Alex Palaistras
4d26ccb8eb
Users and groups used within Podman containers are usually assigned UID and GID 10000. Files for these containers are sometimes served by Nginx, and may be given permissions that restrict access to those outside the group, but which are intended to be served nonetheless. This commit adds the pre-defined `nginx` user to a `nginx-shared` group with GID 10000, which will then allow access to these files as needed. |
||
|---|---|---|
| .. | ||
| biboumi | ||
| coturn | ||
| dovecot | ||
| git | ||
| grafana | ||
| hugo | ||
| letsencrypt | ||
| mariadb | ||
| navidrome | ||
| nginx | ||
| postfix | ||
| prometheus | ||
| prosody | ||
| radicale | ||
| rclone | ||
| redis | ||
| rspamd | ||
| rss2email | ||
| spectrum | ||
| writefreely | ||
| README.md | ||
CoreOS Service Configuration
This directory contains a set of common services available for deployment onto a CoreOS Home Server setup, and managed via systemd and Podman. Each service is given its own subdirectory, and each follows a set of common conventions in laying out its files.
Specifically, for a service example, we might find the following files and directories under the
corresponding directory:
-
spec.bu-- This file is typically included by the host configuration, and is intended with installing any additional service files required for enabling the service. -
Containerfile-- This file is used in building a container image, handled by thecontainer-build@exampleservice and presumably used in the systemd file for theexampleservice. -
example.env.template-- An optional file containingKEY=valuedefinitions that can then be used in the systemd service. Host-wide environment is also available in this context, and can be used in expanding shared configuration, secrets, etc. This file is used by thecontainer-environment@exampleservice. -
systemd/-- This directory contains systemd configuration, to be copied into the host-wide/etc/systemd/systemdirectory. You'll typically find things likeexample.servicefiles which run the service under Podman, as well as potential one-off services which copy files around in pre-existing Podman containers. -
container/-- This directory contains any static files included in the Podman image, including templated configuration, scripts, etc. -
service/-- This (largely optional) directory contains files required by the systemd services themselves, and which are not included in the Podman images by default; examples include database migration files, one-off configuration files, etc.
Of all these files, the only ones whose paths are mandated by external services are the
Containerfile and <name>.env.template files, neither of which are required by anything other
than convention (i.e. you can choose not to build a container image via the systemd service).
Each service here might have additional details on how it's expected to be deployed and used, check
the respective README.md files for more information.