From 4bdfbf725d977442ab853731f362b6a61ef242df Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Wed, 7 Dec 2022 21:48:57 +0100
Subject: baikal: add service and proxy pass

---
 roles/baikal/tasks/main.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 roles/baikal/tasks/main.yml

(limited to 'roles/baikal')

diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml
new file mode 100644
index 0000000..f00e902
--- /dev/null
+++ b/roles/baikal/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+# Baikal needs rw permissions on *config/* for *nginx* user.
+# The *nginx* user in the container has uid=101.
+# uid mapping with userns works as follows
+#   root uid=0 (rootless container) -> user uid on hosts
+#   .... uid=1 (rootless container) -> user first subuid
+#
+# => uid=101 (rootless container) -> user subuid + 100
+- name: HACK to satify baikal container
+  ansible.builtin.file:
+    path: "{{ DATA_ROOT }}/baikal/config"
+    recurse: true
+    owner: 100100
+    group: 100100
+  become: true
+
+- name: Baikal
+  containers.podman.podman_container:
+    name: baikal
+    image: docker.io/ckulka/baikal:nginx
+    network: "{{ NETWORK }}"
+    volumes:
+      # Use 'Z' to privately relable selinux contexts.
+      - "{{ DATA_ROOT }}/baikal/config:/var/www/baikal/config:Z"
+      - "{{ DATA_ROOT }}/baikal/Specific:/var/www/baikal/Specific:Z"
-- 
cgit v1.2.3