Compatibility with new podman on bookworm
This commit is contained in:
parent
4340b894aa
commit
abfbc2fc5b
@ -6,6 +6,13 @@
|
|||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : configure hosts file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "hosts"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/service/hosts"
|
||||||
|
mode: 0644
|
||||||
|
register: services_deploy_cloud_hosts_file
|
||||||
|
|
||||||
- name: "configure nginx"
|
- name: "configure nginx"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "./config/nginx.conf"
|
src: "./config/nginx.conf"
|
||||||
@ -65,7 +72,8 @@
|
|||||||
state: "restarted"
|
state: "restarted"
|
||||||
scope: "user"
|
scope: "user"
|
||||||
when:
|
when:
|
||||||
(services_deploy_cloud_config_files.changed or
|
(services_deploy_cloud_hosts_file.changed or
|
||||||
|
services_deploy_cloud_config_files.changed or
|
||||||
services_deploy_cloud_nextcloud_files.changed or
|
services_deploy_cloud_nextcloud_files.changed or
|
||||||
services_deploy_cloud_systemd_files.changed) and
|
services_deploy_cloud_systemd_files.changed) and
|
||||||
services_deploy_cloud_service_active_state.stdout == "active"
|
services_deploy_cloud_service_active_state.stdout == "active"
|
||||||
|
9
playbooks/roles/services/deploy/cloud/templates/hosts
Normal file
9
playbooks/roles/services/deploy/cloud/templates/hosts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
|
127.0.1.1 cloud
|
||||||
|
|
||||||
|
{{ services_all_services['database'].inet6_address }} pod-database
|
||||||
|
{{ services_all_services['database'].inet_address }} pod-database
|
@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v ./.config/service/hosts:/etc/hosts:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
|
@ -22,9 +22,8 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v ./.config/service/hosts:/etc/hosts:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
-v {{ services_data_directory }}/pod-cloud/external/_data:/media/external \
|
||||||
|
@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
|
ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
|
||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create \
|
||||||
|
--infra-conmon-pidfile %t/pod-cloud.pid \
|
||||||
|
--pod-id-file %t/pod-cloud.pod-id \
|
||||||
|
--name=cloud \
|
||||||
|
--network=none \
|
||||||
|
--replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
||||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
|
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
|
||||||
|
@ -6,6 +6,13 @@
|
|||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : configure hosts file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "hosts"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/service/hosts"
|
||||||
|
mode: 0644
|
||||||
|
register: services_deploy_git_hosts_file
|
||||||
|
|
||||||
- name: "configure systemd service"
|
- name: "configure systemd service"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./systemd/{{ item }}"
|
src: "./systemd/{{ item }}"
|
||||||
@ -43,7 +50,8 @@
|
|||||||
state: "restarted"
|
state: "restarted"
|
||||||
scope: "user"
|
scope: "user"
|
||||||
when:
|
when:
|
||||||
services_deploy_git_systemd_files.changed and
|
(services_deploy_git_hosts_file.changed or
|
||||||
|
services_deploy_git_systemd_files.changed) and
|
||||||
services_deploy_git_service_active_state.stdout == "active"
|
services_deploy_git_service_active_state.stdout == "active"
|
||||||
|
|
||||||
become_user: "{{ services_service_user_name }}"
|
become_user: "{{ services_service_user_name }}"
|
||||||
|
9
playbooks/roles/services/deploy/git/templates/hosts
Normal file
9
playbooks/roles/services/deploy/git/templates/hosts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
|
127.0.1.1 git
|
||||||
|
|
||||||
|
{{ services_all_services['database'].inet6_address }} pod-database
|
||||||
|
{{ services_all_services['database'].inet_address }} pod-database
|
@ -13,43 +13,42 @@ Restart=on-failure
|
|||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-git-gitea.pid \
|
--conmon-pidfile %t/container-git-gitea.pid \
|
||||||
--cidfile %t/container-git-gitea.ctr-id \
|
--cidfile %t/container-git-gitea.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-git.pod-id \
|
--pod-id-file %t/pod-git.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
-v ./.config/service/hosts:/etc/hosts:ro \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
||||||
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
-v /etc/timezone:/etc/timezone:ro \
|
||||||
-v /etc/timezone:/etc/timezone:ro \
|
-v /etc/localtime:/etc/localtime:ro \
|
||||||
-v /etc/localtime:/etc/localtime:ro \
|
-e USER_UID="1000" \
|
||||||
-e USER_UID="1000" \
|
-e USER_GID="1000" \
|
||||||
-e USER_GID="1000" \
|
-e GITEA__database__DB_TYPE="postgres" \
|
||||||
-e GITEA__database__DB_TYPE="postgres" \
|
-e GITEA__database__HOST="pod-database:5432" \
|
||||||
-e GITEA__database__HOST="pod-database:5432" \
|
-e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \
|
||||||
-e GITEA__database__NAME="{{ services[services_service_name].database.name }}" \
|
-e GITEA__database__USER="{{ services[services_service_name].database.user }}" \
|
||||||
-e GITEA__database__USER="{{ services[services_service_name].database.user }}" \
|
-e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \
|
||||||
-e GITEA__database__PASSWD="{{ services[services_service_name].database.password }}" \
|
-e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \
|
||||||
-e GITEA__server__DOMAIN="{{ services[services_service_name].domain }}" \
|
-e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \
|
||||||
-e GITEA__server__SSH_DOMAIN="{{ services[services_service_name].domain }}" \
|
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
||||||
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
-e GITEA__server__START_SSH_SERVER="true" \
|
||||||
-e GITEA__server__START_SSH_SERVER="true" \
|
-e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \
|
||||||
-e GITEA__server__SSH_PORT="{{ services[services_service_name].ssh_port }}" \
|
-e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \
|
||||||
-e GITEA__server__SSH_LISTEN_PORT="{{ services[services_service_name].ssh_port }}" \
|
-e GITEA__mailer__ENABLED="true" \
|
||||||
-e GITEA__mailer__ENABLED="true" \
|
-e GITEA__mailer__FROM="Gitea <noreply@{{ services[services_service_name].domain }}>" \
|
||||||
-e GITEA__mailer__FROM="Gitea <noreply@{{ services[services_service_name].domain }}>" \
|
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
||||||
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
-e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \
|
||||||
-e GITEA__mailer__HOST="{{ services[services_service_name].smtp.host }}" \
|
-e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \
|
||||||
-e GITEA__mailer__USER="{{ services[services_service_name].smtp.user }}" \
|
-e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \
|
||||||
-e GITEA__mailer__PASSWD="{{ services[services_service_name].smtp.password }}" \
|
-e GITEA__service__DISABLE_REGISTRATION="true" \
|
||||||
-e GITEA__service__DISABLE_REGISTRATION="true" \
|
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
|
||||||
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
|
--name=pod-git-gitea \
|
||||||
--name=pod-git-gitea \
|
docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}
|
||||||
docker.io/gitea/gitea:{{ services_service_deploy_versions.gitea }}
|
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
|
||||||
PIDFile=%t/container-git-gitea.pid
|
PIDFile=%t/container-git-gitea.pid
|
||||||
|
@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create \
|
||||||
|
--infra-conmon-pidfile %t/pod-git.pid \
|
||||||
|
--pod-id-file %t/pod-git.pod-id \
|
||||||
|
--name=git \
|
||||||
|
--network=none \
|
||||||
|
--replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
||||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
|
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
|
||||||
|
@ -6,6 +6,13 @@
|
|||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : configure hosts file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "hosts"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/service/hosts"
|
||||||
|
mode: 0644
|
||||||
|
register: services_deploy_notes_hosts_file
|
||||||
|
|
||||||
- name: "configure systemd service"
|
- name: "configure systemd service"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./systemd/{{ item }}"
|
src: "./systemd/{{ item }}"
|
||||||
@ -44,7 +51,8 @@
|
|||||||
state: "restarted"
|
state: "restarted"
|
||||||
scope: "user"
|
scope: "user"
|
||||||
when:
|
when:
|
||||||
services_deploy_notes_systemd_files.changed and
|
(services_deploy_notes_hosts_file.changed or
|
||||||
|
services_deploy_notes_systemd_files.changed) and
|
||||||
services_deploy_notes_service_active_state.stdout == "active"
|
services_deploy_notes_service_active_state.stdout == "active"
|
||||||
|
|
||||||
become_user: "{{ services_service_user_name }}"
|
become_user: "{{ services_service_user_name }}"
|
||||||
|
9
playbooks/roles/services/deploy/notes/templates/hosts
Normal file
9
playbooks/roles/services/deploy/notes/templates/hosts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
|
127.0.1.1 notes
|
||||||
|
|
||||||
|
{{ services_all_services['database'].inet6_address }} pod-database
|
||||||
|
{{ services_all_services['database'].inet_address }} pod-database
|
@ -10,17 +10,17 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-notes-chown.pid %t/container-notes-chown.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-notes-chown.pid %t/container-notes-chown.ctr-id
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-notes-chown.pid \
|
--conmon-pidfile %t/container-notes-chown.pid \
|
||||||
--cidfile %t/container-notes-chown.ctr-id \
|
--cidfile %t/container-notes-chown.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-notes.pod-id \
|
--pod-id-file %t/pod-notes.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||||
--user=0 \
|
--user=0 \
|
||||||
--entrypoint="/bin/bash" \
|
--entrypoint="/bin/bash" \
|
||||||
--name=pod-notes-chown \
|
--name=pod-notes-chown \
|
||||||
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \
|
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }} \
|
||||||
-c "chown -R joplin:joplin /data"
|
-c "chown -R joplin:joplin /data"
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-chown.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-chown.ctr-id
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
|
||||||
|
@ -14,37 +14,36 @@ Restart=on-failure
|
|||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-notes-joplin.pid %t/container-notes-joplin.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-notes-joplin.pid %t/container-notes-joplin.ctr-id
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-notes-joplin.pid \
|
--conmon-pidfile %t/container-notes-joplin.pid \
|
||||||
--cidfile %t/container-notes-joplin.ctr-id \
|
--cidfile %t/container-notes-joplin.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-notes.pod-id \
|
--pod-id-file %t/pod-notes.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
-v ./.config/service/hosts:/etc/hosts:ro \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
||||||
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
-e APP_PORT="22300" \
|
||||||
-e APP_PORT="22300" \
|
-e DB_CLIENT="pg" \
|
||||||
-e DB_CLIENT="pg" \
|
-e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \
|
||||||
-e POSTGRES_PASSWORD="{{ services[services_service_name].database.password }}" \
|
-e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \
|
||||||
-e POSTGRES_DATABASE="{{ services[services_service_name].database.name }}" \
|
-e POSTGRES_USER="{{ services[services_service_name].database.user }}" \
|
||||||
-e POSTGRES_USER="{{ services[services_service_name].database.user }}" \
|
-e POSTGRES_PORT="5432" \
|
||||||
-e POSTGRES_PORT="5432" \
|
-e POSTGRES_HOST="pod-database" \
|
||||||
-e POSTGRES_HOST="pod-database" \
|
-e MAILER_ENABLED="true" \
|
||||||
-e MAILER_ENABLED="true" \
|
-e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \
|
||||||
-e MAILER_HOST="{{ services[services_service_name].smtp.host }}" \
|
-e MAILER_PORT=465 \
|
||||||
-e MAILER_PORT=465 \
|
-e MAILER_SECURITY="tls" \
|
||||||
-e MAILER_SECURITY="tls" \
|
-e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \
|
||||||
-e MAILER_AUTH_USER="{{ services[services_service_name].smtp.user }}" \
|
-e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \
|
||||||
-e MAILER_AUTH_PASSWORD="{{ services[services_service_name].smtp.password }}" \
|
-e MAILER_NOREPLY_NAME="Joplin" \
|
||||||
-e MAILER_NOREPLY_NAME="Joplin" \
|
-e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \
|
||||||
-e MAILER_NOREPLY_EMAIL="noreply@{{ services[services_service_name].domain }}" \
|
-e STORAGE_DRIVER="Type=Filesystem; Path=/data" \
|
||||||
-e STORAGE_DRIVER="Type=Filesystem; Path=/data" \
|
--name=pod-notes-joplin \
|
||||||
--name=pod-notes-joplin \
|
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}
|
||||||
docker.io/joplin/server:{{ services_service_deploy_versions.joplin }}
|
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-notes-joplin.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-notes-joplin.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-joplin.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-notes-joplin.ctr-id
|
||||||
PIDFile=%t/container-notes-joplin.pid
|
PIDFile=%t/container-notes-joplin.pid
|
||||||
|
@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
|
ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
|
||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create \
|
||||||
|
--infra-conmon-pidfile %t/pod-notes.pid \
|
||||||
|
--pod-id-file %t/pod-notes.pod-id \
|
||||||
|
--name=notes \
|
||||||
|
--network=none \
|
||||||
|
--replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
||||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
|
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
|
||||||
|
@ -4,12 +4,15 @@
|
|||||||
name: "services/include"
|
name: "services/include"
|
||||||
vars_from: "user"
|
vars_from: "user"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : set the rproxy variables"
|
|
||||||
ansible.builtin.include_vars:
|
|
||||||
file: "nginx.yml"
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
|
- name: "{{ services_service_name }} : configure hosts file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "hosts"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/service/hosts"
|
||||||
|
mode: 0644
|
||||||
|
register: services_deploy_rproxy_hosts_file
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : create nginx conf.d"
|
- name: "{{ services_service_name }} : create nginx conf.d"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
|
path: "{{ services_service_user_home }}/.config/service/nginx-conf.d"
|
||||||
@ -93,7 +96,8 @@
|
|||||||
state: "restarted"
|
state: "restarted"
|
||||||
scope: "user"
|
scope: "user"
|
||||||
when:
|
when:
|
||||||
(services_deploy_rproxy_generic_config.changed or
|
(services_deploy_rproxy_hosts_file.changed or
|
||||||
|
services_deploy_rproxy_generic_config.changed or
|
||||||
services_deploy_rproxy_stream_config.changed or
|
services_deploy_rproxy_stream_config.changed or
|
||||||
services_deploy_rproxy_subdomain_config_files.changed or
|
services_deploy_rproxy_subdomain_config_files.changed or
|
||||||
services_deploy_rproxy_systemd_files.changed or
|
services_deploy_rproxy_systemd_files.changed or
|
||||||
|
11
playbooks/roles/services/deploy/rproxy/templates/hosts
Normal file
11
playbooks/roles/services/deploy/rproxy/templates/hosts
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
|
127.0.1.1 {{ services_service_name }}
|
||||||
|
{% for service in ( services_all_services | dict2items ) %}
|
||||||
|
|
||||||
|
{{ service.value.inet6_address }} pod-{{ service.key }}
|
||||||
|
{{ service.value.inet_address }} pod-{{ service.key }}
|
||||||
|
{% endfor %}
|
@ -9,16 +9,16 @@ TimeoutStopSec=70
|
|||||||
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
|
||||||
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
|
--conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
|
||||||
--cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
|
--cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||||
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||||
-v var-www-html:/var/www/html \
|
-v var-www-html:/var/www/html \
|
||||||
--name=pod-{{ services_service_name }}-certbot \
|
--name=pod-{{ services_service_name }}-certbot \
|
||||||
docker.io/certbot/certbot --non-interactive renew
|
docker.io/certbot/certbot --non-interactive renew
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
@ -14,27 +14,26 @@ TimeoutStopSec=70
|
|||||||
ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
|
ExecStartPre=/usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\'' {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
|
||||||
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-nginx.pid %t/container-{{ services_service_name }}-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
|
--conmon-pidfile %t/container-{{ services_service_name }}-nginx.pid \
|
||||||
--cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
|
--cidfile %t/container-{{ services_service_name }}-nginx.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
{{ services_rproxy_nginx_add_inet_hosts }} \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
{{ services_rproxy_nginx_add_inet6_hosts }} \
|
-v ./.config/service/hosts:/etc/hosts:ro \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v %t/resolver.conf:/etc/nginx/resolver.conf:ro \
|
||||||
-v %t/resolver.conf:/etc/nginx/resolver.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||||
-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||||
-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||||
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
-v var-www-html:/var/www/html \
|
||||||
-v var-www-html:/var/www/html \
|
--name=pod-{{ services_service_name }}-nginx \
|
||||||
--name=pod-{{ services_service_name }}-nginx \
|
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
||||||
docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}
|
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-nginx.ctr-id
|
||||||
PIDFile=%t/container-{{ services_service_name }}-nginx.pid
|
PIDFile=%t/container-{{ services_service_name }}-nginx.pid
|
||||||
|
@ -12,7 +12,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id
|
ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ services_service_name }}.pod-id
|
||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create \
|
||||||
|
--infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid \
|
||||||
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
|
--name={{ services_service_name }} \
|
||||||
|
--network=none \
|
||||||
|
--replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
||||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }}
|
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }}
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
services_rproxy_nginx_add_inet_hosts: "\
|
|
||||||
{% set add_host_list = [] %}\
|
|
||||||
{% for service in ( services_all_services | dict2items ) %}\
|
|
||||||
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet_address) }}\
|
|
||||||
{% endfor %}\
|
|
||||||
{{ add_host_list | join(' ') }}"
|
|
||||||
services_rproxy_nginx_add_inet6_hosts: "\
|
|
||||||
{% set add_host_list = [] %}\
|
|
||||||
{% for service in ( services_all_services | dict2items ) %}\
|
|
||||||
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet6_address) }}\
|
|
||||||
{% endfor %}\
|
|
||||||
{{ add_host_list | join(' ') }}"
|
|
Loading…
Reference in New Issue
Block a user