mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
Set generic Podman defaults and per-service log IDs
Defaults for Podman that were previous applied as command-line arguments to all `podman run` or `podman create` invocations are now specified in a dedicated configuration file. Services are also better identified against their name rather than the generic `podman` ID derived from the `ExecStart` invocations.
This commit is contained in:
parent
6c28399c83
commit
79231c37f1
@ -9,6 +9,11 @@ storage:
|
|||||||
directories:
|
directories:
|
||||||
- path: /etc/coreos-home-server
|
- path: /etc/coreos-home-server
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
files:
|
||||||
|
- path: /etc/containers/containers.conf
|
||||||
|
mode: 0644
|
||||||
|
contents:
|
||||||
|
local: common/container/containers.conf
|
||||||
systemd:
|
systemd:
|
||||||
units:
|
units:
|
||||||
- name: container-build@.service
|
- name: container-build@.service
|
||||||
|
8
config/common/container/containers.conf
Normal file
8
config/common/container/containers.conf
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
[engine]
|
||||||
|
# Don't attempt to pull images from remote repositories by default.
|
||||||
|
pull_policy = "never"
|
||||||
|
|
||||||
|
[network]
|
||||||
|
# The default 'podman' network does not have DNS resolution enabled; use a common internal
|
||||||
|
# network until multi-network DNS resolution becomes available (podman#8399).
|
||||||
|
default_network = "internal"
|
@ -6,6 +6,7 @@ ConditionPathExists=%E/coreos-home-server/%i/Containerfile
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
Environment=PODMAN_BUILD_OPTIONS=
|
Environment=PODMAN_BUILD_OPTIONS=
|
||||||
ExecStart=/bin/podman build $PODMAN_BUILD_OPTIONS --file %E/coreos-home-server/%i/Containerfile --tag localhost/%i:latest %E/coreos-home-server/%i
|
ExecStart=/bin/podman build $PODMAN_BUILD_OPTIONS --file %E/coreos-home-server/%i/Containerfile --tag localhost/%i:latest %E/coreos-home-server/%i
|
||||||
|
|
||||||
|
@ -5,6 +5,7 @@ ConditionPathExists=%E/coreos-home-server/%i/%i.env.template
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
EnvironmentFile=%E/coreos-home-server/host.env
|
EnvironmentFile=%E/coreos-home-server/host.env
|
||||||
ExecStart=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/%i.env.template > %E/coreos-home-server/%i/%i.env'
|
ExecStart=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/%i.env.template > %E/coreos-home-server/%i/%i.env'
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@ ConditionPathExists=!/etc/cni/net.d/%i.conflist
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStart=/bin/podman network create %i
|
ExecStart=/bin/podman network create %i
|
||||||
ExecStop=/bin/podman network rm %i
|
ExecStop=/bin/podman network rm %i
|
||||||
|
|
||||||
|
@ -3,11 +3,12 @@ Description=Backup for Container Volume %I
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStartPre=/bin/install --mode 0700 --directory %S/backups/coreos-home-server/%i
|
ExecStartPre=/bin/install --mode 0700 --directory %S/backups/coreos-home-server/%i
|
||||||
ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i \
|
ExecStart=/bin/podman run --replace --rm --name %p-%i --entrypoint /bin/bash \
|
||||||
--volume %i:/data:z,ro \
|
--volume %i:/data:z,ro \
|
||||||
--volume %S/backups/coreos-home-server/%i:/backups:z \
|
--volume %S/backups/coreos-home-server/%i:/backups:z \
|
||||||
--entrypoint /bin/bash docker.io/debian:stable-slim \
|
docker.io/debian:stable-slim \
|
||||||
-c 'env name="%i-$(date +%%w%%H)" \
|
-c 'env name="%i-$(date +%%w%%H)" \
|
||||||
tar -cvpzf "/backups/${name}.tar.gz" -C /data . && \
|
tar -cvpzf "/backups/${name}.tar.gz" -C /data . && \
|
||||||
ln --force "/backups/${name}.tar.gz" /backups/%i-latest.tar.gz'
|
ln --force "/backups/${name}.tar.gz" /backups/%i-latest.tar.gz'
|
||||||
|
@ -4,9 +4,10 @@ ConditionFileNotEmpty=%S/backups/coreos-home-server/%i/%i-latest.tar.gz
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/bin/podman run --replace --pull never --rm --name %p-%i --volume %i:/data:z \
|
SyslogIdentifier=%N
|
||||||
|
ExecStart=/bin/podman run --replace --rm --name %p-%i --volume %i:/data:z --entrypoint /bin/bash \
|
||||||
--volume %S/backups/coreos-home-server/%i:/backups:z,ro \
|
--volume %S/backups/coreos-home-server/%i:/backups:z,ro \
|
||||||
--entrypoint /bin/bash docker.io/debian:stable-slim \
|
docker.io/debian:stable-slim \
|
||||||
-c 'test -n "$(ls -A /data)" && echo "Volume %i is not empty, skipping." && exit 0; \
|
-c 'test -n "$(ls -A /data)" && echo "Volume %i is not empty, skipping." && exit 0; \
|
||||||
tar -xvpf "/backups/%i-latest.tar.gz" -C /data'
|
tar -xvpf "/backups/%i-latest.tar.gz" -C /data'
|
||||||
|
|
||||||
|
@ -5,6 +5,7 @@ After=container-volume-restore@%i.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStart=/bin/sh -c 'podman volume exists %i || podman volume create %i'
|
ExecStart=/bin/sh -c 'podman volume exists %i || podman volume create %i'
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service prosody.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/%N:z \
|
--volume %N:/var/lib/%N:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/rdircd:z \
|
--volume %N:/var/lib/rdircd:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service mariadb.service rsp
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--env-file %E/coreos-home-server/rspamd/rspamd.env \
|
--env-file %E/coreos-home-server/rspamd/rspamd.env \
|
||||||
--publish 143:143 --publish 993:993 \
|
--publish 143:143 --publish 993:993 \
|
||||||
|
@ -6,6 +6,7 @@ After=git.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
|
ExecStart=/bin/podman exec git sh -c "echo 'ssh-ed25519 %I' > /var/lib/git/.ssh/authorized_keys.d/%i"
|
||||||
|
@ -6,6 +6,7 @@ After=git.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
|
ExecStartPre=/usr/bin/curl --silent --fail -o /tmp/%N.key https://github.com/%i.keys
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Git SSH authentication via public key file /%I
|
Description=Git SSH Authentication via Public Key File /%I
|
||||||
Wants=git.service
|
Wants=git.service
|
||||||
After=git.service
|
After=git.service
|
||||||
ConditionFileNotEmpty=/%I
|
ConditionFileNotEmpty=/%I
|
||||||
@ -7,6 +7,7 @@ ConditionFileNotEmpty=/%I
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
ExecStartPre=/bin/podman exec git install --owner 10000 --group 10000 --mode 0700 -d /var/lib/git/.ssh
|
||||||
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
ExecStartPre=/bin/podman exec git install -d /var/lib/git/.ssh/authorized_keys.d
|
||||||
ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
ExecStart=/bin/podman cp /%I git:/var/lib/git/.ssh/authorized_keys.d/%i
|
||||||
|
@ -6,10 +6,10 @@ After=container-build@%N.service container-volume@%N.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --net internal --name %N --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon --cap-add AUDIT_WRITE \
|
||||||
--cap-add AUDIT_WRITE \
|
|
||||||
--publish 468:22 \
|
--publish 468:22 \
|
||||||
--volume %N:/var/lib/git:z \
|
--volume %N:/var/lib/git:z \
|
||||||
--volume %N-ssh:/etc/ssh/keys:z \
|
--volume %N-ssh:/etc/ssh/keys:z \
|
||||||
|
@ -6,8 +6,9 @@ Before=letsencrypt-dns-renew@%i.timer
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
|
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
|
||||||
ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-register-%i \
|
ExecStart=/bin/podman run --replace --rm --name letsencrypt-register-%i \
|
||||||
--env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
|
--env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
|
||||||
--volume letsencrypt:/var/lib/letsencrypt:z \
|
--volume letsencrypt:/var/lib/letsencrypt:z \
|
||||||
localhost/letsencrypt:latest \
|
localhost/letsencrypt:latest \
|
||||||
|
@ -5,8 +5,9 @@ After=container-build@letsencrypt.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
|
EnvironmentFile=%E/coreos-home-server/letsencrypt/letsencrypt.env
|
||||||
ExecStart=/bin/podman run --replace --pull never --rm --name letsencrypt-renew-%i \
|
ExecStart=/bin/podman run --replace --rm --name letsencrypt-renew-%i \
|
||||||
--env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
|
--env-file %E/coreos-home-server/letsencrypt/letsencrypt.env \
|
||||||
--volume letsencrypt:/var/lib/letsencrypt:z \
|
--volume letsencrypt:/var/lib/letsencrypt:z \
|
||||||
localhost/letsencrypt:latest \
|
localhost/letsencrypt:latest \
|
||||||
|
@ -6,14 +6,14 @@ ConditionPathExists=%E/coreos-home-server/%i/service/%p.sql
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
EnvironmentFile=-%E/coreos-home-server/%i/%i.env
|
EnvironmentFile=-%E/coreos-home-server/%i/%i.env
|
||||||
EnvironmentFile=%E/coreos-home-server/mariadb/mariadb.env
|
EnvironmentFile=%E/coreos-home-server/mariadb/mariadb.env
|
||||||
ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N
|
ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N
|
||||||
ExecStartPre=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/service/%p.sql > /tmp/%N/migrate.sql'
|
ExecStartPre=/bin/sh -c 'envsubst < %E/coreos-home-server/%i/service/%p.sql > /tmp/%N/migrate.sql'
|
||||||
ExecStartPre=/bin/podman create --replace --pull never --rm --name mariadb-migrate-%i --net internal \
|
ExecStartPre=/bin/podman create --replace --rm --name mariadb-migrate-%i --entrypoint mariadb \
|
||||||
--volume mariadb:/var/lib/mysql:z \
|
--volume mariadb:/var/lib/mysql:z \
|
||||||
--entrypoint mariadb localhost/mariadb:latest \
|
localhost/mariadb:latest --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait -e 'source /migrate.sql'
|
||||||
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait -e 'source /migrate.sql'
|
|
||||||
ExecStartPre=/bin/podman cp /tmp/%N/migrate.sql mariadb-migrate-%i:/migrate.sql
|
ExecStartPre=/bin/podman cp /tmp/%N/migrate.sql mariadb-migrate-%i:/migrate.sql
|
||||||
ExecStart=/bin/podman start --attach mariadb-migrate-%i
|
ExecStart=/bin/podman start --attach mariadb-migrate-%i
|
||||||
ExecStartPost=/bin/podman rm --ignore --force mariadb-migrate-%i
|
ExecStartPost=/bin/podman rm --ignore --force mariadb-migrate-%i
|
||||||
|
@ -6,10 +6,10 @@ After=container-build@%N.service container-volume@%N.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
EnvironmentFile=%E/coreos-home-server/%N/%N.env
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/mysql:z \
|
--volume %N:/var/lib/mysql:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
@ -6,6 +6,7 @@ After=nginx.service %i.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
SyslogIdentifier=%N
|
||||||
Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080
|
Environment=SERVER_NAME=%i SSL_CERT_NAME=%i UPSTREAM_HOST=%i UPSTREAM_PORT=8080
|
||||||
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
||||||
ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT' \
|
ExecStart=/bin/sh -c "envsubst '$SERVER_NAME $SERVER_NAME_ALT $SSL_CERT_NAME $UPSTREAM_HOST $UPSTREAM_PORT' \
|
||||||
|
@ -7,19 +7,18 @@ Before=nginx-proxy-http@%i.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data
|
Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data
|
||||||
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
||||||
ExecStartPre=/bin/podman pod create --replace --name %i --net internal
|
ExecStartPre=/bin/podman pod create --replace --name %i --net internal
|
||||||
ExecStartPre=/bin/podman create --replace --pull never --name %i-php --pod %i --sdnotify=conmon \
|
ExecStartPre=/bin/podman create --replace --name %i-php --pod %i --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%i/%i.env \
|
--env-file %E/coreos-home-server/%i/%i.env \
|
||||||
--volume %i:${SERVICE_DATA_DIRECTORY}:z,rshared \
|
--volume %i:${SERVICE_DATA_DIRECTORY}:z,rshared \
|
||||||
localhost/%i:latest
|
localhost/%i:latest
|
||||||
ExecStartPre=/bin/podman init %i-php
|
ExecStartPre=/bin/podman init %i-php
|
||||||
ExecStartPre=/bin/podman create --replace --pull never --name %i-nginx --pod %i \
|
ExecStartPre=/bin/podman create --replace --name %i-nginx --pod %i --volumes-from=%i-php:z,ro localhost/nginx:latest
|
||||||
--volumes-from=%i-php:z,ro \
|
|
||||||
localhost/nginx:latest
|
|
||||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
|
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
|
||||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
||||||
ExecStart=/bin/sh -c 'podman pod start %i && podman start --attach %i-php'
|
ExecStart=/bin/sh -c 'podman pod start %i && podman start --attach %i-php'
|
||||||
|
@ -7,13 +7,12 @@ Before=nginx-proxy-http@%i.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data
|
Environment=SERVER_NAME=%i SERVICE_DATA_DIRECTORY=/data
|
||||||
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
Environment=NGINX_CONF=%E/coreos-home-server/nginx/service/%p.conf.template
|
||||||
ExecStartPre=/bin/podman create --replace --pull never --name %i --net internal --sdnotify=conmon \
|
ExecStartPre=/bin/podman create --replace --name %i --sdnotify=conmon --volume %i:${SERVICE_DATA_DIRECTORY}:z,ro localhost/%i:latest
|
||||||
--volume %i:${SERVICE_DATA_DIRECTORY}:z,ro \
|
|
||||||
localhost/%i:latest
|
|
||||||
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
|
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
|
||||||
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
ExecStartPre=/bin/sh -c 'podman cp /tmp/%i.conf %i:/etc/nginx/conf.d/%i.conf && rm -f /tmp/%i.conf'
|
||||||
ExecStart=/bin/podman start --attach %i
|
ExecStart=/bin/podman start --attach %i
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--publish 80:80 --publish 443:443 \
|
--publish 80:80 --publish 443:443 \
|
||||||
--volume nginx-conf:/etc/nginx/conf.d:z \
|
--volume nginx-conf:/etc/nginx/conf.d:z \
|
||||||
--volume letsencrypt:/etc/ssl/private:z,rshared,ro \
|
--volume letsencrypt:/etc/ssl/private:z,rshared,ro \
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service dovecot.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--publish 25:25 --publish 465:465 --publish 587:587 \
|
--publish 25:25 --publish 465:465 --publish 587:587 \
|
||||||
--volume dovecot:/var/mail:z \
|
--volume dovecot:/var/mail:z \
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service mariadb.service dov
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \
|
--publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \
|
||||||
--volume %N:/var/lib/%N:z \
|
--volume %N:/var/lib/%N:z \
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service dovecot.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/%N:z \
|
--volume %N:/var/lib/%N:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
FROM docker.io/redis:6.2
|
FROM docker.io/redis:6.2
|
||||||
|
|
||||||
USER redis
|
|
||||||
COPY container/config /etc/redis
|
COPY container/config /etc/redis
|
||||||
|
USER redis
|
||||||
|
|
||||||
CMD ["redis-server", "/etc/redis/redis.conf"]
|
CMD ["redis-server", "/etc/redis/redis.conf"]
|
||||||
|
@ -6,11 +6,10 @@ After=container-build@%N.service container-volume@%N.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon --volume %N:/data:z localhost/%N:latest
|
||||||
--volume %N:/data:z \
|
|
||||||
localhost/%N:latest
|
|
||||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||||
|
|
||||||
|
@ -5,6 +5,7 @@ After=rspamd.service
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim
|
ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim
|
||||||
ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024
|
ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024
|
||||||
ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key
|
ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service redis.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/%N:z \
|
--volume %N:/var/lib/%N:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
@ -6,9 +6,10 @@ After=container-build@%N.service container-volume@%N.service prosody.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
|
SyslogIdentifier=%N
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
ExecStart=/bin/podman run --replace --pull never --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--volume %N:/var/lib/spectrum2:z \
|
--volume %N:/var/lib/spectrum2:z \
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
|
Loading…
Reference in New Issue
Block a user