deuill
/
coreos-home-server
mirror of https://github.com/deuill/coreos-home-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Simplify systemd services, use volumes 

This commit represents a large amount of work toward moving services to
a more standard approach to storing data, and a simplification in how
networks are managed.
This commit is contained in:
Alex Palaistras 2021-06-27 12:52:47 +01:00
parent 318305be5b
commit 3254ead3a7
26 changed files with 119 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/common/systemd/container-build@.service
View File

@ -1,7 +1,7 @@
[Unit]
Description=Container build for %I
Wants=network-online.target container-environment@%i.service container-build@%i.path
After=network-online.target container-environment@%i.service
Wants=network-online.target container-environment@%i.service container-network@internal.service container-build@%i.path
After=network-online.target container-environment@%i.service container-network@internal.service
ConditionPathExists=/etc/container-service/%i/Containerfile
[Service]

4
config/service/biboumi/Containerfile
View File

@ -1,12 +1,12 @@
FROM docker.io/debian:stable-slim
ARG VERSION=9.0
ENV BUILD_DEPS="build-essential git cmake python"
RUN apt-get update -y && apt-get install -y --no-install-recommends \
ca-certificates gettext libexpat1-dev libidn11-dev uuid-dev libsqlite3-dev libudns-dev \
libbotan-2-dev ${BUILD_DEPS}
ARG BIBOUMI_VERSION=9.0
RUN git clone --branch ${BIBOUMI_VERSION} --depth 1 https://lab.louiz.org/louiz/biboumi /biboumi && \
RUN git clone --branch ${VERSION} --depth 1 https://lab.louiz.org/louiz/biboumi /biboumi && \
mkdir /biboumi/build && cd /biboumi/build && \
cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release -DWITH_BOTAN=1 -DWITH_SQLITE3=1 \
-DWITH_LIBIDN=1 -DWITHOUT_SYSTEMD=1 && \

8
config/service/biboumi/systemd/biboumi.service
View File

@ -5,10 +5,10 @@ After=container-build@%N.service prosody.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--volume %N:/var/lib/%N:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

12
config/service/discord-ircd/systemd/discord-ircd.service
View File

@ -1,14 +1,14 @@
[Unit]
Description=Reliable Discord-Client IRC Daemon
Wants=container-build@%N.service container-network@prosody.service
After=container-build@%N.service container-network@prosody.service
Wants=container-build@%N.service
After=container-build@%N.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/rdircd:z \
--name %N localhost/%N:latest
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--volume %N:/var/lib/rdircd:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

4
config/service/dovecot/container/config/dovecot.conf.template
View File

@ -62,8 +62,8 @@ protocols = imap lmtp sieve
# Enable SSL and STARTTLS.
ssl = yes
ssl_cert = </etc/ssl/private/${DOVECOT_HOST}/tls.crt
ssl_key = </etc/ssl/private/${DOVECOT_HOST}/tls.key
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
protocol lmtp {
mail_plugins = $mail_plugins sieve

14
config/service/dovecot/systemd/dovecot.service
View File

@ -1,18 +1,18 @@
[Unit]
Description=Dovecot POP3/IMAP server
Wants=container-build@%N.service container-network@mail.service container-network@internal.service mariadb.service rspamd.service
After=container-build@%N.service container-network@mail.service container-network@internal.service mariadb.service rspamd.service
Wants=container-build@%N.service mariadb.service rspamd.service
After=container-build@%N.service mariadb.service rspamd.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail
ExecStart=/bin/podman run --replace --pull never --net internal,mail,mariadb --env-file /etc/container-service/%N/%N.env \
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--env-file /etc/container-service/rspamd/rspamd.env \
--publish 143:143 --publish 993:993 \
--volume /var/lib/container-service/mail:/var/mail:z \
--volume %N:/var/mail:z \
--volume letsencrypt:/etc/ssl/private:z \
--volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

2
config/service/letsencrypt/Containerfile
View File

@ -1,4 +1,4 @@
FROM docker.io/goacme/lego:v4.3.1
FROM docker.io/goacme/lego:v4.4.0
RUN addgroup --system --gid 10000 letsencrypt
RUN adduser --system --uid 10000 --ingroup letsencrypt --home /var/lib/letsencrypt letsencrypt

15
config/service/letsencrypt/systemd/letsencrypt-dns-register@.service
View File

@ -3,19 +3,16 @@ Description="Let's Encrypt DNS01 certificate register for %I"
Wants=container-build@letsencrypt.service letsencrypt-dns-renew@%i.timer
After=container-build@letsencrypt.service
Before=letsencrypt-dns-renew@%i.timer
ConditionPathExists=!/var/lib/container-service/letsencrypt/private/%i/tls.key
[Service]
Type=oneshot
EnvironmentFile=/etc/container-service/letsencrypt/letsencrypt.env
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/letsencrypt
ExecStart=/bin/podman run --replace --pull never --rm --env-file /etc/container-service/letsencrypt/letsencrypt.env \
--volume /var/lib/container-service/letsencrypt:/var/lib/letsencrypt:z \
--name letsencrypt-register-%i localhost/letsencrypt:latest --accept-tos --pem --path /var/lib/letsencrypt \
--domains "%i" --server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} run
ExecStartPost=/bin/install -d /var/lib/container-service/letsencrypt/private/%i
ExecStartPost=/bin/install -m 0644 /var/lib/container-service/letsencrypt/certificates/%i.crt /var/lib/container-service/letsencrypt/private/%i/tls.crt
ExecStartPost=/bin/install -m 0644 /var/lib/container-service/letsencrypt/certificates/%i.key /var/lib/container-service/letsencrypt/private/%i/tls.key
ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-register-%i \
--env-file /etc/container-service/letsencrypt/letsencrypt.env \
--volume letsencrypt:/var/lib/letsencrypt:z \
localhost/letsencrypt:latest \
--accept-tos --pem --path /var/lib/letsencrypt --domains "%i" \
--server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} run
[Install]
WantedBy=multi-user.target

13
config/service/letsencrypt/systemd/letsencrypt-dns-renew@.service
View File

@ -2,17 +2,16 @@
Description="Let's Encrypt DNS01 certificate renewal for %I"
Wants=container-build@letsencrypt.service
After=container-build@letsencrypt.service
ConditionPathExists=/var/lib/container-service/letsencrypt/private/%i/tls.key
[Service]
Type=oneshot
EnvironmentFile=/etc/container-service/letsencrypt/letsencrypt.env
ExecStart=/bin/podman run --replace --pull never --rm --env-file /etc/container-service/letsencrypt/letsencrypt.env \
--volume /var/lib/container-service/letsencrypt:/var/lib/letsencrypt:z \
--name letsencrypt-renew-%i localhost/letsencrypt:latest --pem --path /var/lib/letsencrypt \
--domains "%i" --server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} renew
ExecStartPost=/bin/install -m 0644 /var/lib/container-service/letsencrypt/certificates/%i.crt /var/lib/container-service/letsencrypt/private/%i/tls.crt
ExecStartPost=/bin/install -m 0644 /var/lib/container-service/letsencrypt/certificates/%i.key /var/lib/container-service/letsencrypt/private/%i/tls.key
ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-renew-%i \
--env-file /etc/container-service/letsencrypt/letsencrypt.env \
--volume letsencrypt:/var/lib/letsencrypt:z \
localhost/letsencrypt:latest \
--pem --path /var/lib/letsencrypt --domains "%i" \
--server ${ACME_SERVER} --email ${ACME_EMAIL} --dns ${ACME_DNS_PROVIDER} renew
[Install]
WantedBy=multi-user.target

4
config/service/letsencrypt/systemd/letsencrypt-dns-renew@.timer
View File

@ -2,7 +2,9 @@
Description="Let's Encrypt DNS01 scheduled certificate renewal for %I"
[Timer]
OnUnitActiveSec=7d
OnCalendar=weekly
AccuracySec=1h
Persistent=true
[Install]
WantedBy=timers.target

14
config/service/mariadb/systemd/mariadb-migrate@.service
View File

@ -7,13 +7,13 @@ ConditionPathExists=/etc/container-service/%i/service/%p.sql
[Service]
Type=oneshot
PrivateTmp=true
EnvironmentFile=-/etc/container-service/%i/%i.env
EnvironmentFile=/etc/container-service/mariadb/mariadb.env
ExecStartPre=/bin/sh -c 'envsubst < /etc/container-service/%i/service/%p.sql > /tmp/%p.sql'
ExecStart=/bin/podman run --replace --pull never --rm --net mariadb --entrypoint mariadb --user root \
--volume /tmp:/tmp --volume /var/lib/container-service/mariadb:/var/lib/mysql:z \
--name mariadb-migrate-%i localhost/mariadb:latest \
--host mariadb --password=${MYSQL_ROOT_PASSWORD} -e 'source /tmp/%p.sql'
EnvironmentFile=-%E/container-service/%i/%i.env
EnvironmentFile=%E/container-service/mariadb/mariadb.env
ExecStartPre=/bin/sh -c 'envsubst < %E/container-service/%i/service/%p.sql > /tmp/%p.sql'
ExecStart=/bin/podman run --replace --pull never --rm --name mariadb-migrate-%i --net internal \
--volume mariadb:/var/lib/mysql:z --volume /tmp:/tmp \
--entrypoint mariadb localhost/mariadb:latest \
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} -e 'source /tmp/%p.sql'
[Install]
WantedBy=multi-user.target

18
config/service/mariadb/systemd/mariadb.service
View File

@ -1,18 +1,18 @@
[Unit]
Description=MariaDB SQL Database
Wants=container-build@%N.service container-network@%N.service container-network@internal.service
After=container-build@%N.service container-network@%N.service container-network@internal.service
Wants=container-build@%N.service
After=container-build@%N.service
[Service]
Restart=always
EnvironmentFile=/etc/container-service/%N/%N.env
ExecStartPre=/bin/install --owner 999 --group 999 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net internal,%N --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/mysql:z \
--name %N localhost/%N:latest
ExecStartPost=/bin/podman run --replace --pull never --rm --net %N --entrypoint mariadb-admin \
--volume /var/lib/container-service/%N:/var/lib/mysql:z \
--name %N-wait localhost/%N:latest \
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--volume %N:/var/lib/mysql:z \
localhost/%N:latest
ExecStartPost=/bin/podman run --replace --pull never --rm --name %N-wait --net internal \
--volume %N:/var/lib/mysql:z \
--entrypoint mariadb-admin localhost/%N:latest \
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=10 ping
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

4
config/service/nginx/service/nginx-ingress-http.conf.template
View File

@ -8,8 +8,8 @@ server {
listen 443 ssl;
server_name ${SERVER_NAME} ${SERVER_NAME_ALT};
ssl_certificate /etc/ssl/private/${SSL_CERT_NAME}/tls.crt;
ssl_certificate_key /etc/ssl/private/${SSL_CERT_NAME}/tls.key;
ssl_certificate /etc/ssl/private/certificates/${SSL_CERT_NAME}.crt;
ssl_certificate_key /etc/ssl/private/certificates/${SSL_CERT_NAME}.key;
location / {
proxy_set_header Host $host;

4
config/service/postfix/container/config/main.cf.template
View File

@ -194,6 +194,6 @@ tls_random_source = dev:/dev/urandom
tls_ssl_options = no_ticket, no_compression
# Certificate file location.
smtpd_tls_cert_file = /etc/ssl/private/${POSTFIX_HOST}/tls.crt
smtpd_tls_key_file = /etc/ssl/private/${POSTFIX_HOST}/tls.key
smtpd_tls_cert_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.crt
smtpd_tls_key_file = /etc/ssl/private/certificates/${POSTFIX_HOST}.key
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

14
config/service/postfix/systemd/postfix.service
View File

@ -1,16 +1,16 @@
[Unit]
Description=Postfix SMTP server
Wants=container-build@%N.service container-network@mail.service container-network@internal.service dovecot.service
After=container-build@%N.service container-network@mail.service container-network@internal.service dovecot.service
Wants=container-build@%N.service dovecot.service
After=container-build@%N.service dovecot.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail
ExecStart=/bin/podman run --replace --pull never --net internal,mail --env-file /etc/container-service/%N/%N.env \
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--publish 25:25 --publish 465:465 --publish 587:587 \
--volume /var/lib/container-service/mail:/var/mail:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest
--volume dovecot:/var/mail:z \
--volume letsencrypt:/etc/ssl/private:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

2
config/service/prosody/Containerfile
View File

@ -1,5 +1,5 @@
FROM docker.io/debian:stable-slim
ARG VERSION=0.11.8
ARG VERSION=0.11.9
RUN apt-get update -y && apt-get install -y --no-install-recommends \
curl mercurial gnupg ca-certificates apt-transport-https

4
config/service/prosody/service/config/virtualhost.cfg.lua
View File

@ -1,14 +1,14 @@
VirtualHost(os.getenv("PROSODY_HOST"))
http_host = os.getenv("PROSODY_HOST_EXTERNAL")
http_external_url = "https://" .. os.getenv("PROSODY_HOST_EXTERNAL") .. "/"
certificate = "/etc/ssl/private/" .. os.getenv("PROSODY_HOST") .. "/tls.crt"
certificate = "/etc/ssl/private/certificates/" .. os.getenv("PROSODY_HOST") .. ".crt"
authentication = "imap"
auth_append_host = true
Component(os.getenv("PROSODY_HOST_EXTERNAL")) "muc"
modules_enabled = {"muc_mam", "vcard_muc"}
name = "The " .. os.getenv("PROSODY_HOST") .. " chat-room server"
certificate = "/etc/ssl/private/" .. os.getenv("PROSODY_HOST_EXTERNAL") .. "/tls.crt"
certificate = "/etc/ssl/private/certificates/" .. os.getenv("PROSODY_HOST_EXTERNAL") .. ".crt"
restrict_room_creation = "local"
max_history_messages = 100

15
config/service/prosody/systemd/prosody.service
View File

@ -1,16 +1,17 @@
[Unit]
Description=Prosody XMPP server
Wants=container-build@%N.service container-network@%N.service mariadb.service postfix.service
After=container-build@%N.service container-network@%N.service mariadb.service postfix.service
Wants=container-build@%N.service mariadb.service dovecot.service
After=container-build@%N.service mariadb.service dovecot.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 101 --group 102 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net mariadb,nginx-ingress,%N --env-file /etc/container-service/%N/%N.env \
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \
--volume /var/lib/container-service/%N:/var/lib/%N:z --volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest
--volume %N:/var/lib/%N:z \
--volume letsencrypt:/etc/ssl/private:z \
--volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

7
config/service/radicale/systemd/radicale.service
View File

@ -5,11 +5,10 @@ After=container-build@%N.service dovecot.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 15232 --group 15232 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net mail,nginx-ingress \
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest
--volume %N:/var/lib/%N:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

6
config/service/redis/Containerfile
View File

@ -1,3 +1,5 @@
FROM docker.io/redis:6.0-alpine
FROM docker.io/redis:6.2
USER redis
CMD ["redis-server", "--appendonly", "yes"]
COPY container/config /etc/redis
CMD ["redis-server", "/etc/redis/redis.conf"]

2
config/service/redis/container/config/redis.conf Normal file
View File

@ -0,0 +1,2 @@
# Enable persistence via append-only file.
appendonly yes

9
config/service/redis/systemd/redis.service
View File

@ -1,14 +1,11 @@
[Unit]
Description=Redis Key-Value Store
Wants=container-build@%N.service container-network@%N.service container-network@internal.service
After=container-build@%N.service container-network@%N.service container-network@internal.service
Wants=container-build@%N.service
After=container-build@%N.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 999 --group 1000 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net internal,%N \
--volume /var/lib/container-service/%N:/data:z \
--name %N localhost/%N:latest
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --volume %N:/data:z localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

2
config/service/rspamd/container/run-rspamd
View File

@ -2,7 +2,7 @@
# Create base directories.
mkdir -m 755 -p /run/rspamd
chown rspamd:rspamd /run/rspamd
chown -R rspamd:rspamd /run/rspamd /var/lib/rspamd
# Run rspamd in the foreground.
/usr/bin/rspamd -f -u rspamd -g rspamd

10
config/service/rspamd/systemd/rspamd-dkim-generate@.service
View File

@ -1,12 +1,14 @@
[Unit]
Description=DKIM key for %I
Wants=rspamd.service
After=rspamd.service
[Service]
Type=oneshot
ExecStartPre=/bin/install -d /var/lib/container-service/rspamd/dkim
ExecStart=/bin/openssl genrsa -out /var/lib/container-service/rspamd/dkim/%i.dkim.key 1024
ExecStartPost=/bin/chmod 644 /var/lib/container-service/rspamd/dkim/%i.dkim.key
ExecStartPost=/bin/sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/container-service/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim
ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024
ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key
ExecStartPost=/bin/podman exec rspamd sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/container-service/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
[Install]
WantedBy=multi-user.target

13
config/service/rspamd/systemd/rspamd.service
View File

@ -1,15 +1,14 @@
[Unit]
Description=Rspamd spam filtering system
Wants=container-build@%N.service container-network@mail.service container-network@internal.service redis.service
After=container-build@%N.service container-network@mail.service container-network@internal.service redis.service
Wants=container-build@%N.service redis.service
After=container-build@%N.service redis.service
[Service]
Restart=always
ExecStartPre=/bin/install --owner 11332 --group 11332 -d /var/lib/container-service/%N
ExecStart=/bin/podman run --replace --pull never --net internal,mail,redis --env-file /etc/container-service/%N/%N.env \
--publish 11332:11332 --publish 11334:11334 \
--volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest
ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
--env-file /etc/container-service/%N/%N.env \
--volume %N:/var/lib/%N:z \
localhost/%N:latest
ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N

20
host/virtual/spec.bu
View File

@ -51,7 +51,7 @@ systemd:
dropins:
- name: wait-for-service.conf
contents: |
[Service]
[Unit]
After=nginx-static@static.localhost.service
- name: use-localhost-cert.conf
contents: |
@ -72,6 +72,20 @@ systemd:
[Service]
Environment=SSL_CERT_NAME=localhost
- name: letsencrypt-dns-register@localhost.service
enabled: true
dropins:
- name: use-local-files.conf
contents: |
[Service]
ExecStart=
ExecStart=/bin/podman create --replace --name letsencrypt-register-%i \
--volume letsencrypt:/var/lib/letsencrypt:z \
--entrypoint true localhost/letsencrypt:latest
ExecStartPost=/bin/podman init letsencrypt-register-%i
ExecStartPost=/bin/podman cp /etc/ssl/private/certificates/ letsencrypt-register-%i:/var/lib/letsencrypt
ExecStartPost=/bin/podman rm letsencrypt-register-%i
storage:
files:
# Hostname for virtual host.
@ -117,7 +131,7 @@ storage:
# Include pre-generated certificates for localhost domain, as we're not using Let's Encrypt in
# generating certificates for the virtual host.
- path: /var/lib/container-service/letsencrypt/private/localhost/tls.crt
- path: /etc/ssl/private/certificates/localhost.crt
mode: 0644
contents:
inline: |
@ -140,7 +154,7 @@ storage:
NlbOWu19BUaupdkc8nOAmDZPzSzZkc/qpiDeq9pE86KcfadgM3RElXOKXkL5TvlZ
7g==
-----END CERTIFICATE-----
- path: /var/lib/container-service/letsencrypt/private/localhost/tls.key
- path: /etc/ssl/private/certificates/localhost.key
mode: 0644
contents:
inline: |