Move all veth interfaces to IPv6
This commit is contained in:
parent
ab683be7f7
commit
b32142d4c7
@ -109,4 +109,5 @@ services:
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# services:user_setup
|
# services:user_setup
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
services_bridge_gateway: "{{ vpn_bridge_address }}"
|
services_bridge_inet_gateway: "{{ vpn_bridge_inet_address }}"
|
||||||
|
services_bridge_inet6_gateway: "{{ vpn_bridge_inet6_address }}"
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name archive.music.wojciechkozlowski.eu;
|
server_name archive.music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name archive.music.wojciechkozlowski.eu;
|
server_name archive.music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name cloud.wojciechkozlowski.eu;
|
server_name cloud.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name cloud.wojciechkozlowski.eu;
|
server_name cloud.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name git.wojciechkozlowski.eu;
|
server_name git.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name git.wojciechkozlowski.eu;
|
server_name git.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name music.wojciechkozlowski.eu;
|
server_name music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name music.wojciechkozlowski.eu;
|
server_name music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name notes.wojciechkozlowski.eu;
|
server_name notes.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name notes.wojciechkozlowski.eu;
|
server_name notes.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ stream {
|
|||||||
}
|
}
|
||||||
|
|
||||||
upstream lrproxy {
|
upstream lrproxy {
|
||||||
server 127.0.0.1:443;
|
server localhost:443;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name wojciechkozlowski.eu;
|
server_name wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name wojciechkozlowski.eu;
|
server_name wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
server {
|
server {
|
||||||
|
listen [::]:80;
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name www.wojciechkozlowski.eu;
|
server_name www.wojciechkozlowski.eu;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
listen [::1]:443 ssl;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name www.wojciechkozlowski.eu;
|
server_name www.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ stream {
|
|||||||
}
|
}
|
||||||
|
|
||||||
upstream rproxy {
|
upstream rproxy {
|
||||||
server 127.0.0.1:443;
|
server localhost:443;
|
||||||
}
|
}
|
||||||
|
|
||||||
upstream lrproxy {
|
upstream lrproxy {
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ conmon\[[0-9]+\]: .*$
|
||||||
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ restic-batch\[[0-9]+\]: Backing up [-_[:alnum:]]+$
|
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ restic-batch\[[0-9]+\]: Backing up [-_[:alnum:]]+$
|
||||||
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Podman auto-update service|Pod service auto-update service|Prune dangling podman images|Backup snapshots using restic)\.$
|
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Podman auto-update service|Pod service auto-update service|Prune dangling podman images|Backup snapshots using restic)\.$
|
||||||
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: var-lib-containers-storage-overlay\.mount: Succeeded\.$
|
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: var-lib-containers-storage-overlay\.mount: Succeeded\.$
|
||||||
|
@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-cloud.pod-id \
|
--pod-id-file %t/pod-cloud.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
||||||
|
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
|
@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-cloud.pod-id \
|
--pod-id-file %t/pod-cloud.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
||||||
|
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
-v {{ services_data_directory }}/pod-cloud/nextcloud/_data:/var/www/html \
|
||||||
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
-v {{ services_data_directory }}/pod-cloud/data/_data:/var/www/html/data \
|
||||||
|
@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-cloud.pod-id \
|
--pod-id-file %t/pod-cloud.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-cloud up)" ] ; do echo "veth-cloud is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
|
||||||
PIDFile=%t/pod-cloud.pid
|
PIDFile=%t/pod-cloud.pid
|
||||||
|
@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-database.pod-id \
|
--pod-id-file %t/pod-database.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-database up)" ] ; do echo "veth-database is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
||||||
PIDFile=%t/pod-database.pid
|
PIDFile=%t/pod-database.pid
|
||||||
|
@ -19,8 +19,10 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-git.pod-id \
|
--pod-id-file %t/pod-git.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
||||||
|
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
-v {{ services_data_directory }}/pod-git/data/_data:/data \
|
||||||
-v /etc/timezone:/etc/timezone:ro \
|
-v /etc/timezone:/etc/timezone:ro \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-git up)" ] ; do echo "veth-git is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
||||||
PIDFile=%t/pod-git.pid
|
PIDFile=%t/pod-git.pid
|
||||||
|
@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-music.pod-id \
|
--pod-id-file %t/pod-music.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
|
-v {{ services_data_directory }}/pod-music/archive/_data:/data \
|
||||||
|
@ -19,6 +19,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-music.pod-id \
|
--pod-id-file %t/pod-music.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
|
-v {{ services_data_directory }}/pod-music/collection/_data:/data \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-music.pid %t/pod-music.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-music up)" ] ; do echo "veth-music is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id
|
||||||
PIDFile=%t/pod-music.pid
|
PIDFile=%t/pod-music.pid
|
||||||
|
@ -20,8 +20,10 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-notes.pod-id \
|
--pod-id-file %t/pod-notes.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
--add-host=pod-database:{{ services_all_services['database'].address }} \
|
--add-host=pod-database:{{ services_all_services['database'].inet_address }} \
|
||||||
|
--add-host=pod-database:{{ services_all_services['database'].inet6_address }} \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
-v {{ services_data_directory }}/pod-notes/data/_data:/data \
|
||||||
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
-e APP_BASE_URL="https://{{ services[services_service_name].domain }}" \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-notes up)" ] ; do echo "veth-notes is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
|
||||||
PIDFile=%t/pod-notes.pid
|
PIDFile=%t/pod-notes.pid
|
||||||
|
@ -19,8 +19,10 @@ ExecStart=/usr/bin/podman run \
|
|||||||
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
--pod-id-file %t/pod-{{ services_service_name }}.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
{{ services_rproxy_nginx_add_hosts }} \
|
{{ services_rproxy_nginx_add_inet_hosts }} \
|
||||||
|
{{ services_rproxy_nginx_add_inet6_hosts }} \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ service
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-{{ services_service_name }} up)" ] ; do echo "veth-{{ services_service_name }} is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||||
PIDFile=%t/pod-{{ services_service_name }}.pid
|
PIDFile=%t/pod-{{ services_service_name }}.pid
|
||||||
|
@ -1,7 +1,13 @@
|
|||||||
---
|
---
|
||||||
services_rproxy_nginx_add_hosts: "\
|
services_rproxy_nginx_add_inet_hosts: "\
|
||||||
{% set add_host_list = [] %}\
|
{% set add_host_list = [] %}\
|
||||||
{% for service in ( services_all_services | dict2items ) %}\
|
{% for service in ( services_all_services | dict2items ) %}\
|
||||||
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.address) }}\
|
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet_address) }}\
|
||||||
|
{% endfor %}\
|
||||||
|
{{ add_host_list | join(' ') }}"
|
||||||
|
services_rproxy_nginx_add_inet6_hosts: "\
|
||||||
|
{% set add_host_list = [] %}\
|
||||||
|
{% for service in ( services_all_services | dict2items ) %}\
|
||||||
|
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.inet6_address) }}\
|
||||||
{% endfor %}\
|
{% endfor %}\
|
||||||
{{ add_host_list | join(' ') }}"
|
{{ add_host_list | join(' ') }}"
|
||||||
|
@ -20,6 +20,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
%t/pod-www.pod-id \
|
%t/pod-www.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
-v ./.config/service/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro \
|
||||||
|
@ -15,6 +15,7 @@ ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id
|
|||||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
|
||||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
|
||||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-www up)" ] ; do echo "veth-www is not ready yet" && sleep 1 ; done'
|
||||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
|
||||||
PIDFile=%t/pod-www.pid
|
PIDFile=%t/pod-www.pid
|
||||||
|
@ -24,6 +24,9 @@ argument_specs:
|
|||||||
type: "dict"
|
type: "dict"
|
||||||
elem: "dict"
|
elem: "dict"
|
||||||
required: true
|
required: true
|
||||||
services_bridge_gateway:
|
services_bridge_inet_gateway:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
services_bridge_inet6_gateway:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
|
@ -15,7 +15,10 @@
|
|||||||
fi'
|
fi'
|
||||||
vars:
|
vars:
|
||||||
services_service_iface_name: "veth-{{ services_service_name }}"
|
services_service_iface_name: "veth-{{ services_service_name }}"
|
||||||
services_service_iface_address: "{{ services_host_services[services_service_name].address }}"
|
services_service_iface_inet_address: "\
|
||||||
|
{{ services_host_services[services_service_name].inet_address }}"
|
||||||
|
services_service_iface_inet6_address: "\
|
||||||
|
{{ services_host_services[services_service_name].inet6_address }}"
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
|
@ -1,17 +1,27 @@
|
|||||||
iface {{ services_service_iface_name }} inet manual
|
iface {{ services_service_iface_name }} inet6 manual
|
||||||
pre-up mkdir -p /run/netns
|
pre-up mkdir -p /run/netns
|
||||||
pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
||||||
|
|
||||||
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
|
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
|
||||||
pre-up ip link set $IFACE master br0
|
pre-up ip link set $IFACE master br0
|
||||||
|
|
||||||
post-up ip -n {{ services_service_user_name }} link set veth0 up
|
pre-up ip -n {{ services_service_user_name }} link set veth0 up
|
||||||
post-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_address }}/24 dev veth0
|
|
||||||
post-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_gateway }} dev veth0
|
|
||||||
|
|
||||||
pre-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_gateway }} dev veth0
|
pre-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_inet_address }}/24 dev veth0
|
||||||
pre-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_address }}/24 dev veth0
|
pre-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_inet_gateway }} dev veth0
|
||||||
pre-down ip -n {{ services_service_user_name }} link set veth0 down
|
|
||||||
|
pre-up ip -6 -n {{ services_service_user_name }} address add {{ services_service_iface_inet6_address }}/64 dev veth0 nodad
|
||||||
|
pre-up ip -6 -n {{ services_service_user_name }} route add default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||||
|
|
||||||
|
post-down rm {{ services_service_user_containers }}/veth0
|
||||||
|
|
||||||
|
post-down ip -6 -n {{ services_service_user_name }} route del default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||||
|
post-down ip -6 -n {{ services_service_user_name }} address del {{ services_service_iface_inet6_address }}/64 dev veth0
|
||||||
|
|
||||||
|
post-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_inet_gateway }} dev veth0
|
||||||
|
post-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_inet_address }}/24 dev veth0
|
||||||
|
|
||||||
|
post-down ip -n {{ services_service_user_name }} link set veth0 down
|
||||||
|
|
||||||
post-down ip link set $IFACE nomaster
|
post-down ip link set $IFACE nomaster
|
||||||
post-down ip link del dev $IFACE
|
post-down ip link del dev $IFACE
|
||||||
|
Loading…
Reference in New Issue
Block a user