Enable auto-updates
This commit is contained in:
parent
4318d1faee
commit
192843b22a
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Prune dangling podman images
|
||||||
|
Documentation=man:podman-image-prune(1)
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStartPre=/usr/bin/podman container prune -f
|
||||||
|
ExecStart=/usr/bin/podman image prune -f
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Prune dangling podman images
|
||||||
|
Documentation=man:podman-image-prune(1)
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=Fri *-*-* 08:00:00
|
||||||
|
Persistent=true
|
||||||
|
RandomizedDelaySec=1h
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -10,6 +10,7 @@ After=pod-rproxy.service
|
|||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
|
||||||
|
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-certbot.pid --cidfile %t/container-rproxy-certbot.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -v /etc/resolv.conf:/etc/resolv.conf:ro -v etc_letsencrypt:/etc/letsencrypt -v var_lib_letsencrypt:/var/lib/letsencrypt -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-certbot docker.io/certbot/certbot --non-interactive renew
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-certbot.pid --cidfile %t/container-rproxy-certbot.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -v /etc/resolv.conf:/etc/resolv.conf:ro -v etc_letsencrypt:/etc/letsencrypt -v var_lib_letsencrypt:/var/lib/letsencrypt -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-certbot docker.io/certbot/certbot --non-interactive renew
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
||||||
PIDFile=%t/container-rproxy-nginx.pid
|
PIDFile=%t/container-rproxy-nginx.pid
|
||||||
|
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace --label "io.containers.autoupdate=image" -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
|
||||||
PIDFile=%t/container-www-nginx.pid
|
PIDFile=%t/container-www-nginx.pid
|
||||||
|
@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
|
||||||
PIDFile=%t/container-lrproxy-nginx.pid
|
PIDFile=%t/container-lrproxy-nginx.pid
|
||||||
|
@ -90,4 +90,66 @@
|
|||||||
user_containers_storage is changed or
|
user_containers_storage is changed or
|
||||||
user_containers_containers is changed
|
user_containers_containers is changed
|
||||||
|
|
||||||
|
- name: Create systemd directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "{{ service_home }}/.config/systemd"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Create systemd service directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "{{ service_home }}/.config/systemd/user"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Copy systemd auto-update service for user {{ service_user_name }}
|
||||||
|
copy:
|
||||||
|
src: "/usr/lib/systemd/system/podman-auto-update.service"
|
||||||
|
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.service"
|
||||||
|
remote_src: yes
|
||||||
|
register: user_systemd_podman_auto_update_service_file
|
||||||
|
|
||||||
|
- name: Copy systemd auto-update timer for user {{ service_user_name }}
|
||||||
|
copy:
|
||||||
|
src: "/usr/lib/systemd/system/podman-auto-update.timer"
|
||||||
|
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.timer"
|
||||||
|
remote_src: yes
|
||||||
|
register: user_systemd_podman_auto_update_timer_file
|
||||||
|
|
||||||
|
- name: Copy systemd image prune service for user {{ service_user_name }}
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service"
|
||||||
|
dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.service"
|
||||||
|
register: user_systemd_podman_image_prune_service_file
|
||||||
|
|
||||||
|
- name: Copy systemd image prune timer for user {{ service_user_name }}
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.timer"
|
||||||
|
dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.timer"
|
||||||
|
register: user_systemd_podman_image_prune_timer_file
|
||||||
|
|
||||||
|
- name: SystemD daemon reload
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: user
|
||||||
|
when:
|
||||||
|
user_systemd_podman_auto_update_service_file is changed or
|
||||||
|
user_systemd_podman_auto_update_timer_file is changed or
|
||||||
|
user_systemd_podman_image_prune_service_file is changed or
|
||||||
|
user_systemd_podman_image_prune_timer_file is changed
|
||||||
|
|
||||||
|
- name: Enable podman auto-update
|
||||||
|
systemd:
|
||||||
|
name: podman-auto-update.timer
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
scope: user
|
||||||
|
|
||||||
|
- name: Enable podman image prune
|
||||||
|
systemd:
|
||||||
|
name: podman-image-prune.timer
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
scope: user
|
||||||
|
|
||||||
become_user: "{{ service_user_name }}"
|
become_user: "{{ service_user_name }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user