Move lrproxy mounts to use _data

This commit is contained in:
Wojciech Kozlowski 2022-11-02 20:03:12 +01:00
parent 8b39d55afa
commit 581475c1fa
3 changed files with 29 additions and 2 deletions

View File

@ -12,7 +12,22 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure Restart=on-failure
TimeoutStopSec=70 TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-lrproxy-nginx.pid \
--cidfile %t/container-lrproxy-nginx.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-lrproxy.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
{{ service_rproxy_hosts }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
--name=pod-lrproxy-nginx \
docker.io/library/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
PIDFile=%t/container-lrproxy-nginx.pid PIDFile=%t/container-lrproxy-nginx.pid

View File

@ -5,4 +5,8 @@ OnFailure=status-mail@%n.service
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' -avz {{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ /var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/valkyrie-pod-rproxy -l pod-rproxy' \
-avz \
--delete \
{{ vpn_wg0_remote_address }}:/var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/ \
/var/lib/yggdrasil/data/pod-lrproxy/etc-letsencrypt

View File

@ -13,3 +13,11 @@
owner: "{{ service_user_name }}" owner: "{{ service_user_name }}"
group: "{{ service_user_name }}" group: "{{ service_user_name }}"
mode: 0755 mode: 0755
- name: Create etc-letsencrypt/_data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}/etc-letsencrypt/_data"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755