ansible plays for docker, haproxy & varnish

2026-02-13 19:19:08 +00:00 · 2025-12-28 21:38:13 +01:00
parent c2a04735a4
commit ec0eb23acd
58 changed files with 815 additions and 0 deletions
--- a/ansible/roles/varnish/tasks/main.yml
+++ b/ansible/roles/varnish/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+  - name: update apt
+    become: true
+    apt:
+      update_cache: yes
+      cache_valid_time: 86400
+
+  - name: install required packages
+    package:
+      name:
+        - debian-archive-keyring
+        - curl
+        - gnupg
+        - apt-transport-https
+
+  - name: add varnish apt key & repo
+    block:
+      - name: add varnish key
+        apt_key:
+          url: https://packagecloud.io/varnishcache/varnish60lts/gpgkey
+          state: present
+
+      - name: add varnish repo
+        apt_repository:
+          repo: 'deb https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_release }} {{ varnish_release_codename }} main'
+          state: present
+
+      - name: add varnish repo src
+        apt_repository:
+          repo: 'deb-src https://packagecloud.io/varnishcache/varnish60lts/{{ varnish_release }} {{ varnish_release_codename }} main'
+          state: present
+
+      - name: update apt
+        become: true
+        apt:
+          update_cache: yes
+          cache_valid_time: 86400
+
+  - name: install varnish package
+    package:
+      name: varnish
+
+  - name: copy systemd template
+    template:
+      src: varnish-systemd.j2
+      dest: /lib/systemd/system/varnish.service
+      owner: root
+      mode: 644
+
+  - name: restart systemd daemon
+    systemd:
+      daemon_reload: yes
+
+  - name: restart varnish service
+    systemd:
+      name: varnish.service
+      state: reloaded
--- a/ansible/roles/varnish/templates/varnish-systemd.j2
+++ b/ansible/roles/varnish/templates/varnish-systemd.j2
@@ -0,0 +1,44 @@
+[Unit]
+Description=Varnish HTTP accelerator
+Documentation=https://www.varnish-cache.org/docs/6.1/ man:varnishd
+
+[Service]
+Type=simple
+
+# Maximum number of open files (for ulimit -n)
+LimitNOFILE=131072
+
+# Locked shared memory - should suffice to lock the shared memory log
+# (varnishd -l argument)
+# Default log size is 80MB vsl + 1M vsm + header -> 82MB
+# unit is bytes
+# LimitMEMLOCK=85983232
+
+# Varnish default
+LimitMEMLOCK=82000
+
+# Enable this to avoid "fork failed" on reload.
+TasksMax=infinity
+
+# Maximum size of the corefile.
+LimitCORE=infinity
+
+ExecStart=/usr/sbin/varnishd \
+    -j unix,user=vcache \
+    -F \
+    -a :80 \
+    -a :443 \
+    -p feature=+http2 \
+    -T localhost:6082 \
+    -f /etc/varnish/default.vcl \
+    -S /etc/varnish/secret \
+    -s malloc,256m
+
+ExecReload=/usr/share/varnish/varnishreload
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target