Move rproxy mounts to use _data

This commit is contained in:
Wojciech Kozlowski 2022-11-02 19:36:59 +01:00
parent 79e65e46c2
commit ebc55ad9d8
4 changed files with 38 additions and 8 deletions

View File

@ -8,6 +8,17 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
TimeoutStopSec=70 TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-certbot.pid --cidfile %t/container-rproxy-certbot.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt:/etc/letsencrypt -v var-lib-letsencrypt:/var/lib/letsencrypt -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-certbot docker.io/certbot/certbot --non-interactive renew ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-rproxy-certbot.pid \
--cidfile %t/container-rproxy-certbot.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-rproxy.pod-id \
--replace \
-v /etc/resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
-v var-lib-letsencrypt:/var/lib/letsencrypt \
-v var-www-html:/var/www/html \
--name=pod-rproxy-certbot \
docker.io/certbot/certbot --non-interactive renew
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
Type=oneshot Type=oneshot

View File

@ -12,7 +12,24 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure Restart=on-failure
TimeoutStopSec=70 TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt:/etc/letsencrypt:ro -v var-lib-letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-rproxy-nginx.pid \
--cidfile %t/container-rproxy-nginx.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-rproxy.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
{{ service_rproxy_hosts }} \
-v /etc/resolv.conf:/etc/resolv.conf:ro \
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
-v var-www-html:/var/www/html \
--name=pod-rproxy-nginx \
docker.io/library/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
PIDFile=%t/container-rproxy-nginx.pid PIDFile=%t/container-rproxy-nginx.pid

View File

@ -13,3 +13,11 @@
owner: "{{ service_user_name }}" owner: "{{ service_user_name }}"
group: "{{ service_user_name }}" group: "{{ service_user_name }}"
mode: 0755 mode: 0755
- name: Create etc-letsencrypt/_data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}/etc-letsencrypt/_data"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755

View File

@ -8,12 +8,6 @@
mode: 0644 mode: 0644
register: rproxy_synchronise register: rproxy_synchronise
- name: Create html directory for letsencrypt
file:
path: "{{ service_home }}/.config/{{ service_user_name }}/html"
state: directory
mode: 0755
- name: Generate Diffie Hellman ephemeral parameters - name: Generate Diffie Hellman ephemeral parameters
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096 command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
args: args: