
|
tags: [valkey]
|
|
|
|
- name: Update Authentik for Unix sockets
|
|
include_role:
|
|
name: authentik
|
|
tags: [authentik]
|
|
|
|
- name: Update Gitea for Unix sockets
|
|
include_role:
|
|
name: gitea
|
|
tags: [gitea]
|
|
|
|
- name: Verify socket files exist
|
|
stat:
|
|
path: "{{ item }}"
|
|
loop:
|
|
- /run/postgresql/.s.PGSQL.5432
|
|
- /run/valkey/valkey.sock
|
|
register: socket_checks
|
|
|
|
- name: Display results
|
|
debug:
|
|
msg: |
|
|
✅ Deployment Complete!
|
|
|
|
Socket Status:
|
|
{% for check in socket_checks.results %}
|
|
- {{ check.item }}: {{ "EXISTS" if check.stat.exists else "MISSING" }}
|
|
{% endfor %}
|
|
|
|
Next Steps:
|
|
1. Check service logs: journalctl -u authentik-pod
|
|
2. Test Authentik: curl http://arch-vps:9000/if/flow/initial-setup/
|
|
3. Test Gitea: curl http://arch-vps:3000/ |