Move rproxy mounts to use _data
This commit is contained in:
parent
79e65e46c2
commit
ebc55ad9d8
@ -8,6 +8,17 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-rproxy-certbot.pid %t/container-rproxy-certbot.ctr-id
|
||||||
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-certbot.pid --cidfile %t/container-rproxy-certbot.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -v /etc/resolv.conf:/etc/resolv.conf:ro -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt:/etc/letsencrypt -v var-lib-letsencrypt:/var/lib/letsencrypt -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-certbot docker.io/certbot/certbot --non-interactive renew
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-rproxy-certbot.pid \
|
||||||
|
--cidfile %t/container-rproxy-certbot.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-rproxy.pod-id \
|
||||||
|
--replace \
|
||||||
|
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||||
|
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||||
|
-v var-www-html:/var/www/html \
|
||||||
|
--name=pod-rproxy-certbot \
|
||||||
|
docker.io/certbot/certbot --non-interactive renew
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-certbot.ctr-id
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
@ -12,7 +12,24 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
TimeoutStopSec=70
|
TimeoutStopSec=70
|
||||||
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
|
||||||
ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace --label "io.containers.autoupdate=image" -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt:/etc/letsencrypt:ro -v var-lib-letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-rproxy-nginx.pid \
|
||||||
|
--cidfile %t/container-rproxy-nginx.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-rproxy.pod-id \
|
||||||
|
--replace \
|
||||||
|
--label "io.containers.autoupdate=image" \
|
||||||
|
-dt \
|
||||||
|
{{ service_rproxy_hosts }} \
|
||||||
|
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
|
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||||
|
-v /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||||
|
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||||
|
-v var-www-html:/var/www/html \
|
||||||
|
--name=pod-rproxy-nginx \
|
||||||
|
docker.io/library/nginx
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
|
||||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
|
||||||
PIDFile=%t/container-rproxy-nginx.pid
|
PIDFile=%t/container-rproxy-nginx.pid
|
||||||
|
@ -13,3 +13,11 @@
|
|||||||
owner: "{{ service_user_name }}"
|
owner: "{{ service_user_name }}"
|
||||||
group: "{{ service_user_name }}"
|
group: "{{ service_user_name }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Create etc-letsencrypt/_data directory for user {{ service_user_name }}
|
||||||
|
file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}/etc-letsencrypt/_data"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ service_user_name }}"
|
||||||
|
group: "{{ service_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
@ -8,12 +8,6 @@
|
|||||||
mode: 0644
|
mode: 0644
|
||||||
register: rproxy_synchronise
|
register: rproxy_synchronise
|
||||||
|
|
||||||
- name: Create html directory for letsencrypt
|
|
||||||
file:
|
|
||||||
path: "{{ service_home }}/.config/{{ service_user_name }}/html"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Generate Diffie Hellman ephemeral parameters
|
- name: Generate Diffie Hellman ephemeral parameters
|
||||||
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
|
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
|
||||||
args:
|
args:
|
||||||
|
Loading…
Reference in New Issue
Block a user