diff options
| author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-12-07 21:48:57 +0100 |
|---|---|---|
| committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-12-07 21:48:57 +0100 |
| commit | 4bdfbf725d977442ab853731f362b6a61ef242df (patch) | |
| tree | 03a85ee7f2ebcc465c8c72c62044511c954bbfbe /roles/baikal/tasks | |
| parent | abda2021f9a5cdeecdf48d749d5b467aa552da12 (diff) | |
| download | ansible-memzero-4bdfbf725d977442ab853731f362b6a61ef242df.tar.gz ansible-memzero-4bdfbf725d977442ab853731f362b6a61ef242df.zip | |
baikal: add service and proxy pass
Diffstat (limited to 'roles/baikal/tasks')
| -rw-r--r-- | roles/baikal/tasks/main.yml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml new file mode 100644 index 0000000..f00e902 --- /dev/null +++ b/roles/baikal/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# Baikal needs rw permissions on *config/* for *nginx* user. +# The *nginx* user in the container has uid=101. +# uid mapping with userns works as follows +# root uid=0 (rootless container) -> user uid on hosts +# .... uid=1 (rootless container) -> user first subuid +# +# => uid=101 (rootless container) -> user subuid + 100 +- name: HACK to satify baikal container + ansible.builtin.file: + path: "{{ DATA_ROOT }}/baikal/config" + recurse: true + owner: 100100 + group: 100100 + become: true + +- name: Baikal + containers.podman.podman_container: + name: baikal + image: docker.io/ckulka/baikal:nginx + network: "{{ NETWORK }}" + volumes: + # Use 'Z' to privately relable selinux contexts. + - "{{ DATA_ROOT }}/baikal/config:/var/www/baikal/config:Z" + - "{{ DATA_ROOT }}/baikal/Specific:/var/www/baikal/Specific:Z" |