Add pgadmin to pod-database
This commit is contained in:
parent
4b38982e46
commit
d09b2ae893
@ -69,7 +69,11 @@ services:
|
|||||||
token: "{{ vault_services.www.repo.token }}"
|
token: "{{ vault_services.www.repo.token }}"
|
||||||
lrproxy: {}
|
lrproxy: {}
|
||||||
database:
|
database:
|
||||||
password: "{{ vault_services.database.password }}"
|
pgadmin:
|
||||||
|
email: "{{ vault_services.database.pgadmin.email }}"
|
||||||
|
password: "{{ vault_services.database.pgadmin.password }}"
|
||||||
|
postgres:
|
||||||
|
password: "{{ vault_services.database.postgres.password }}"
|
||||||
cloud:
|
cloud:
|
||||||
domain: "{{ vault_services.cloud.domain }}"
|
domain: "{{ vault_services.cloud.domain }}"
|
||||||
database:
|
database:
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name archive.music.thenineworlds.net;
|
server_name archive.music.thenineworlds.net;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/archive.music.thenineworlds.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/archive.music.thenineworlds.net/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/archive.music.thenineworlds.net/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name cloud.wojciechkozlowski.eu;
|
server_name cloud.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
# Values copied and adjusted from
|
# Values copied and adjusted from
|
||||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
@ -32,16 +40,16 @@ server {
|
|||||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html.
|
||||||
location ^~ /.well-known {
|
location ^~ /.well-known {
|
||||||
location = /.well-known/webfinger {
|
location = /.well-known/webfinger {
|
||||||
return 301 /index.php$uri;
|
return 301 $scheme://$host:443/index.php$uri;
|
||||||
}
|
}
|
||||||
location = /.well-known/nodeinfo {
|
location = /.well-known/nodeinfo {
|
||||||
return 301 /index.php$uri;
|
return 301 $scheme://$host:443/index.php$uri;
|
||||||
}
|
}
|
||||||
location = /.well-known/carddav {
|
location = /.well-known/carddav {
|
||||||
return 301 /remote.php/dav/;
|
return 301 $scheme://$host:443/remote.php/dav;
|
||||||
}
|
}
|
||||||
location = /.well-known/caldav {
|
location = /.well-known/caldav {
|
||||||
return 301 /remote.php/dav/;
|
return 301 $scheme://$host:443/remote.php/dav;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -0,0 +1,49 @@
|
|||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
server_name database.thenineworlds.net;
|
||||||
|
|
||||||
|
location ^~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
|
listen 8443 ssl proxy_protocol;
|
||||||
|
server_name database.thenineworlds.net;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/database.thenineworlds.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/database.thenineworlds.net/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/database.thenineworlds.net/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
|
allow {{ local_inet_network }};
|
||||||
|
allow {{ local_inet6_network }};
|
||||||
|
deny all;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://pod-database;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name git.thenineworlds.net;
|
server_name git.thenineworlds.net;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/git.thenineworlds.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/git.thenineworlds.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.thenineworlds.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/git.thenineworlds.net/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/git.thenineworlds.net/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/git.thenineworlds.net/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name music.thenineworlds.net;
|
server_name music.thenineworlds.net;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/music.thenineworlds.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/music.thenineworlds.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/music.thenineworlds.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/music.thenineworlds.net/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/music.thenineworlds.net/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/music.thenineworlds.net/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name notes.thenineworlds.net;
|
server_name notes.thenineworlds.net;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/notes.thenineworlds.net/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/notes.thenineworlds.net/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/notes.thenineworlds.net/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/notes.thenineworlds.net/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/notes.thenineworlds.net/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/notes.thenineworlds.net/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
# Values copied from
|
# Values copied from
|
||||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html and adjusted to
|
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html and adjusted to
|
||||||
# 16G.
|
# 16G.
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name wojciechkozlowski.eu;
|
server_name wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
@ -14,14 +14,22 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen [::1]:443 ssl;
|
listen [::]:8443 ssl proxy_protocol;
|
||||||
listen 127.0.0.1:443 ssl;
|
listen 8443 ssl proxy_protocol;
|
||||||
server_name www.wojciechkozlowski.eu;
|
server_name www.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem;
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.rproxy.inet6_address }};
|
||||||
|
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
|
||||||
|
set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};
|
||||||
|
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
stream {
|
|
||||||
|
|
||||||
map $ssl_preread_server_name $name {
|
|
||||||
wojciechkozlowski.eu rproxy;
|
|
||||||
www.wojciechkozlowski.eu rproxy;
|
|
||||||
default lrproxy;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream rproxy {
|
|
||||||
server localhost:443;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream lrproxy {
|
|
||||||
server pod-lrproxy:443;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen pod-rproxy:443;
|
|
||||||
proxy_pass $name;
|
|
||||||
ssl_preread on;
|
|
||||||
}
|
|
||||||
}
|
|
@ -7,15 +7,16 @@ stream {
|
|||||||
}
|
}
|
||||||
|
|
||||||
upstream rproxy {
|
upstream rproxy {
|
||||||
server pod-rproxy:443;
|
server pod-rproxy:8443;
|
||||||
}
|
}
|
||||||
|
|
||||||
upstream lrproxy {
|
upstream lrproxy {
|
||||||
server localhost:443;
|
server pod-lrproxy:8443;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen pod-lrproxy:443;
|
listen {{ services_service_user_name }}:443;
|
||||||
|
proxy_protocol on;
|
||||||
proxy_pass $name;
|
proxy_pass $name;
|
||||||
ssl_preread on;
|
ssl_preread on;
|
||||||
}
|
}
|
@ -11,7 +11,14 @@
|
|||||||
src: "./postgres/database.password"
|
src: "./postgres/database.password"
|
||||||
dest: "{{ services_service_user_home }}/.config/service/database.password"
|
dest: "{{ services_service_user_home }}/.config/service/database.password"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
register: services_deploy_database_password_file
|
register: services_deploy_database_postgres_password_file
|
||||||
|
|
||||||
|
- name: "configure pgadmin password"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "./pgadmin/pgadmin.password"
|
||||||
|
dest: "{{ services_service_user_home }}/.config/service/pgadmin.password"
|
||||||
|
mode: 0600
|
||||||
|
register: services_deploy_database_pgadmin_password_file
|
||||||
|
|
||||||
- name: "configure systemd service"
|
- name: "configure systemd service"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
@ -21,6 +28,8 @@
|
|||||||
loop:
|
loop:
|
||||||
- "pod-database.service"
|
- "pod-database.service"
|
||||||
- "container-database-postgres.service"
|
- "container-database-postgres.service"
|
||||||
|
- "container-database-pgadmin-chown.service"
|
||||||
|
- "container-database-pgadmin.service"
|
||||||
register: services_deploy_database_systemd_files
|
register: services_deploy_database_systemd_files
|
||||||
|
|
||||||
- name: "systemd user daemon reload"
|
- name: "systemd user daemon reload"
|
||||||
@ -50,7 +59,8 @@
|
|||||||
state: "restarted"
|
state: "restarted"
|
||||||
scope: "user"
|
scope: "user"
|
||||||
when:
|
when:
|
||||||
(services_deploy_database_password_file.changed or
|
(services_deploy_database_postgres_password_file.changed or
|
||||||
|
services_deploy_database_pgadmin_password_file.changed or
|
||||||
services_deploy_database_systemd_files.changed) and
|
services_deploy_database_systemd_files.changed) and
|
||||||
services_deploy_database_service_active_state.stdout == "active"
|
services_deploy_database_service_active_state.stdout == "active"
|
||||||
|
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
{{ services[services_service_name].pgadmin.password }}
|
@ -1 +1 @@
|
|||||||
{{ services[services_service_name].password }}
|
{{ services[services_service_name].postgres.password }}
|
||||||
|
@ -0,0 +1,29 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman container-database-pgadmin-chown.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
After=pod-database.service
|
||||||
|
Before=container-database-pgadmin.service
|
||||||
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/container-database-pgadmin-chown.pid %t/container-database-pgadmin-chown.ctr-id
|
||||||
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-database-pgadmin-chown.pid \
|
||||||
|
--cidfile %t/container-database-pgadmin-chown.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-database.pod-id \
|
||||||
|
--replace \
|
||||||
|
-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin \
|
||||||
|
-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password \
|
||||||
|
--user=0 \
|
||||||
|
--entrypoint="/bin/sh" \
|
||||||
|
--name=pod-database-pgadmin-chown \
|
||||||
|
docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }} \
|
||||||
|
-c "chown -R 5050:5050 /var/lib/pgadmin /run/secrets/pgadmin.password"
|
||||||
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-pgadmin-chown.ctr-id
|
||||||
|
Type=oneshot
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=container-database-pgadmin.service
|
@ -0,0 +1,38 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman container-database-pgadmin.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
BindsTo=pod-database.service container-database-postgres.service
|
||||||
|
Requires=container-database-pgadmin-chown.service
|
||||||
|
After=pod-database.service container-database-postgres.service container-database-pgadmin-chown.service
|
||||||
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/container-database-pgadmin.pid %t/container-database-pgadmin.ctr-id
|
||||||
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-database-pgadmin.pid \
|
||||||
|
--cidfile %t/container-database-pgadmin.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-database.pod-id \
|
||||||
|
--replace \
|
||||||
|
--label "io.containers.autoupdate=image" \
|
||||||
|
--log-driver=journald \
|
||||||
|
-dt \
|
||||||
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v {{ services_data_directory }}/pod-database/pgadmin/_data:/var/lib/pgadmin \
|
||||||
|
-v ./.config/service/pgadmin.password:/run/secrets/pgadmin.password:ro \
|
||||||
|
-e PGADMIN_DEFAULT_EMAIL="{{ services[services_service_name].pgadmin.email }}" \
|
||||||
|
-e PGADMIN_DEFAULT_PASSWORD_FILE=/run/secrets/pgadmin.password \
|
||||||
|
--name=pod-database-pgadmin \
|
||||||
|
docker.io/dpage/pgadmin4:{{ services_service_deploy_versions.pgadmin4 }}
|
||||||
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-pgadmin.ctr-id -t 10
|
||||||
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-pgadmin.ctr-id
|
||||||
|
PIDFile=%t/container-database-pgadmin.pid
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
@ -13,22 +13,22 @@ Restart=on-failure
|
|||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-database-postgres.pid %t/container-database-postgres.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-database-postgres.pid %t/container-database-postgres.ctr-id
|
||||||
ExecStart=/usr/bin/podman run \
|
ExecStart=/usr/bin/podman run \
|
||||||
--conmon-pidfile %t/container-database-postgres.pid \
|
--conmon-pidfile %t/container-database-postgres.pid \
|
||||||
--cidfile %t/container-database-postgres.ctr-id \
|
--cidfile %t/container-database-postgres.ctr-id \
|
||||||
--cgroups=no-conmon \
|
--cgroups=no-conmon \
|
||||||
--pod-id-file %t/pod-database.pod-id \
|
--pod-id-file %t/pod-database.pod-id \
|
||||||
--replace \
|
--replace \
|
||||||
--label "io.containers.autoupdate=image" \
|
--label "io.containers.autoupdate=image" \
|
||||||
--log-driver=journald \
|
--log-driver=journald \
|
||||||
-dt \
|
-dt \
|
||||||
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
-v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
-v ./.config/service/database.password:/run/secrets/database.password:ro \
|
||||||
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
-e POSTGRES_PASSWORD_FILE=/run/secrets/database.password \
|
||||||
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
-v {{ services_data_directory }}/pod-database/wal/_data:/var/lib/postgresql-wal \
|
||||||
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
|
-e POSTGRES_INITDB_WALDIR=/var/lib/postgresql-wal \
|
||||||
-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \
|
-v {{ services_data_directory }}/pod-database/data/_data:/var/lib/postgresql/data \
|
||||||
--name=pod-database-postgres \
|
--name=pod-database-postgres \
|
||||||
docker.io/library/postgres:{{ services_service_deploy_versions.postgres }}
|
docker.io/library/postgres:{{ services_service_deploy_versions.postgres }}
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-database-postgres.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-database-postgres.ctr-id
|
||||||
PIDFile=%t/container-database-postgres.pid
|
PIDFile=%t/container-database-postgres.pid
|
||||||
|
@ -3,8 +3,8 @@ Description=Podman pod-database.service
|
|||||||
Documentation=man:podman-generate-systemd(1)
|
Documentation=man:podman-generate-systemd(1)
|
||||||
Wants=network.target
|
Wants=network.target
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
Requires=container-database-postgres.service
|
Requires=container-database-postgres.service container-database-pgadmin.service
|
||||||
Before=container-database-postgres.service
|
Before=container-database-postgres.service container-database-pgadmin.service
|
||||||
OnFailure=status-mail@%n.service
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -24,14 +24,14 @@
|
|||||||
register: services_deploy_rproxy_generic_config
|
register: services_deploy_rproxy_generic_config
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
- name: "{{ services_service_name }} : stream nginx reverse proxy configuration"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
src: "{{ services_deploy_rproxy_nginx_stream_config }}"
|
||||||
dest: "{{ services_service_user_home }}/.config/service/stream.conf"
|
dest: "{{ services_service_user_home }}/.config/service/stream.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: services_deploy_rproxy_stream_config
|
register: services_deploy_rproxy_stream_config
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
- name: "{{ services_service_name }} : subdomain nginx reverse proxy configuration"
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}"
|
dest: "{{ services_service_user_home }}/.config/service/nginx-conf.d/{{ item | basename }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -63,7 +63,7 @@
|
|||||||
- "services:rproxy:deploy"
|
- "services:rproxy:deploy"
|
||||||
vars:
|
vars:
|
||||||
services_service_name: "rproxy"
|
services_service_name: "rproxy"
|
||||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/rproxy/stream.conf"
|
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
||||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||||
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
|
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
|
||||||
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
|
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
|
||||||
@ -83,10 +83,11 @@
|
|||||||
- "services:lrproxy:deploy"
|
- "services:lrproxy:deploy"
|
||||||
vars:
|
vars:
|
||||||
services_service_name: "lrproxy"
|
services_service_name: "lrproxy"
|
||||||
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/lrproxy/stream.conf"
|
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
|
||||||
services_deploy_rproxy_nginx_subdomain_config_files:
|
services_deploy_rproxy_nginx_subdomain_config_files:
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
||||||
|
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
||||||
|
@ -8,6 +8,7 @@ services_deploy_versions:
|
|||||||
nginx: "stable"
|
nginx: "stable"
|
||||||
database:
|
database:
|
||||||
postgres: "15"
|
postgres: "15"
|
||||||
|
pgadmin4: "7"
|
||||||
cloud:
|
cloud:
|
||||||
nginx: "stable"
|
nginx: "stable"
|
||||||
nextcloud: "27-fpm"
|
nextcloud: "27-fpm"
|
||||||
|
@ -6,6 +6,7 @@ services_volumes:
|
|||||||
lrproxy:
|
lrproxy:
|
||||||
etc-letsencrypt:
|
etc-letsencrypt:
|
||||||
database:
|
database:
|
||||||
|
pgadmin:
|
||||||
wal:
|
wal:
|
||||||
extra_zfs_properties:
|
extra_zfs_properties:
|
||||||
recordsize: "8192" # 8K
|
recordsize: "8192" # 8K
|
||||||
|
Loading…
Reference in New Issue
Block a user