23 changed files with 520 additions and 115 deletions
@ -0,0 +1,3 @@ |
|||||
|
*.bu |
||||
|
*.ign |
||||
|
!fcos.bu |
||||
@ -1,86 +1,27 @@ |
|||||
.PHONY: all install uninstall pre-requisites clean dryrun |
SUBDIRS := $(wildcard */Makefile) |
||||
|
SUBDIRS := $(dir $(SUBDIRS)) |
||||
PROJECT_NAME := $(shell basename "$${PWD}") |
|
||||
QUADLETS_FILES = $(wildcard *.container *.volume *.network *.pod *.build) |
.PHONY: all help butane clean dryrun fcos-vm $(SUBDIRS) |
||||
SYSTEMD_FILES = $(wildcard *.service *.target *.timer) |
|
||||
SYSTEMD_UNIT_NAMES := $(wildcard *.service *.target *.timer) |
all: help |
||||
SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target) |
help: |
||||
QUADLET_UNIT_NAMES := $(patsubst %.container, %.service, $(wildcard *.container)) \
|
@echo "Available targets:" |
||||
$(patsubst %.volume, %-volume.service, $(wildcard *.volume)) \
|
@echo " butane - Build Butane specifications suitable for Fedora CoreOS" |
||||
$(patsubst %.network, %-network.service, $(wildcard *.network)) \
|
@echo " clean - Remove the quadlets persistent data and configuration" |
||||
$(patsubst %.pod, %-pod.service, $(wildcard *.pod)) \
|
@echo " dryrun - Perform a dry run of the podman systemd generator" |
||||
$(patsubst %.build, %-build.service, $(wildcard *.build)) |
@echo " fcos-vm - Launch a Fedora CoreOS VM with the generated Butane spec" |
||||
CONFIG_FILES = $(wildcard config/*) |
@echo " clean-vm - Clean up the Fedora CoreOS VM and its resources" |
||||
TARGET_QUADLETS_FILES = $(addprefix /etc/containers/systemd/, $(QUADLETS_FILES)) |
|
||||
TARGET_SYSTEMD_FILES = $(addprefix /etc/systemd/system/, $(SYSTEMD_FILES)) |
dryrun: $(SUBDIRS) |
||||
TARGET_CONFIG_FILES = $(patsubst config/%, /etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES)) |
butane: $(SUBDIRS) |
||||
|
clean: $(SUBDIRS) |
||||
pre-requisites: |
fcos-vm: $(SUBDIRS) |
||||
@test -n "$(PARENT_DIR)" || (echo "Do not run this Makefile from the top directory!" >&2; exit 1) |
clean-vm: $(SUBDIRS) |
||||
@test "$$(id -u)" -eq 0 || (echo "This Makefile must be run as root" >&2; exit 1) |
|
||||
|
$(SUBDIRS): |
||||
all: install |
|
||||
|
|
||||
dryrun: |
|
||||
QUADLET_UNIT_DIRS="$$PWD" /usr/lib/systemd/system-generators/podman-system-generator -dryrun > /dev/null |
|
||||
|
|
||||
/etc/containers/systemd/%.container: %.container |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/containers/systemd/%.volume: %.volume |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/containers/systemd/%.network: %.network |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/containers/systemd/%.pod: %.pod |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/containers/systemd/%.build: %.build |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/systemd/system/%.service: %.service |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/systemd/system/%.target: %.target |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/systemd/system/%.timer: %.timer |
|
||||
install -D -m 0644 -o root -g root $< $@ |
|
||||
|
|
||||
/etc/quadlets/$(PROJECT_NAME)/%: config/% |
|
||||
@run() { echo $$*; "$$@"; }; \
|
|
||||
if [ -x $< ]; then \
|
|
||||
run install -D -m 0755 -o root -g root $< $@; \
|
|
||||
else \
|
|
||||
run install -D -m 0644 -o root -g root $< $@; \
|
|
||||
fi |
|
||||
|
|
||||
install: pre-requisites dryrun $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) |
|
||||
systemctl daemon-reload |
|
||||
systemd-analyze --generators=true verify $(QUADLET_UNIT_NAMES) $(SYSTEMD_UNIT_NAMES) |
|
||||
systemctl enable $(SYSTEMD_UNIT_NAMES) |
|
||||
systemctl start $(SYSTEMD_MAIN_UNIT_NAMES) |
|
||||
|
|
||||
uninstall: pre-requisites |
|
||||
systemctl --no-block disable $(SYSTEMD_UNIT_NAMES) || true |
|
||||
systemctl --no-block stop $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES) || true |
|
||||
rm -f $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) |
|
||||
systemctl daemon-reload |
|
||||
|
|
||||
tail-logs: pre-requisites |
|
||||
@run() { echo $$*; "$$@"; }; \
|
|
||||
declare -a journalctl_args=( -f ); \
|
|
||||
for unit in $(SYSTEMD_MAIN_UNIT_NAMES) $(QUADLET_UNIT_NAMES); do \
|
|
||||
journalctl_args+=( -u "$$unit" ); \
|
|
||||
done; \
|
|
||||
run journalctl "$${journalctl_args[@]}" |
|
||||
|
|
||||
clean: pre-requisites |
|
||||
@run() { echo $$*; "$$@"; }; \
|
@run() { echo $$*; "$$@"; }; \
|
||||
read -p "This will remove all data of '$(PROJECT_NAME)'. Are you sure? (only 'yes' is accepted) " ans; \
|
if echo $(MAKECMDGOALS) | grep -Eq 'butane|fcos-vm'; then \
|
||||
if [ "$$ans" = "yes" ] || [ "$$ans" = "YES" ]; then \
|
run $(MAKE) -C $@ $(MAKECMDGOALS); \
|
||||
run rm -rf /var/lib/quadlets/$(PROJECT_NAME)/ /var/run/quadlets/$(PROJECT_NAME)/ /etc/quadlets/$(PROJECT_NAME)/; \
|
|
||||
else \
|
else \
|
||||
echo "Aborted."; exit 1; \
|
run $(MAKE) -C $@ $(MAKECMDGOALS); \
|
||||
fi |
fi |
||||
|
|||||
@ -0,0 +1,183 @@ |
|||||
|
.PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun tail-logs butane help fcos-vm clean-vm console |
||||
|
|
||||
|
all: help |
||||
|
help: |
||||
|
@echo "Available targets:" |
||||
|
@echo " help - Show this help message" |
||||
|
@echo " install - Install quadlets and systemd units" |
||||
|
@echo " uninstall - Uninstall quadlets and systemd units" |
||||
|
@echo " clean - Remove the quadlets persistent data and configuration" |
||||
|
@echo " dryrun - Perform a dry run of the podman systemd generator" |
||||
|
@echo " tail-logs - Tail the logs of the quadlet units" |
||||
|
@echo " butane - Build Butane specifications suitable for Fedora CoreOS" |
||||
|
@echo " fcos-vm - Launch a Fedora CoreOS VM with the generated Butane spec" |
||||
|
@echo " clean-vm - Clean up the Fedora CoreOS VM and its resources" |
||||
|
@echo " console - Connect to the Fedora CoreOS VM console" |
||||
|
|
||||
|
|
||||
|
TARGET_CHROOT ?= |
||||
|
PROJECT_NAME := $(shell basename "$${PWD}") |
||||
|
QUADLETS_FILES = $(wildcard *.container *.volume *.network *.pod *.build) |
||||
|
SYSTEMD_FILES = $(wildcard *.service *.target *.timer) |
||||
|
SYSTEMD_UNIT_NAMES := $(wildcard *.service *.target *.timer) |
||||
|
SYSTEMD_TIMER_NAMES := $(wildcard *.timer) |
||||
|
SYSTEMD_MAIN_UNIT_NAMES := $(wildcard *.target) |
||||
|
QUADLET_UNIT_NAMES := $(patsubst %.container, %.service, $(wildcard *.container)) \
|
||||
|
$(patsubst %.volume, %-volume.service, $(wildcard *.volume)) \
|
||||
|
$(patsubst %.network, %-network.service, $(wildcard *.network)) \
|
||||
|
$(patsubst %.pod, %-pod.service, $(wildcard *.pod)) \
|
||||
|
$(patsubst %.build, %-build.service, $(wildcard *.build)) |
||||
|
CONFIG_FILES = $(wildcard config/*) |
||||
|
TARGET_QUADLETS_FILES = $(addprefix $(TARGET_CHROOT)/etc/containers/systemd/, $(QUADLETS_FILES)) |
||||
|
TARGET_SYSTEMD_FILES = $(addprefix $(TARGET_CHROOT)/etc/systemd/system/, $(SYSTEMD_FILES)) |
||||
|
TARGET_CONFIG_FILES = $(patsubst config/%, $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%, $(CONFIG_FILES)) |
||||
|
TARGET_FILES = $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) |
||||
|
|
||||
|
pre-requisites: |
||||
|
@if [ -z "$(TOP_LEVEL_DIR)" ]; then \
|
||||
|
echo "Do not run this Makefile from the top-level directory!" >&2; \
|
||||
|
exit 1; \
|
||||
|
fi ; \
|
||||
|
if [ "$$(id -u)" -ne 0 ]; then \
|
||||
|
echo "This Makefile must be run as root" >&2; \
|
||||
|
exit 1; \
|
||||
|
fi |
||||
|
|
||||
|
dryrun: |
||||
|
QUADLET_UNIT_DIRS="$$PWD" /usr/lib/systemd/system-generators/podman-system-generator -dryrun > /dev/null |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd: |
||||
|
install -D -d -m 0755 -o root -g root $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/systemd/system: |
||||
|
install -D -d -m 0755 -o root -g root $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME): |
||||
|
install -D -d -m 0755 -o root -g root $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd/%.container: %.container $(TARGET_CHROOT)/etc/containers/systemd |
||||
|
install -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd/%.volume: %.volume $(TARGET_CHROOT)/etc/containers/systemd |
||||
|
install -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd/%.network: %.network $(TARGET_CHROOT)/etc/containers/systemd |
||||
|
install -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd/%.pod: %.pod $(TARGET_CHROOT)/etc/containers/systemd |
||||
|
install -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/containers/systemd/%.build: %.build $(TARGET_CHROOT)/etc/containers/systemd |
||||
|
install -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/systemd/system/%.service: %.service $(TARGET_CHROOT)/etc/systemd/system |
||||
|
install -D -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/systemd/system/%.target: %.target $(TARGET_CHROOT)/etc/systemd/system |
||||
|
install -D -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/systemd/system/%.timer: %.timer $(TARGET_CHROOT)/etc/systemd/system |
||||
|
install -D -m 0644 -o root -g root $< $@ |
||||
|
|
||||
|
$(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME)/%: config/% $(TARGET_CHROOT)/etc/quadlets/$(PROJECT_NAME) |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
if [ -x $< ]; then \
|
||||
|
run install -D -m 0755 -o root -g root $< $@; \
|
||||
|
else \
|
||||
|
run install -D -m 0644 -o root -g root $< $@; \
|
||||
|
fi |
||||
|
|
||||
|
$(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME): |
||||
|
install -d -m 0755 -o root -g root $@ |
||||
|
|
||||
|
install-etc: $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) |
||||
|
install-var: $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME) |
||||
|
|
||||
|
install: pre-requisites dryrun install-etc install-var |
||||
|
systemctl daemon-reload |
||||
|
systemd-analyze --generators=true verify $(QUADLET_UNIT_NAMES) $(SYSTEMD_UNIT_NAMES) |
||||
|
systemctl enable $(SYSTEMD_UNIT_NAMES) |
||||
|
systemctl start $(SYSTEMD_MAIN_UNIT_NAMES) |
||||
|
|
||||
|
uninstall: pre-requisites |
||||
|
systemctl --no-block disable $(SYSTEMD_UNIT_NAMES) || true |
||||
|
systemctl --no-block stop $(SYSTEMD_UNIT_NAMES) $(QUADLET_UNIT_NAMES) || true |
||||
|
rm -f $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) |
||||
|
systemctl daemon-reload |
||||
|
|
||||
|
tail-logs: pre-requisites |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
declare -a journalctl_args=( -f ); \
|
||||
|
for unit in $(SYSTEMD_MAIN_UNIT_NAMES) $(QUADLET_UNIT_NAMES); do \
|
||||
|
journalctl_args+=( -u "$$unit" ); \
|
||||
|
done; \
|
||||
|
run journalctl "$${journalctl_args[@]}" |
||||
|
|
||||
|
$(PROJECT_NAME).bu: install-etc install-var |
||||
|
@if [ -z "$(TARGET_CHROOT)" ]; then \
|
||||
|
echo "TARGET_CHROOT is not set!"; exit 1; \
|
||||
|
fi |
||||
|
$(TOP_LEVEL_DIR)/generate-butane-spec.sh $(TARGET_CHROOT) $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) > $(PROJECT_NAME).bu |
||||
|
|
||||
|
$(PROJECT_NAME).ign: butane |
||||
|
butane --strict -o $(PROJECT_NAME).ign $(PROJECT_NAME).bu |
||||
|
|
||||
|
butane: |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
if [ -z "$(TARGET_CHROOT)" ]; then \
|
||||
|
run $(MAKE) TARGET_CHROOT=$$(mktemp -d /tmp/butane-XXXXXX) $(PROJECT_NAME).bu; \
|
||||
|
else \
|
||||
|
run $(MAKE) $(PROJECT_NAME).bu; \
|
||||
|
fi |
||||
|
|
||||
|
$(TOP_LEVEL_DIR)/local.ign: $(TOP_LEVEL_DIR)/local.bu |
||||
|
butane --strict -o $@ $< |
||||
|
|
||||
|
fcos.ign: fcos.bu $(TOP_LEVEL_DIR)/local.ign $(PROJECT_NAME).ign |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
tmp=$$(mktemp -d /tmp/butane-XXXXXX); \
|
||||
|
run cp $(filter %.ign,$^) $$tmp; \
|
||||
|
run butane --strict -d $$tmp -o $@ fcos.bu; \
|
||||
|
run rm -rf $$tmp |
||||
|
|
||||
|
/var/lib/libvirt/images/library/fedora-coreos.qcow2: |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
run mkdir -p /var/lib/libvirt/images/library/ ; \
|
||||
|
if ! run coreos-installer download -p qemu -f qcow2.xz -d -C /var/lib/libvirt/images/library/ ; then \
|
||||
|
echo "CoreOS QCOW2 image could not be downloaded." >&2; \
|
||||
|
exit 1; \
|
||||
|
fi ; \
|
||||
|
qcow2=$$(ls -1ctr /var/lib/libvirt/images/library/fedora-coreos-*.qcow2 | tail -n 1) ; \
|
||||
|
run mv "$$qcow2" $@ |
||||
|
|
||||
|
/var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign: fcos.ign |
||||
|
install -D -o root -g root -m 0644 $< $@ |
||||
|
|
||||
|
/var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2: /var/lib/libvirt/images/library/fedora-coreos.qcow2 |
||||
|
install -D -o root -g root -m 0644 $< $@ |
||||
|
|
||||
|
fcos-vm: pre-requisites clean-vm /var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign /var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2 |
||||
|
virt-install --name=$(PROJECT_NAME) --import --noautoconsole \
|
||||
|
--ram=4096 --vcpus=2 --os-variant=fedora-coreos-stable \
|
||||
|
--disk path=/var/lib/libvirt/images/$(PROJECT_NAME)/root.qcow2,format=qcow2,size=50 \
|
||||
|
--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/$(PROJECT_NAME)/fcos.ign" \
|
||||
|
--network network=default,model=virtio \
|
||||
|
--console=pty,target.type=virtio --serial=pty --graphics=none --boot=uefi |
||||
|
|
||||
|
clean-vm: pre-requisites |
||||
|
virsh destroy $(PROJECT_NAME) || true |
||||
|
virsh undefine $(PROJECT_NAME) --nvram || true |
||||
|
rm -rf /var/lib/libvirt/images/$(PROJECT_NAME) |
||||
|
|
||||
|
console: pre-requisites |
||||
|
@while sleep 2; do virsh console $(PROJECT_NAME); done |
||||
|
|
||||
|
clean: pre-requisites |
||||
|
rm -f *.butane |
||||
|
@run() { echo $$*; "$$@"; }; \
|
||||
|
read -p "This will remove all data of '$(PROJECT_NAME)'. Are you sure? (only 'yes' is accepted) " ans; \
|
||||
|
if [ "$$ans" = "yes" ] || [ "$$ans" = "YES" ]; then \
|
||||
|
run rm -rf /var/lib/quadlets/$(PROJECT_NAME)/ /var/run/quadlets/$(PROJECT_NAME)/ /etc/quadlets/$(PROJECT_NAME)/; \
|
||||
|
else \
|
||||
|
echo "Aborted."; exit 1; \
|
||||
|
fi |
||||
@ -0,0 +1,72 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
# |
||||
|
# This tool generates a butane config file for the podman-quadlet-cookbook |
||||
|
# project. The generated file can be used to provision a Fedora CoreOS |
||||
|
# instance with all necessary quadlets and systemd units to run the |
||||
|
# podman-quadlet-cookbook tests. |
||||
|
# |
||||
|
# It takes the following parameters: |
||||
|
# - The target chroot directory where the quadlets and systemd units |
||||
|
# have been installed. |
||||
|
# - The list of systemd main unit names to enable. |
||||
|
# |
||||
|
# It outputs the butane config file to stdout. |
||||
|
# |
||||
|
|
||||
|
set -Eeuo pipefail |
||||
|
|
||||
|
TARGET_CHROOT="$1" |
||||
|
SYSTEMD_MAIN_UNIT_NAMES="${@:2}" |
||||
|
|
||||
|
cat <<"EOF" |
||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
storage: |
||||
|
files: |
||||
|
EOF |
||||
|
for file in $(find "$TARGET_CHROOT" \! -type d); do |
||||
|
rel_path="${file#$TARGET_CHROOT}" |
||||
|
cat <<EOF |
||||
|
- path: "${rel_path}" |
||||
|
mode: 0$(stat -c '%a' "$file") |
||||
|
user: |
||||
|
id: $(stat -c '%u' "$file") |
||||
|
group: |
||||
|
id: $(stat -c '%g' "$file") |
||||
|
contents: |
||||
|
compression: gzip |
||||
|
source: data:;base64,$(gzip -c "$file" | base64 -w0) |
||||
|
EOF |
||||
|
done |
||||
|
cat <<"EOF" |
||||
|
directories: |
||||
|
EOF |
||||
|
for dir in $(find "$TARGET_CHROOT" -type d); do |
||||
|
rel_path="${dir#$TARGET_CHROOT}" |
||||
|
if [[ "$rel_path" != "/var/lib/quadlets/"* ]] && [[ "$rel_path" != "/etc/quadlets/"* ]] \ |
||||
|
&& [[ "$rel_path" != "/etc/systemd/system/"* ]] && [[ "$rel_path" != "/etc/containers/systemd/"* ]]; then |
||||
|
|
||||
|
continue |
||||
|
fi |
||||
|
cat <<EOF |
||||
|
- path: "${rel_path}" |
||||
|
mode: 0$(stat -c '%a' "$dir") |
||||
|
user: |
||||
|
id: $(stat -c '%u' "$dir") |
||||
|
group: |
||||
|
id: $(stat -c '%g' "$dir") |
||||
|
EOF |
||||
|
done |
||||
|
|
||||
|
cat <<"EOF" |
||||
|
systemd: |
||||
|
units: |
||||
|
EOF |
||||
|
for unit in ${SYSTEMD_MAIN_UNIT_NAMES}; do |
||||
|
cat <<EOF |
||||
|
- name: "$unit" |
||||
|
enabled: true |
||||
|
mask: false |
||||
|
EOF |
||||
|
done |
||||
@ -0,0 +1,9 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
passwd: |
||||
|
users: |
||||
|
- name: core |
||||
|
ssh_authorized_keys: |
||||
|
- ssh-ed25519 REDACTED user@host |
||||
|
# mkpasswd --method=yescrypt -s |
||||
|
password_hash: "$y$REDACTED" |
||||
@ -0,0 +1,8 @@ |
|||||
|
TOP_LEVEL_DIR := .. |
||||
|
include $(TOP_LEVEL_DIR)/Makefile.common |
||||
|
|
||||
|
# TODO fix permissions and ownerships
|
||||
|
$(TARGET_CHROOT)/var/lib/quadlets/nextcloud-aio/data: |
||||
|
install -m 0777 -o 0 -g 0 -d $@ |
||||
|
|
||||
|
install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud-aio/data |
||||
@ -0,0 +1,101 @@ |
|||||
|
# Setting this to true allows to hide the backup section in the AIO interface. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section |
||||
|
#AIO_DISABLE_BACKUP_SECTION=false |
||||
|
|
||||
|
# Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). |
||||
|
# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
||||
|
#APACHE_PORT=11000 |
||||
|
|
||||
|
# Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. |
||||
|
# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
||||
|
#APACHE_IP_BINDING=127.0.0.1 |
||||
|
|
||||
|
# (Optional) Connect the apache container to an additional docker network. |
||||
|
# Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. |
||||
|
# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
||||
|
#APACHE_ADDITIONAL_NETWORK=frontend_net |
||||
|
|
||||
|
# Allows to adjust borgs retention policy. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy |
||||
|
#BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 |
||||
|
|
||||
|
# Setting this to true allows to disable Collabora's Seccomp feature. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature |
||||
|
#COLLABORA_SECCOMP_DISABLED=false |
||||
|
|
||||
|
# You can adjust the internally used docker api version with this variable. |
||||
|
# ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. |
||||
|
# So use this on your own risk and things might break without warning. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version |
||||
|
#DOCKER_API_VERSION=1.44 |
||||
|
|
||||
|
# Allows to adjust the fulltextsearch java options. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options |
||||
|
#FULLTEXTSEARCH_JAVA_OPTIONS=-Xms1024M -Xmx1024M |
||||
|
|
||||
|
# Allows to set the host directory for Nextcloud's datadir. |
||||
|
# ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir |
||||
|
NEXTCLOUD_DATADIR=/var/lib/quadlets/nextcloud-aio/data |
||||
|
|
||||
|
# Allows the Nextcloud container to access the chosen directory on the host. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host |
||||
|
#NEXTCLOUD_MOUNT=/mnt/ |
||||
|
|
||||
|
# Can be adjusted if you need more. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud |
||||
|
#NEXTCLOUD_UPLOAD_LIMIT=16G |
||||
|
|
||||
|
# Can be adjusted if you need more. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud |
||||
|
#NEXTCLOUD_MAX_TIME=3600 |
||||
|
|
||||
|
# Can be adjusted if you need more. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud |
||||
|
#NEXTCLOUD_MEMORY_LIMIT=512M |
||||
|
|
||||
|
# CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS). |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca |
||||
|
#NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts |
||||
|
|
||||
|
# Allows to modify the Nextcloud apps that are installed on starting AIO the first time. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup |
||||
|
#NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes |
||||
|
|
||||
|
# This allows to add additional packages to the Nextcloud container permanently. |
||||
|
# Default is imagemagick but can be overwritten by modifying this value. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container |
||||
|
#NEXTCLOUD_ADDITIONAL_APKS=imagemagick |
||||
|
|
||||
|
# This allows to add additional php extensions to the Nextcloud container permanently. |
||||
|
# Default is imagick but can be overwritten by modifying this value. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container |
||||
|
#NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick |
||||
|
|
||||
|
# This allows to enable the /dev/dri device for containers that profit from it. |
||||
|
# ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! |
||||
|
# If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud |
||||
|
#NEXTCLOUD_ENABLE_DRI_DEVICE=true |
||||
|
|
||||
|
# This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. |
||||
|
# ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud. |
||||
|
#NEXTCLOUD_ENABLE_NVIDIA_GPU=true |
||||
|
|
||||
|
# Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps |
||||
|
#NEXTCLOUD_KEEP_DISABLED_APPS=false |
||||
|
|
||||
|
# This should only be set to true if things are correctly configured. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation |
||||
|
#SKIP_DOMAIN_VALIDATION=false |
||||
|
|
||||
|
# This allows to adjust the port that the talk container is using which is exposed on the host. |
||||
|
# See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port |
||||
|
#TALK_PORT=3478 |
||||
|
|
||||
|
# Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. |
||||
|
# Otherwise mastercontainer updates will fail. |
||||
|
# For macos it needs to be '/var/run/docker.sock' |
||||
|
#WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock |
||||
@ -0,0 +1,7 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
ignition: |
||||
|
config: |
||||
|
merge: |
||||
|
- local: nextcloud-aio.ign |
||||
|
- local: local.ign |
||||
@ -0,0 +1,39 @@ |
|||||
|
[Unit] |
||||
|
Description=Nextcloud All-in-One |
||||
|
Documentation=https://github.com/nextcloud/all-in-one |
||||
|
After=network.target podman.socket nextcloud_aio_mastercontainer-volume.service |
||||
|
Requires=podman.socket nextcloud_aio_mastercontainer-volume.service |
||||
|
|
||||
|
# Only start if Nextcloud has been configured |
||||
|
ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env |
||||
|
|
||||
|
[Container] |
||||
|
ContainerName=nextcloud-aio-mastercontainer |
||||
|
Image=ghcr.io/nextcloud-releases/all-in-one:latest |
||||
|
PodmanArgs=--privileged --sig-proxy=false |
||||
|
|
||||
|
# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). |
||||
|
# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
||||
|
PublishPort=80:80 |
||||
|
|
||||
|
# This is the AIO interface, served via https and self-signed certificate. |
||||
|
# See https://github.com/nextcloud/all-in-one#explanation-of-used-ports |
||||
|
PublishPort=8080:8080 |
||||
|
|
||||
|
# Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). |
||||
|
# See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md |
||||
|
PublishPort=8443:8443 |
||||
|
|
||||
|
RunInit=true |
||||
|
Volume=nextcloud_aio_mastercontainer:/mnt/docker-aio-config |
||||
|
Volume=/run/podman/podman.sock:/var/run/docker.sock:ro,z |
||||
|
EnvironmentFile=/etc/quadlets/nextcloud-aio/config.env |
||||
|
|
||||
|
[Service] |
||||
|
Restart=always |
||||
|
RestartSec=10 |
||||
|
TimeoutStartSec=600 |
||||
|
TimeoutStopSec=30 |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=nextcloud-aio.target |
||||
@ -0,0 +1,13 @@ |
|||||
|
[Unit] |
||||
|
Description=Nextcloud Service Target |
||||
|
Documentation=man:systemd.target(5) |
||||
|
Requires=nextcloud-aio-mastercontainer.service nextcloud_aio_mastercontainer-volume.service |
||||
|
After=nextcloud-aio-mastercontainer.service nextcloud_aio_mastercontainer-volume.service |
||||
|
|
||||
|
# Allow isolation - can stop/start this target independently |
||||
|
AllowIsolate=yes |
||||
|
# Only start if Nextcloud All-in-One has been configured |
||||
|
ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=multi-user.target |
||||
@ -0,0 +1,11 @@ |
|||||
|
[Unit] |
||||
|
Description=Nextcloud All-in-One - Configuration volume |
||||
|
Documentation=https://github.com/nextcloud/all-in-one |
||||
|
|
||||
|
# Only start if Nextcloud has been configured |
||||
|
ConditionPathExists=/etc/quadlets/nextcloud-aio/config.env |
||||
|
|
||||
|
[Volume] |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=nextcloud-aio.target |
||||
@ -1,8 +0,0 @@ |
|||||
# Netscape HTTP Cookie File |
|
||||
# https://curl.se/docs/http-cookies.html |
|
||||
# This file was generated by libcurl! Edit at your own risk. |
|
||||
|
|
||||
#HttpOnly_localhost FALSE / FALSE 0 ocbny94p8hh4 02320e51bee9bd3808c761acdb10e820 |
|
||||
#HttpOnly_localhost FALSE / FALSE 4133980799 nc_sameSiteCookiestrict true |
|
||||
#HttpOnly_localhost FALSE / FALSE 4133980799 nc_sameSiteCookielax true |
|
||||
#HttpOnly_localhost FALSE / FALSE 0 oc_sessionPassphrase 5xu%2F9mJaZB0HhAXmLErL8y5pNa5Rb6fr%2F%2BVJL%2FfnkKKsBVozLv2TpWQ2Khd%2FtT%2BSX0sR1VQS0pCql0CzOOd%2BTHU04gEnJ0PgYMV%2FRQVO3YJpWE5c5THOJ4eN2GLg7C0P |
|
||||
@ -0,0 +1,8 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
ignition: |
||||
|
config: |
||||
|
merge: |
||||
|
- local: nextcloud.ign |
||||
|
- local: postgresql.ign |
||||
|
- local: local.ign |
||||
@ -0,0 +1,7 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
ignition: |
||||
|
config: |
||||
|
merge: |
||||
|
- local: nginx.ign |
||||
|
- local: local.ign |
||||
@ -0,0 +1,7 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
ignition: |
||||
|
config: |
||||
|
merge: |
||||
|
- local: postgresql.ign |
||||
|
- local: local.ign |
||||
Loading…
Reference in new issue