deuill/coreos-home-server
1
0
Fork 0
mirror of https://github.com/deuill/coreos-home-server.git synced 2024-09-21 13:40:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use podman run instead of create && start

Browse Source 
And correctly remove containers if systemd services are stopped.
This commit is contained in:
Alex Palaistras 2021-03-27 23:03:56 +00:00
parent b3ab5a6ce3
commit fb7d7eaa22
17 changed files with 70 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/service/biboumi/systemd/biboumi.service
View File

@ -6,11 +6,11 @@ After=container-build@%N.service prosody.service
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/%N:z \ --volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

8
config/service/discord-ircd/systemd/discord-ircd.service
View File

@ -6,11 +6,11 @@ After=container-build@%N.service container-network@prosody.service
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net prosody --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/rdircd:z \ --volume /var/lib/container-service/%N:/var/lib/rdircd:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

16
config/service/dovecot/systemd/dovecot.service
View File

@ -6,15 +6,15 @@ After=container-build@%N.service container-network@mail.service container-networ
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail
ExecStartPre=/bin/podman create --replace --pull never --net internal,mail,mariadb --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net internal,mail,mariadb --env-file /etc/container-service/%N/%N.env \
--env-file /etc/container-service/rspamd/rspamd.env \ --env-file /etc/container-service/rspamd/rspamd.env \
--publish 143:143 --publish 993:993 \ --publish 143:143 --publish 993:993 \
--volume /var/lib/container-service/mail:/var/mail:z \ --volume /var/lib/container-service/mail:/var/mail:z \
--volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \ --volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \ --volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

4
config/service/git/systemd/git-ssh-ed25519@.service
View File

@ -12,8 +12,8 @@ ExecStart=/bin/sh -c "echo 'ssh-ed25519 %I' > ${GIT_HOME}/.ssh/authorized_keys.d
ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys" ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys
ExecStop=/bin/rm -f ${GIT_HOME}/.ssh/authorized_keys.d/%i ExecStop=/bin/rm -f ${GIT_HOME}/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys" ExecStopPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys ExecStopPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

4
config/service/git/systemd/git-ssh-pubkey@.service
View File

@ -12,8 +12,8 @@ ExecStart=/bin/install -m 0600 -D %I ${GIT_HOME}/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys" ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys
ExecStop=/bin/rm -f ${GIT_HOME}/.ssh/authorized_keys.d/%i ExecStop=/bin/rm -f ${GIT_HOME}/.ssh/authorized_keys.d/%i
ExecStartPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys" ExecStopPost=/bin/sh -c "cat ${GIT_HOME}/.ssh/authorized_keys.d/* > /tmp/authorized_keys"
ExecStartPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys ExecStopPost=/bin/install --owner 10000 --group 10000 -m 0600 /tmp/authorized_keys ${GIT_HOME}/.ssh/authorized_keys
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

11
config/service/git/systemd/git.service
View File

@ -6,13 +6,12 @@ After=container-build@%N.service container-network@%N.service container-network@
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net internal,%N \ ExecStart=/bin/podman run --replace --pull never --net internal,%N --cap-add AUDIT_WRITE \
--cap-add AUDIT_WRITE \ --publish 468:22 \
--publish 468:22 \ --volume /var/lib/container-service/%N:/home/git:z \
--volume /var/lib/container-service/%N:/home/git:z \ --name %N localhost/%N:latest
--name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

8
config/service/mariadb/systemd/mariadb.service
View File

@ -7,15 +7,15 @@ After=container-build@%N.service container-network@%N.service container-network@
Restart=always Restart=always
EnvironmentFile=/etc/container-service/%N/%N.env EnvironmentFile=/etc/container-service/%N/%N.env
ExecStartPre=/bin/install --owner 999 --group 999 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 999 --group 999 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net internal,%N --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net internal,%N --env-file /etc/container-service/%N/%N.env \
--volume /var/lib/container-service/%N:/var/lib/mysql:z \ --volume /var/lib/container-service/%N:/var/lib/mysql:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStartPost=/bin/podman run --replace --pull never --rm --net %N --entrypoint mariadb-admin \ ExecStartPost=/bin/podman run --replace --pull never --rm --net %N --entrypoint mariadb-admin \
--volume /var/lib/container-service/%N:/var/lib/mysql:z \ --volume /var/lib/container-service/%N:/var/lib/mysql:z \
--name %N-wait localhost/%N:latest \ --name %N-wait localhost/%N:latest \
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=10 ping --host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=10 ping
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

12
config/service/nginx/systemd/nginx-ingress.service
View File

@ -7,13 +7,13 @@ After=container-build@nginx.service container-network@%N.service
Restart=always Restart=always
ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/letsencrypt/private ExecStartPre=/bin/install --owner 10000 --group 10000 -d /var/lib/container-service/letsencrypt/private
ExecStartPre=/bin/install -d /var/lib/container-service/%N/conf.d ExecStartPre=/bin/install -d /var/lib/container-service/%N/conf.d
ExecStartPre=/bin/podman create --replace --pull never --net %N \ ExecStart=/bin/podman run --replace --pull never --net %N \
--publish 80:80 --publish 443:443 \ --publish 80:80 --publish 443:443 \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \ --volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--volume /var/lib/container-service/%N/conf.d:/etc/nginx/conf.d:z \ --volume /var/lib/container-service/%N/conf.d:/etc/nginx/conf.d:z \
--name %N localhost/nginx:latest --name %N localhost/nginx:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
ExecReload=/bin/podman exec %N nginx -s reload ExecReload=/bin/podman exec %N nginx -s reload
[Install] [Install]

12
config/service/nginx/systemd/nginx-php@.service
View File

@ -7,21 +7,21 @@ Before=nginx-ingress-http@%i.service
[Service] [Service]
Restart=always Restart=always
Environment=SERVER_NAME=%i Environment=SERVER_NAME=%i
Environment=SERVICE_DATA_DIRECTORY=/data
Environment=NGINX_CONF=/etc/container-service/nginx/service/%p.conf.template Environment=NGINX_CONF=/etc/container-service/nginx/service/%p.conf.template
ExecStartPre=/bin/install --owner 33 --group 33 -d /var/lib/container-service/%i ExecStartPre=/bin/install --owner 33 --group 33 -d /var/lib/container-service/%i
ExecStartPre=/bin/podman pod create --replace --net mariadb,nginx-ingress --name %i ExecStartPre=/bin/podman pod create --replace --net internal,nginx-ingress --name %i
ExecStartPre=/bin/podman create --replace --pull never --pod %i \ ExecStartPre=/bin/podman create --replace --pull never --pod %i --env-file /etc/container-service/%i/%i.env \
--env-file /etc/container-service/%i/%i.env \ --volume /var/lib/container-service/%i:${SERVICE_DATA_DIRECTORY}:z,shared \
--volume /var/lib/container-service/%i:/data:z \
--name %i-php localhost/%i:latest --name %i-php localhost/%i:latest
ExecStartPre=/bin/podman create --replace --pull never --pod %i \ ExecStartPre=/bin/podman create --replace --pull never --pod %i \
--volumes-from=%i-php:z,ro \ --volumes-from=%i-php:z,ro \
--name %i-nginx localhost/nginx:latest --name %i-nginx localhost/nginx:latest
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf" ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
ExecStartPre=/bin/podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d ExecStartPre=/bin/sh -c "podman cp /tmp/%i.conf %i-nginx:/etc/nginx/conf.d && rm -f /tmp/%i.conf"
ExecStartPre=/bin/rm -f /tmp/%i.conf
ExecStart=/bin/sh -c 'podman pod start %i && podman wait %i-php && podman attach --no-stdin %i-php' ExecStart=/bin/sh -c 'podman pod start %i && podman wait %i-php && podman attach --no-stdin %i-php'
ExecStop=/bin/podman pod stop --time 10 %i ExecStop=/bin/podman pod stop --time 10 %i
ExecStopPost=/bin/podman pod rm --force %i
[Install] [Install]
Alias=%i.service Alias=%i.service

4
config/service/nginx/systemd/nginx-static@.service
View File

@ -10,10 +10,10 @@ Environment=SERVER_NAME=%i
Environment=NGINX_CONF=/etc/container-service/nginx/service/%p.conf.template Environment=NGINX_CONF=/etc/container-service/nginx/service/%p.conf.template
ExecStartPre=/bin/podman create --replace --pull never --net nginx-ingress --name %i localhost/%i:latest ExecStartPre=/bin/podman create --replace --pull never --net nginx-ingress --name %i localhost/%i:latest
ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf" ExecStartPre=/bin/sh -c "envsubst '$SERVER_NAME' < ${NGINX_CONF} > /tmp/%i.conf"
ExecStartPre=/bin/podman cp /tmp/%i.conf %i:/etc/nginx/conf.d ExecStartPre=/bin/sh -c "podman cp /tmp/%i.conf %i:/etc/nginx/conf.d && rm -f /tmp/%i.conf"
ExecStartPre=/bin/rm -f /tmp/%i.conf
ExecStart=/bin/podman start --attach %i ExecStart=/bin/podman start --attach %i
ExecStop=/bin/podman stop --time 10 %i ExecStop=/bin/podman stop --time 10 %i
ExecStopPost=/bin/podman rm --force %i
[Install] [Install]
Alias=%i.service Alias=%i.service

12
config/service/postfix/systemd/postfix.service
View File

@ -6,13 +6,13 @@ After=container-build@%N.service container-network@mail.service container-networ
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail ExecStartPre=/bin/install --owner 5000 --group 5000 -d /var/lib/container-service/mail
ExecStartPre=/bin/podman create --replace --pull never --net internal,mail --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net internal,mail --env-file /etc/container-service/%N/%N.env \
--publish 25:25 --publish 465:465 --publish 587:587 \ --publish 25:25 --publish 465:465 --publish 587:587 \
--volume /var/lib/container-service/mail:/var/mail:z \ --volume /var/lib/container-service/mail:/var/mail:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \ --volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

12
config/service/prosody/systemd/prosody.service
View File

@ -6,13 +6,13 @@ After=container-build@%N.service container-network@%N.service mariadb.service po
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 101 --group 102 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 101 --group 102 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net mariadb,%N --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net mariadb,%N --env-file /etc/container-service/%N/%N.env \
--publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \ --publish 5222:5222 --publish 5269:5269 --publish 5347:5347 \
--volume /var/lib/container-service/%N:/var/lib/%N:z --volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \ --volume /var/lib/container-service/%N:/var/lib/%N:z --volume /etc/container-service/%N/service/config:/etc/%N/conf.d:z \
--volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \ --volume /var/lib/container-service/letsencrypt/private:/etc/ssl/private:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

10
config/service/radicale/systemd/radicale.service
View File

@ -6,12 +6,12 @@ After=container-build@%N.service dovecot.service
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 15232 --group 15232 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 15232 --group 15232 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net mail --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net mail --env-file /etc/container-service/%N/%N.env \
--publish 5232:5232 \ --publish 5232:5232 \
--volume /var/lib/container-service/%N:/var/lib/%N:z \ --volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

8
config/service/redis/systemd/redis.service
View File

@ -6,11 +6,11 @@ After=container-build@%N.service container-network@%N.service container-network@
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 999 --group 1000 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 999 --group 1000 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net internal,%N \ ExecStart=/bin/podman run --replace --pull never --net internal,%N \
--volume /var/lib/container-service/%N:/data:z \ --volume /var/lib/container-service/%N:/data:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

10
config/service/rspamd/systemd/rspamd.service
View File

@ -6,12 +6,12 @@ After=container-build@%N.service container-network@mail.service container-networ
[Service] [Service]
Restart=always Restart=always
ExecStartPre=/bin/install --owner 11332 --group 11332 -d /var/lib/container-service/%N ExecStartPre=/bin/install --owner 11332 --group 11332 -d /var/lib/container-service/%N
ExecStartPre=/bin/podman create --replace --pull never --net internal,mail,redis --env-file /etc/container-service/%N/%N.env \ ExecStart=/bin/podman run --replace --pull never --net internal,mail,redis --env-file /etc/container-service/%N/%N.env \
--publish 11332:11332 --publish 11334:11334 \ --publish 11332:11332 --publish 11334:11334 \
--volume /var/lib/container-service/%N:/var/lib/%N:z \ --volume /var/lib/container-service/%N:/var/lib/%N:z \
--name %N localhost/%N:latest --name %N localhost/%N:latest
ExecStart=/bin/podman start --attach %N
ExecStop=/bin/podman stop --time 10 %N ExecStop=/bin/podman stop --time 10 %N
ExecStopPost=/bin/podman rm --force %N
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

BIN
host/lhr01nuc/lhr01nuc.env.gpg
View File

Binary file not shown.

1
host/lhr01nuc/spec.fcc
View File

@ -15,6 +15,7 @@ ignition:
- local: service/rspamd/spec.ign - local: service/rspamd/spec.ign
- local: service/prosody/spec.ign - local: service/prosody/spec.ign
- local: service/biboumi/spec.ign - local: service/biboumi/spec.ign
- local: service/discord-ircd/spec.ign
- local: service/radicale/spec.ign - local: service/radicale/spec.ign
- local: private/spec.ign - local: private/spec.ign