blob: f00e9029ce0a548080c06a5cc46ae97edf0ccdf6 (
plain) (
tree)
|
|
---
# Baikal needs rw permissions on *config/* for *nginx* user.
# The *nginx* user in the container has uid=101.
# uid mapping with userns works as follows
# root uid=0 (rootless container) -> user uid on hosts
# .... uid=1 (rootless container) -> user first subuid
#
# => uid=101 (rootless container) -> user subuid + 100
- name: HACK to satify baikal container
ansible.builtin.file:
path: "{{ DATA_ROOT }}/baikal/config"
recurse: true
owner: 100100
group: 100100
become: true
- name: Baikal
containers.podman.podman_container:
name: baikal
image: docker.io/ckulka/baikal:nginx
network: "{{ NETWORK }}"
volumes:
# Use 'Z' to privately relable selinux contexts.
- "{{ DATA_ROOT }}/baikal/config:/var/www/baikal/config:Z"
- "{{ DATA_ROOT }}/baikal/Specific:/var/www/baikal/Specific:Z"
|