Compatibility with new podman on bookworm

This commit is contained in:
Wojciech Kozlowski 2023-08-18 13:01:36 +02:00
parent 4340b894aa
commit abfbc2fc5b
20 changed files with 208 additions and 140 deletions

View File

@ -6,6 +6,13 @@
- block:
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_cloud_hosts_file
- name: "configure nginx"
ansible.builtin.copy:
src: "./config/nginx.conf"
@ -65,7 +72,8 @@
state: "restarted"
scope: "user"
when:
(services_deploy_cloud_config_files.changed or
(services_deploy_cloud_hosts_file.changed or
services_deploy_cloud_config_files.changed or
services_deploy_cloud_nextcloud_files.changed or
services_deploy_cloud_systemd_files.changed) and
services_deploy_cloud_service_active_state.stdout == "active"

View File

@ -0,0 +1,9 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 cloud
{{ services_all_services['database'].inet6_address }} pod-database
{{ services_all_services['database'].inet_address }} pod-database

View File

@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \

View File

@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \

View File

@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/pod-cloud.pid \
--pod-id-file %t/pod-cloud.pod-id \
--name=cloud \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud

View File

@ -6,6 +6,13 @@
- block:
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_git_hosts_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
@ -43,7 +50,8 @@
state: "restarted"
scope: "user"
when:
services_deploy_git_systemd_files.changed and
(services_deploy_git_hosts_file.changed or
services_deploy_git_systemd_files.changed) and
services_deploy_git_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"

View File

@ -0,0 +1,9 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 git
{{ services_all_services['database'].inet6_address }} pod-database
{{ services_all_services['database'].inet_address }} pod-database

View File

@ -13,43 +13,42 @@ Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-git-gitea.pid \
--cidfile %t/container-git-gitea.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-git.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID="1000" \
-e USER_GID="1000" \
-e GITEA__database__DB_TYPE="postgres" \
-e GITEA__database__HOST="pod-database:5432" \
-e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \
-e GITEA__database__USER="{{ services[services_service_name].database.user }}" \
-e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \
-e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
-e GITEA__server__START_SSH_SERVER="true" \
-e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__mailer__ENABLED="true" \
-e GITEA__mailer__FROM="Gitea <noreply@{{ services[services_service_name].domain }}>" \
-e GITEA__mailer__MAILER_TYPE="smtp" \
-e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \
-e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \
-e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \
-e GITEA__service__DISABLE_REGISTRATION="true" \
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
--name=pod-git-gitea \
docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}
--conmon-pidfile %t/container-git-gitea.pid \
--cidfile %t/container-git-gitea.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-git.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID="1000" \
-e USER_GID="1000" \
-e GITEA__database__DB_TYPE="postgres" \
-e GITEA__database__HOST="pod-database:5432" \
-e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \
-e GITEA__database__USER="{{ services[services_service_name].database.user }}" \
-e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \
-e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
-e GITEA__server__START_SSH_SERVER="true" \
-e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \
-e GITEA__mailer__ENABLED="true" \
-e GITEA__mailer__FROM="Gitea <noreply@{{ services[services_service_name].domain }}>" \
-e GITEA__mailer__MAILER_TYPE="smtp" \
-e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \
-e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \
-e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \
-e GITEA__service__DISABLE_REGISTRATION="true" \
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
--name=pod-git-gitea \
docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
PIDFile=%t/container-git-gitea.pid

View File

@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/pod-git.pid \
--pod-id-file %t/pod-git.pod-id \
--name=git \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git

View File

@ -6,6 +6,13 @@
- block:
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_notes_hosts_file
- name: "configure systemd service"
ansible.builtin.template:
src: "./systemd/{{ item }}"
@ -44,7 +51,8 @@
state: "restarted"
scope: "user"
when:
services_deploy_notes_systemd_files.changed and
(services_deploy_notes_hosts_file.changed or
services_deploy_notes_systemd_files.changed) and
services_deploy_notes_service_active_state.stdout == "active"
become_user: "{{ services_service_user_name }}"

View File

@ -0,0 +1,9 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 notes
{{ services_all_services['database'].inet6_address }} pod-database
{{ services_all_services['database'].inet_address }} pod-database

View File

@ -10,17 +10,17 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-notes-chown.pid %t/container-notes-chown.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-notes-chown.pid \
--cidfile %t/container-notes-chown.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \
--replace \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
--user=0 \
--entrypoint="/bin/bash" \
--name=pod-notes-chown \
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \
-c "chown -R joplin:joplin /data"
--conmon-pidfile %t/container-notes-chown.pid \
--cidfile %t/container-notes-chown.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \
--replace \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
--user=0 \
--entrypoint="/bin/bash" \
--name=pod-notes-chown \
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \
-c "chown -R joplin:joplin /data"
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-chown.ctr-id
Type=oneshot

View File

@ -14,37 +14,36 @@ Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-notes-joplin.pid %t/container-notes-joplin.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-notes-joplin.pid \
--cidfile %t/container-notes-joplin.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
-e APP_PORT="22300" \
-e DB_CLIENT="pg" \
-e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \
-e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \
-e POSTGRES_USER="{{ services[services_service_name].database.user }}" \
-e POSTGRES_PORT="5432" \
-e POSTGRES_HOST="pod-database" \
-e MAILER_ENABLED="true" \
-e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \
-e MAILER_PORT=465 \
-e MAILER_SECURITY="tls" \
-e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \
-e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \
-e MAILER_NOREPLY_NAME="Joplin" \
-e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \
-e STORAGE_DRIVER="Type=Filesystem; Path=/data" \
--name=pod-notes-joplin \
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}
--conmon-pidfile %t/container-notes-joplin.pid \
--cidfile %t/container-notes-joplin.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-notes.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
-e APP_PORT="22300" \
-e DB_CLIENT="pg" \
-e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \
-e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \
-e POSTGRES_USER="{{ services[services_service_name].database.user }}" \
-e POSTGRES_PORT="5432" \
-e POSTGRES_HOST="pod-database" \
-e MAILER_ENABLED="true" \
-e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \
-e MAILER_PORT=465 \
-e MAILER_SECURITY="tls" \
-e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \
-e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \
-e MAILER_NOREPLY_NAME="Joplin" \
-e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \
-e STORAGE_DRIVER="Type=Filesystem; Path=/data" \
--name=pod-notes-joplin \
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-notes-joplin.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-joplin.ctr-id
PIDFile=%t/container-notes-joplin.pid

View File

@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/pod-notes.pid \
--pod-id-file %t/pod-notes.pod-id \
--name=notes \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes

View File

@ -4,12 +4,15 @@
name: "services/include"
vars_from: "user"
- name: "{{ services_service_name }} : set the rproxy variables"
ansible.builtin.include_vars:
file: "nginx.yml"
- block:
- name: "{{ services_service_name }} : configure hosts file"
ansible.builtin.template:
src: "hosts"
dest: "{{ services_service_user_home }}/.config/service/hosts"
mode: 0644
register: services_deploy_rproxy_hosts_file
- name: "{{ services_service_name }} : create nginx conf.d"
ansible.builtin.file:
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
@ -93,7 +96,8 @@
state: "restarted"
scope: "user"
when:
(services_deploy_rproxy_generic_config.changed or
(services_deploy_rproxy_hosts_file.changed or
services_deploy_rproxy_generic_config.changed or
services_deploy_rproxy_stream_config.changed or
services_deploy_rproxy_subdomain_config_files.changed or
services_deploy_rproxy_systemd_files.changed or

View File

@ -0,0 +1,11 @@
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 {{ services_service_name }}
{% for service in ( services_all_services | dict2items ) %}
{{ service.value.inet6_address }} pod-{{ service.key }}
{{ service.value.inet_address }} pod-{{ service.key }}
{% endfor %}

View File

@ -9,16 +9,16 @@ TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
--cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-certbot \
docker.io/certbot/certbot --non-interactive renew
--conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
--cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-certbot \
docker.io/certbot/certbot --non-interactive renew
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
Type=oneshot

View File

@ -14,27 +14,26 @@ TimeoutStopSec=70
ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
--cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
{{ services_rproxy_nginx_add_inet_hosts }} \
{{ services_rproxy_nginx_add_inet6_hosts }} \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v %t/resolver.conf:/etc/nginx/resolver.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-nginx \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
--conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
--cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
--log-driver=journald \
-dt \
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/service/hosts:/etc/hosts:ro \
-v %t/resolver.conf:/etc/nginx/resolver.conf:ro \
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \
--name=pod-{{ services_service_name }}-nginx \
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id
PIDFile=%t/container-{{ services_service_name }}-nginx.pid

View File

@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
ExecStartPre=/usr/bin/podman pod create \
--infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid \
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
--name={{ services_service_name }} \
--network=none \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }}

View File

@ -1,13 +0,0 @@
---
services_rproxy_nginx_add_inet_hosts: "\
{% set add_host_list = [] %}\
{% for service in ( services_all_services | dict2items ) %}\
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet_address) }}\
{% endfor %}\
{{ add_host_list | join(' ') }}"
services_rproxy_nginx_add_inet6_hosts: "\
{% set add_host_list = [] %}\
{% for service in ( services_all_services | dict2items ) %}\
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet6_address) }}\
{% endfor %}\
{{ add_host_list | join(' ') }}"