From 79231c37f15c8b4583e6dba23e2494d5227c9ac9 Mon Sep 17 00:00:00 2001 From: Alex Palaistras Date: Sat, 28 Aug 2021 19:16:29 +0100 Subject: [PATCH] Set generic Podman defaults and per-service log IDs Defaults for Podman that were previous applied as command-line arguments to all `podman run` or `podman create` invocations are now specified in a dedicated configuration file. Services are also better identified against their name rather than the generic `podman` ID derived from the `ExecStart` invocations. --- config/common/container.bu | 5 +++++ config/common/container/containers.conf | 8 ++++++++ config/common/systemd/container-build@.service | 1 + config/common/systemd/container-environment@.service | 1 + config/common/systemd/container-network@.service | 1 + config/common/systemd/container-volume-backup@.service | 5 +++-- config/common/systemd/container-volume-restore@.service | 5 +++-- config/common/systemd/container-volume@.service | 1 + config/service/biboumi/systemd/biboumi.service | 3 ++- config/service/discord-ircd/systemd/discord-ircd.service | 3 ++- config/service/dovecot/systemd/dovecot.service | 3 ++- config/service/git/systemd/git-ssh-ed25519@.service | 1 + config/service/git/systemd/git-ssh-github@.service | 1 + config/service/git/systemd/git-ssh-pubkey@.service | 3 ++- config/service/git/systemd/git.service | 4 ++-- .../letsencrypt/systemd/letsencrypt-dns-register@.service | 3 ++- .../letsencrypt/systemd/letsencrypt-dns-renew@.service | 3 ++- config/service/mariadb/systemd/mariadb-migrate@.service | 6 +++--- config/service/mariadb/systemd/mariadb.service | 4 ++-- config/service/nginx/systemd/nginx-proxy-http@.service | 1 + config/service/nginx/systemd/nginx-serve-php@.service | 7 +++---- config/service/nginx/systemd/nginx-serve-static@.service | 5 ++--- config/service/nginx/systemd/nginx.service | 3 ++- config/service/postfix/systemd/postfix.service | 3 ++- config/service/prosody/systemd/prosody.service | 3 ++- config/service/radicale/systemd/radicale.service | 3 ++- config/service/redis/Containerfile | 3 ++- config/service/redis/systemd/redis.service | 5 ++--- .../service/rspamd/systemd/rspamd-dkim-generate@.service | 1 + config/service/rspamd/systemd/rspamd.service | 3 ++- config/service/spectrum/systemd/spectrum.service | 3 ++- 31 files changed, 67 insertions(+), 34 deletions(-) create mode 100644 config/common/container/containers.conf diff --git a/config/common/container.bu b/config/common/container.bu index 9363ed8..a148400 100644 --- a/config/common/container.bu +++ b/config/common/container.bu @@ -9,6 +9,11 @@ storage: directories: - path: /etc/coreos-home-server mode: 0700 + files: + - path: /etc/containers/containers.conf + mode: 0644 + contents: + local: common/container/containers.conf systemd: units: - name: container-build@.service diff --git a/config/common/container/containers.conf b/config/common/container/containers.conf new file mode 100644 index 0000000..81559ed --- /dev/null +++ b/config/common/container/containers.conf @@ -0,0 +1,8 @@ +[engine] +# Don't attempt to pull images from remote repositories by default. +pull_policy = "never" + +[network] +# The default 'podman' network does not have DNS resolution enabled; use a common internal +# network until multi-network DNS resolution becomes available (podman#8399). +default_network = "internal" diff --git a/config/common/systemd/container-build@.service b/config/common/systemd/container-build@.service index e130e7b..93c7819 100644 --- a/config/common/systemd/container-build@.service +++ b/config/common/systemd/container-build@.service @@ -6,6 +6,7 @@ ConditionPathExists=%E/coreos-home-server/%i/Containerfile [Service] Type=oneshot +SyslogIdentifier=%N Environment=PODMAN_BUILD_OPTIONS= ExecStart=/bin/podman build $PODMAN_BUILD_OPTIONS --file %E/coreos-home-server/%i/Containerfile --tag localhost/%i:latest %E/coreos-home-server/%i diff --git a/config/common/systemd/container-environment@.service b/config/common/systemd/container-environment@.service index 5449a8d..7ee3ffe 100644 --- a/config/common/systemd/container-environment@.service +++ b/config/common/systemd/container-environment@.service @@ -5,6 +5,7 @@ ConditionPathExists=%E/coreos-home-server/%i/%i.env.template [Service] Type=oneshot +SyslogIdentifier=%N EnvironmentFile=%E/coreos-home-server/host.env ExecStart=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/%i.env.template > %E/coreos-home-server/%i/%i.env' diff --git a/config/common/systemd/container-network@.service b/config/common/systemd/container-network@.service index 2534db0..3620871 100644 --- a/config/common/systemd/container-network@.service +++ b/config/common/systemd/container-network@.service @@ -7,6 +7,7 @@ ConditionPathExists=!/etc/cni/net.d/%i.conflist [Service] Type=oneshot RemainAfterExit=true +SyslogIdentifier=%N ExecStart=/bin/podman network create %i ExecStop=/bin/podman network rm %i diff --git a/config/common/systemd/container-volume-backup@.service b/config/common/systemd/container-volume-backup@.service index 3f05387..571c161 100644 --- a/config/common/systemd/container-volume-backup@.service +++ b/config/common/systemd/container-volume-backup@.service @@ -3,11 +3,12 @@ Description=Backup for Container Volume %I [Service] Type=oneshot +SyslogIdentifier=%N ExecStartPre=/bin/install --mode 0700 --directory %S/backups/coreos-home-server/%i -ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i \ +ExecStart=/bin/podman run --replace --rm --name %p-%i --entrypoint /bin/bash \ --volume %i:/data:z,ro \ --volume %S/backups/coreos-home-server/%i:/backups:z \ - --entrypoint /bin/bash docker.io/debian:stable-slim \ + docker.io/debian:stable-slim \ -c 'env name="%i-$(date +%%w%%H)" \ tar -cvpzf "/backups/${name}.tar.gz" -C /data . && \ ln --force "/backups/${name}.tar.gz" /backups/%i-latest.tar.gz' diff --git a/config/common/systemd/container-volume-restore@.service b/config/common/systemd/container-volume-restore@.service index 97498d0..8a03e0a 100644 --- a/config/common/systemd/container-volume-restore@.service +++ b/config/common/systemd/container-volume-restore@.service @@ -4,9 +4,10 @@ ConditionFileNotEmpty=%S/backups/coreos-home-server/%i/%i-latest.tar.gz [Service] Type=oneshot -ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i --volume %i:/data:z \ +SyslogIdentifier=%N +ExecStart=/bin/podman run --replace --rm --name %p-%i --volume %i:/data:z --entrypoint /bin/bash \ --volume %S/backups/coreos-home-server/%i:/backups:z,ro \ - --entrypoint /bin/bash docker.io/debian:stable-slim \ + docker.io/debian:stable-slim \ -c 'test -n "$(ls -A /data)" && echo "Volume %i is not empty, skipping." && exit 0; \ tar -xvpf "/backups/%i-latest.tar.gz" -C /data' diff --git a/config/common/systemd/container-volume@.service b/config/common/systemd/container-volume@.service index dddab25..9a40f52 100644 --- a/config/common/systemd/container-volume@.service +++ b/config/common/systemd/container-volume@.service @@ -5,6 +5,7 @@ After=container-volume-restore@%i.service [Service] Type=oneshot +SyslogIdentifier=%N ExecStart=/bin/sh -c 'podman volume exists %i || podman volume create %i' [Install] diff --git a/config/service/biboumi/systemd/biboumi.service b/config/service/biboumi/systemd/biboumi.service index 4eac480..15edceb 100644 --- a/config/service/biboumi/systemd/biboumi.service +++ b/config/service/biboumi/systemd/biboumi.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service prosody.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/%N:z \ localhost/%N:latest diff --git a/config/service/discord-ircd/systemd/discord-ircd.service b/config/service/discord-ircd/systemd/discord-ircd.service index de96fd7..90c1c22 100644 --- a/config/service/discord-ircd/systemd/discord-ircd.service +++ b/config/service/discord-ircd/systemd/discord-ircd.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/rdircd:z \ localhost/%N:latest diff --git a/config/service/dovecot/systemd/dovecot.service b/config/service/dovecot/systemd/dovecot.service index 27c43b7..28d0571 100644 --- a/config/service/dovecot/systemd/dovecot.service +++ b/config/service/dovecot/systemd/dovecot.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service mariadb.service rsp [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --env-file %E/coreos-home-server/rspamd/rspamd.env \ --publish 143:143 --publish 993:993 \ diff --git a/config/service/git/systemd/git-ssh-ed25519@.service b/config/service/git/systemd/git-ssh-ed25519@.service index c123340..bea216d 100644 --- a/config/service/git/systemd/git-ssh-ed25519@.service +++ b/config/service/git/systemd/git-ssh-ed25519@.service @@ -6,6 +6,7 @@ After=git.service [Service] Type=oneshot RemainAfterExit=true +SyslogIdentifier=%N ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i" diff --git a/config/service/git/systemd/git-ssh-github@.service b/config/service/git/systemd/git-ssh-github@.service index 728c868..aca2cb1 100644 --- a/config/service/git/systemd/git-ssh-github@.service +++ b/config/service/git/systemd/git-ssh-github@.service @@ -6,6 +6,7 @@ After=git.service [Service] Type=oneshot RemainAfterExit=true +SyslogIdentifier=%N ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys diff --git a/config/service/git/systemd/git-ssh-pubkey@.service b/config/service/git/systemd/git-ssh-pubkey@.service index d01b7a1..8df6c55 100644 --- a/config/service/git/systemd/git-ssh-pubkey@.service +++ b/config/service/git/systemd/git-ssh-pubkey@.service @@ -1,5 +1,5 @@ [Unit] -Description=Git SSH authentication via public key file /%I +Description=Git SSH Authentication via Public Key File /%I Wants=git.service After=git.service ConditionFileNotEmpty=/%I @@ -7,6 +7,7 @@ ConditionFileNotEmpty=/%I [Service] Type=oneshot RemainAfterExit=true +SyslogIdentifier=%N ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i diff --git a/config/service/git/systemd/git.service b/config/service/git/systemd/git.service index fc36784..c0cc058 100644 --- a/config/service/git/systemd/git.service +++ b/config/service/git/systemd/git.service @@ -6,10 +6,10 @@ After=container-build@%N.service container-volume@%N.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --net internal --name %N --sdnotify=conmon \ - --cap-add AUDIT_WRITE \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon --cap-add AUDIT_WRITE \ --publish 468:22 \ --volume %N:/var/lib/git:z \ --volume %N-ssh:/etc/ssh/keys:z \ diff --git a/config/service/letsencrypt/systemd/letsencrypt-dns-register@.service b/config/service/letsencrypt/systemd/letsencrypt-dns-register@.service index d463113..76955e1 100644 --- a/config/service/letsencrypt/systemd/letsencrypt-dns-register@.service +++ b/config/service/letsencrypt/systemd/letsencrypt-dns-register@.service @@ -6,8 +6,9 @@ Before=letsencrypt-dns-renew@%i.timer [Service] Type=oneshot +SyslogIdentifier=%N EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env -ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-register-%i \ +ExecStart=/bin/podman run --replace --rm --name letsencrypt-register-%i \ --env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \ --volume letsencrypt:/var/lib/letsencrypt:z \ localhost/letsencrypt:latest \ diff --git a/config/service/letsencrypt/systemd/letsencrypt-dns-renew@.service b/config/service/letsencrypt/systemd/letsencrypt-dns-renew@.service index 39e88ad..fa69d75 100644 --- a/config/service/letsencrypt/systemd/letsencrypt-dns-renew@.service +++ b/config/service/letsencrypt/systemd/letsencrypt-dns-renew@.service @@ -5,8 +5,9 @@ After=container-build@letsencrypt.service [Service] Type=oneshot +SyslogIdentifier=%N EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env -ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-renew-%i \ +ExecStart=/bin/podman run --replace --rm --name letsencrypt-renew-%i \ --env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \ --volume letsencrypt:/var/lib/letsencrypt:z \ localhost/letsencrypt:latest \ diff --git a/config/service/mariadb/systemd/mariadb-migrate@.service b/config/service/mariadb/systemd/mariadb-migrate@.service index 02dabe6..abf1b72 100644 --- a/config/service/mariadb/systemd/mariadb-migrate@.service +++ b/config/service/mariadb/systemd/mariadb-migrate@.service @@ -6,14 +6,14 @@ ConditionPathExists=%E/coreos-home-server/%i/service/%p.sql [Service] Type=oneshot +SyslogIdentifier=%N EnvironmentFile=-%E/coreos-home-server/%i/%i.env EnvironmentFile=%E/coreos-home-server/mariadb/mariadb.env ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N ExecStartPre=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/service/%p.sql > /tmp/%N/migrate.sql' -ExecStartPre=/bin/podman create --replace --pull never --rm --name mariadb-migrate-%i --net internal \ +ExecStartPre=/bin/podman create --replace --rm --name mariadb-migrate-%i --entrypoint mariadb \ --volume mariadb:/var/lib/mysql:z \ - --entrypoint mariadb localhost/mariadb:latest \ - --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait -e 'source /migrate.sql' + localhost/mariadb:latest --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait -e 'source /migrate.sql' ExecStartPre=/bin/podman cp /tmp/%N/migrate.sql mariadb-migrate-%i:/migrate.sql ExecStart=/bin/podman start --attach mariadb-migrate-%i ExecStartPost=/bin/podman rm --ignore --force mariadb-migrate-%i diff --git a/config/service/mariadb/systemd/mariadb.service b/config/service/mariadb/systemd/mariadb.service index 3fd1ce7..c2caf6c 100644 --- a/config/service/mariadb/systemd/mariadb.service +++ b/config/service/mariadb/systemd/mariadb.service @@ -6,10 +6,10 @@ After=container-build@%N.service container-volume@%N.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -EnvironmentFile=%E/coreos-home-server/%N/%N.env -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/mysql:z \ localhost/%N:latest diff --git a/config/service/nginx/systemd/nginx-proxy-http@.service b/config/service/nginx/systemd/nginx-proxy-http@.service index 1320844..4d182fc 100644 --- a/config/service/nginx/systemd/nginx-proxy-http@.service +++ b/config/service/nginx/systemd/nginx-proxy-http@.service @@ -6,6 +6,7 @@ After=nginx.service %i.service [Service] Type=oneshot RemainAfterExit=true +SyslogIdentifier=%N Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080 Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT' \ diff --git a/config/service/nginx/systemd/nginx-serve-php@.service b/config/service/nginx/systemd/nginx-serve-php@.service index dd6f258..eca229b 100644 --- a/config/service/nginx/systemd/nginx-serve-php@.service +++ b/config/service/nginx/systemd/nginx-serve-php@.service @@ -7,19 +7,18 @@ Before=nginx-proxy-http@%i.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template ExecStartPre=/bin/podman pod create --replace --name %i --net internal -ExecStartPre=/bin/podman create --replace --pull never --name %i-php --pod %i --sdnotify=conmon \ +ExecStartPre=/bin/podman create --replace --name %i-php --pod %i --sdnotify=conmon \ --env-file %E/coreos-home-server/%i/%i.env \ --volume %i:${SERVICE_DATA_DIRECTORY}:z,rshared \ localhost/%i:latest ExecStartPre=/bin/podman init %i-php -ExecStartPre=/bin/podman create --replace --pull never --name %i-nginx --pod %i \ - --volumes-from=%i-php:z,ro \ - localhost/nginx:latest +ExecStartPre=/bin/podman create --replace --name %i-nginx --pod %i --volumes-from=%i-php:z,ro localhost/nginx:latest ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf" ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf' ExecStart=/bin/sh -c 'podman pod start %i && podman start --attach %i-php' diff --git a/config/service/nginx/systemd/nginx-serve-static@.service b/config/service/nginx/systemd/nginx-serve-static@.service index 8a583a0..0f1a65b 100644 --- a/config/service/nginx/systemd/nginx-serve-static@.service +++ b/config/service/nginx/systemd/nginx-serve-static@.service @@ -7,13 +7,12 @@ Before=nginx-proxy-http@%i.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template -ExecStartPre=/bin/podman create --replace --pull never --name %i --net internal --sdnotify=conmon \ - --volume %i:${SERVICE_DATA_DIRECTORY}:z,ro \ - localhost/%i:latest +ExecStartPre=/bin/podman create --replace --name %i --sdnotify=conmon --volume %i:${SERVICE_DATA_DIRECTORY}:z,ro localhost/%i:latest ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf" ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf' ExecStart=/bin/podman start --attach %i diff --git a/config/service/nginx/systemd/nginx.service b/config/service/nginx/systemd/nginx.service index 6f2849c..c63ae80 100644 --- a/config/service/nginx/systemd/nginx.service +++ b/config/service/nginx/systemd/nginx.service @@ -6,9 +6,10 @@ After=container-build@%N.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --publish 80:80 --publish 443:443 \ --volume nginx-conf:/etc/nginx/conf.d:z \ --volume letsencrypt:/etc/ssl/private:z,rshared,ro \ diff --git a/config/service/postfix/systemd/postfix.service b/config/service/postfix/systemd/postfix.service index 7f62ba7..34caba2 100644 --- a/config/service/postfix/systemd/postfix.service +++ b/config/service/postfix/systemd/postfix.service @@ -6,9 +6,10 @@ After=container-build@%N.service dovecot.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --publish 25:25 --publish 465:465 --publish 587:587 \ --volume dovecot:/var/mail:z \ diff --git a/config/service/prosody/systemd/prosody.service b/config/service/prosody/systemd/prosody.service index d30f18c..985bfc2 100644 --- a/config/service/prosody/systemd/prosody.service +++ b/config/service/prosody/systemd/prosody.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service mariadb.service dov [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \ --volume %N:/var/lib/%N:z \ diff --git a/config/service/radicale/systemd/radicale.service b/config/service/radicale/systemd/radicale.service index 95b0f53..9446481 100644 --- a/config/service/radicale/systemd/radicale.service +++ b/config/service/radicale/systemd/radicale.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service dovecot.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/%N:z \ localhost/%N:latest diff --git a/config/service/redis/Containerfile b/config/service/redis/Containerfile index 64b8cde..1572dd9 100644 --- a/config/service/redis/Containerfile +++ b/config/service/redis/Containerfile @@ -1,5 +1,6 @@ FROM docker.io/redis:6.2 -USER redis COPY container/config /etc/redis +USER redis + CMD ["redis-server", "/etc/redis/redis.conf"] diff --git a/config/service/redis/systemd/redis.service b/config/service/redis/systemd/redis.service index de9342a..72b3529 100644 --- a/config/service/redis/systemd/redis.service +++ b/config/service/redis/systemd/redis.service @@ -6,11 +6,10 @@ After=container-build@%N.service container-volume@%N.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ - --volume %N:/data:z \ - localhost/%N:latest +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon --volume %N:/data:z localhost/%N:latest ExecStop=/bin/podman stop --ignore --time 10 %N ExecStopPost=/bin/podman rm --ignore --force %N diff --git a/config/service/rspamd/systemd/rspamd-dkim-generate@.service b/config/service/rspamd/systemd/rspamd-dkim-generate@.service index d440f64..78293b9 100644 --- a/config/service/rspamd/systemd/rspamd-dkim-generate@.service +++ b/config/service/rspamd/systemd/rspamd-dkim-generate@.service @@ -5,6 +5,7 @@ After=rspamd.service [Service] Type=oneshot +SyslogIdentifier=%N ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024 ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key diff --git a/config/service/rspamd/systemd/rspamd.service b/config/service/rspamd/systemd/rspamd.service index cf851cc..4f583a4 100644 --- a/config/service/rspamd/systemd/rspamd.service +++ b/config/service/rspamd/systemd/rspamd.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service redis.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/%N:z \ localhost/%N:latest diff --git a/config/service/spectrum/systemd/spectrum.service b/config/service/spectrum/systemd/spectrum.service index c6e1cec..0450152 100644 --- a/config/service/spectrum/systemd/spectrum.service +++ b/config/service/spectrum/systemd/spectrum.service @@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service prosody.service [Service] Type=notify NotifyAccess=all +SyslogIdentifier=%N Restart=on-failure Environment=PODMAN_SYSTEMD_UNIT=%n -ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \ +ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \ --env-file %E/coreos-home-server/%N/%N.env \ --volume %N:/var/lib/spectrum2:z \ localhost/%N:latest