Add a replds2 role and container

roles/float-infra-replds/tasks/main.yml

+---
+
+- file:
+    path: "/var/lib/replds"
+    state: directory
+    owner: docker-frontend
+    group: root
+    mode: "0750"
+
+- name: Configure replds ACLs
+  template:
+    src: "acls.j2"
+    dest: "/etc/replds.acls"
+  notify: restart replds

roles/float-infra-replds/templates/acls.j2

+replds peer
+nginx credentials/public write

services.core.yml

@@ -7,13 +7,36 @@ frontend:
       enable_server: false
     - name: ssoproxy
       enable_server: false
-    - name: replds-acme
+    - name: replds
   systemd_services:
     - nginx.service
     - haproxy.service
     - sso-proxy.service
-    - replds@acme.service
+    - replds2@frontend.service
+  containers:
+    - name: replds
+      image: registry.git.autistici.org/ai3/tools/replds2:master
+      env:
+        REPLDS_GRPC_ADDR: ":3636"
+        REPLDS_HTTP_ADDR: ":3638"
+        REPLDS_SSL_CERT: "/etc/credentials/x509/replds/server/cert.pem"
+        REPLDS_SSL_KEY: "/etc/credentials/x509/replds/server/private_key.pem"
+        REPLDS_SSL_CLIENT_CERT: "/etc/credentials/x509/replds/client/cert.pem"
+        REPLDS_SSL_CLIENT_KEY: "/etc/credentials/x509/replds/client/private_key.pem"
+        REPLDS_SSL_CA: "/etc/credentials/x509/replds/ca.pem"
+        REPLDS_STORE: "/var/lib/replds"
+        REPLDS_ACLS: "/etc/replds.acls"
+        REPLDS_PEERS: "{{ services['frontend'].hosts | sort | map('regex_replace', '$', '.frontend.' + domain + ':3636') | join(',') }}"
+      volumes:
+        /var/lib/replds: /var/lib/replds
+        /etc/replds/acls: /etc/replds.acls
+      args: "server"
       ports:
+        - 3636
+        - 3638
+  ports:
+    - 3636
+    - 3638
     - 5005
   volumes:
     - name: cache
@@ -22,6 +45,8 @@ frontend:
   monitoring_endpoints:
     - port: 8404
       scheme: http
+    - port: 3638
+      scheme: https
 
 dns:
   scheduling_group: frontend