- name: ensure victoria logs group exists group: name: victoria-logs system: true tags: - user - group - name: ensure victoria logs user exists user: name: victoria-logs system: true home: /var/lib/victoria-logs group: victoria-logs createhome: false register: victoria_logs_user tags: - user - name: ensure podman is installed package: name: podman state: present tags: - install - name: ensure victoria logs container image is present podman_image: name: '{{ victoria_logs_container_image_repo }}' tag: '{{ victoria_logs_container_image_tag }}' state: present tags: - container - container-image - name: ensure victoria logs systemd container unit is configured template: src: victoria-logs.container.j2 dest: /etc/containers/systemd/victoria-logs.container owner: root group: root mode: u=rw,go=r notify: - reload systemd - restart victoria-logs tags: - systemd - container - name: flush handlers meta: flush_handlers - name: ensure victoria logs is running service: name: victoria-logs state: started tags: - service - name: ensure firewall is configured for victoria logs firewalld: port: '{{ item }}' immediate: true permanent: true state: enabled loop: '{{ victoria_logs_firewall_ports }}' when: host_uses_firewalld|d(true) tags: - firewalld - name: ensure caddy tls client auth ca certificate is installed copy: dest: /etc/caddy/victoria-logs-ca.crt content: |+ {{ victoria_logs_tls_ca_cert }} owner: root group: root mode: u=rw,go=r when: victoria_logs_tls_ca_cert|d(none) notify: - reload caddy tags: - caddy - cert - name: ensure caddy is configured to proxy for victoria logs template: src: Caddyfile.j2 dest: /etc/caddy/Caddyfile.d/victoria-logs.caddyfile owner: root group: root mode: u=rw,go=r notify: - reload caddy tags: - caddy - config - name: flush_handlers meta: flush_handlers - name: ensure caddy is running service: name: caddy state: started tags: - caddy - service