AlmaLinux/RHEL 9 fixes

[codyro]

Ensures lemmy-almalinux.yml runs on a clean AlmaLinux/RHEL9 instance.

• Move internal nginx resolver to variable/conditional based off os_family
• Modify SELinux in the lemmy-almalinux.yml playbook to ensure clean run
• Modify docker-compose.yml template to ensure SELinux label gets applied (:Z)
• Start & Enable nginx earlier in the playbook to avoid conflict (Already merged in https://github.com/LemmyNet/lemmy-ansible/pull/230)
• Refs https://github.com/LemmyNet/lemmy-ansible/issues/229

[codyro]

Thanks for keeping me on my A-game @ticoombs & @Nutomic! I spent some time to see if this could be handled better, and it can!

When the docker-compose.yml file was made, it didn't get configured consistently and was missing an option on a couple of container mounts that configure the SELinux label to ensure they work as expected (:Z). (https://github.com/LemmyNet/lemmy-ansible/pull/231/files#diff-d3d33979648a9836685e314d1864481561d5130a294cce04be84b03c29abfb08) (Reference: https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label)

The other issue was that nginx was getting denied to connect to the network via TCP, making it unable to proxy to the containers. (https://github.com/LemmyNet/lemmy-ansible/pull/231/files#diff-67f417e813ca24645bdcb19c0b344055cc0b48d114204e7026827b634cdc8815R132-R139)

The playbook now runs cleanly on all EL9 derivatives w/ SELinux set to Enforcing.

@ticoombs Before we merge (or at least tag a future release) future system related changes, would you mind pinging me or assigning me to the PR so I can ensure the RHEL side of things looks okay? The most minor things can cause it to break 😓 .

[RussellTaylor83]

Hello, thanks for working on this.

I gave this a quick run on Digital Ocean / Alma 9 and got:

TASK [Distribute docker/podman templates] ***** changed: [root@123.123.123.123] => (item={'src': 'templates/docker-compose.yml', 'dest': '/srv/lemmy/mydomain.uk/docker-compose.yml', 'mode': '0600'}) An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: 'nginx_internal_resolver' is undefined. 'nginx_internal_resolver' is undefined failed: [root@123.123.123.123] (item={'src': 'templates/nginx_internal.conf', 'dest': '/srv/lemmy/mydomain.uk/nginx_internal.conf', 'mode': '0644'}) => {"ansible_loop_var": "item", "changed": false, "item": {"dest": "/srv/lemmy/mydomain.uk/nginx_internal.conf", "mode": "0644", "src": "templates/nginx_internal.conf"}, "msg": "AnsibleUndefinedVariable: 'nginx_internal_resolver' is undefined. 'nginx_internal_resolver' is undefined"}

I used the same config as I have for my Debian deployment that works. I haven't time at the moment to dig into this but may be able to later.

Thanks

[codyro]

I added a new variable in that PR that you'll want to add to your vars.yml for your install, which will fix this error:

https://github.com/LemmyNet/lemmy-ansible/pull/231/files#diff-fadf44a49d340433e809fac78150211bc15b8047e299b14bf891197a2f8a54fdR59

[RussellTaylor83]

I should have read the PR, my bad.

That ran through fine, and from a basic test seems to work ok, thank you.