Container builds using the `container-build@` systemd service will
generally tag any container image built with the `latest` tag, which is
then referred to pervasively in container executions.
However, this tag is overwritten when building new images, and, combined
with how `podman auto-update` will prune old image digests, may cause us
to lack the ability to roll back, automatically or otherwise.
This commit sets a `previous` tag on container re-builds, which should
only generally happen when source files change (due to the `ExecCondition`)
present on the service, which in turn should ensure that images are not
spuriously tagged as such.
This sets the `MARIADB_AUTO_UPGRADE` environment variable, used by the
base MariaDB image in applying schema changes, as generally necessary
when performing minor or major upgrades.
Previously, we'd use the Debian-provided `turnserver` user, which is no
longer available in source builds; we now create and use a dedicated
`coturn` user for more consistency with other services.
Calls to `curl` will now use the `--fail` option, in addition to
`--silent` and `--show-error`, in an effort to catch issues with server
or client-side errors.
This commit adds an `ExecCondition` directive on the `container-build@`
service, used as a pre-requisite for all other Podman-based services,
skipping `podman build` invocations unless local `Containerfile` or any
files in the `container` sub-directories have changed.
Container builds are responsible for the majority of time taken during
boot, even with cache in place; this will help alleviate pressure and
hopefully speed up boot considerably.
Containers for Prometheus and Grafana can take longer to start due to
migrations on large databases etc., which in turn can cause systemd to
kill these mid-execution.
This includes a complete overhaul of the Containerfile for moving to a
self-contained build based on Bookworm, a move to Quadlet, and the
inclusion of a node exporter for node metrics with a default Grafana
dashboard.