nicolas
/
podman-quadlet-cookbook
mirror of https://github.com/nmasse-itix/podman-quadlet-cookbook.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: nicolas:3bfa103e209b213039ff5690870bad1d840b34d6
Branches Tags
nicolas:main
...
compare: nicolas:d2eb6a16fb23ffbe1a6b0072785dd1749101dd28
Branches Tags
nicolas:main

2 Commits
3bfa103e20 ... d2eb6a16fb

Author SHA1 Message Date
Nicolas Massé d2eb6a16fb simplify uid/gid mapping
1 month ago
Nicolas Massé 320676c15d WiP
1 month ago
16 changed files with 162 additions and 70 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats
  1. 28
      Makefile.common
  2. 14
      nextcloud/Makefile
  3. 31
      nextcloud/config/collabora.env
  4. 10
      nextcloud/nextcloud-app.container
  5. 52
      nextcloud/nextcloud-collabora.container
  6. 10
      nextcloud/nextcloud-cron.container
  7. 10
      nextcloud/nextcloud-init.container
  8. 10
      nextcloud/nextcloud-nginx.container
  9. 10
      nextcloud/nextcloud-redis.container
  10. 10
      nextcloud/nextcloud-upgrade.container
  11. 0
      nextcloud/other/nextcloud.sql
  12. 5
      postgresql/Makefile
  13. 10
      postgresql/postgresql-backup.container
  14. 12
      postgresql/postgresql-init.container
  15. 10
      postgresql/postgresql-server.container
  16. 10
      postgresql/postgresql-upgrade.container

28
Makefile.common
View File

@ -1,6 +1,8 @@
.PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun .PHONY: all install install-etc install-var uninstall pre-requisites clean dryrun
.PHONY: tail-logs butane help fcos-vm clean-vm console units units-pre .PHONY: tail-logs butane help fcos-vm clean-vm console units units-pre
.PHONY: clean-pre clean-post install-pre install-post uninstall-pre uninstall-post .PHONY: clean-pre clean-post install-pre install-post uninstall-pre uninstall-post
.PHONY: install-files install-files-pre install-files-post install-actions
.PHONY: install-actions-pre install-actions-post
all: help all: help
help: help:
@ -97,14 +99,21 @@ $(TARGET_CHROOT)/etc/sysctl.d/%: sysctl.d/% $(TARGET_CHROOT)/etc/sysctl.d
install-etc: $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES) install-etc: $(TARGET_QUADLETS_FILES) $(TARGET_SYSTEMD_FILES) $(TARGET_CONFIG_FILES) $(TARGET_TMPFILESD_FILES) $(TARGET_SYSCTLD_FILES)
install-var: $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME) install-var: $(TARGET_CHROOT)/var/lib/quadlets/$(PROJECT_NAME)
install-pre:: install-files-pre::
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
for dep in $(DEPENDENCIES); do \ for dep in $(DEPENDENCIES); do \
run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep install; \ run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep install-files; \
done done
install-files: install-files-pre install-etc install-var
$(MAKE) install-files-post
install-files-post::
install-post:: install-actions-pre::
install: pre-requisites dryrun install-etc install-var install-pre @run() { echo $$*; "$$@"; }; \
for dep in $(DEPENDENCIES); do \
run $(MAKE) -C $(TOP_LEVEL_DIR)/$$dep install-actions; \
done
install-actions: install-actions-pre
systemctl daemon-reload systemctl daemon-reload
systemd-analyze --generators=true verify $(QUADLET_UNIT_NAMES) $(SYSTEMD_UNIT_NAMES) systemd-analyze --generators=true verify $(QUADLET_UNIT_NAMES) $(SYSTEMD_UNIT_NAMES)
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \
@ -116,6 +125,13 @@ install: pre-requisites dryrun install-etc install-var install-pre
fi fi
systemctl enable $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES) systemctl enable $(SYSTEMD_MAIN_UNIT_NAMES) $(SYSTEMD_TIMER_NAMES)
systemctl start $(SYSTEMD_MAIN_UNIT_NAMES) systemctl start $(SYSTEMD_MAIN_UNIT_NAMES)
$(MAKE) install-actions-post
install-pre::
install-post::
install: pre-requisites dryrun install-pre
$(MAKE) install-files
$(MAKE) install-actions
$(MAKE) install-post $(MAKE) install-post
uninstall-pre:: uninstall-pre::
@ -144,7 +160,7 @@ tail-logs: pre-requisites
done; \ done; \
run journalctl "$${journalctl_args[@]}" run journalctl "$${journalctl_args[@]}"
$(PROJECT_NAME).bu: install-etc install-var $(PROJECT_NAME).bu: install-files
@if [ -z "$(TARGET_CHROOT)" ]; then \ @if [ -z "$(TARGET_CHROOT)" ]; then \
echo "TARGET_CHROOT is not set!"; exit 1; \ echo "TARGET_CHROOT is not set!"; exit 1; \
fi fi

14
nextcloud/Makefile
View File

@ -20,15 +20,23 @@ test-set-nextcloud-major:
sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/config.env sed -i 's/^NEXTCLOUD_MAJOR=.*/NEXTCLOUD_MAJOR=$(NEXTCLOUD_MAJOR_START)/' config/config.env
$(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis:
install -m 0700 -o 10008 -g 10000 -d $@ install -m 0700 -o $(PROJECT_UID) -g $(PROJECT_GID) -d $@
$(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config:
install -m 0700 -o 10008 -g 10000 -d $@ install -m 0700 -o $(PROJECT_UID) -g $(PROJECT_GID) -d $@
$(TARGET_CHROOT)/etc/quadlets/nextcloud/www.conf: config/www.conf $(TARGET_CHROOT)/etc/quadlets/nextcloud/www.conf: config/www.conf
install -m 0755 -o 10008 -g 10000 -D $< $@ install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D $< $@
$(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json:
curl -sSfL -o $@ https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json
install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config install-var: $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/redis $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/data $(TARGET_CHROOT)/var/lib/quadlets/nextcloud/config
install-etc: $(TARGET_CHROOT)/etc/quadlets/nextcloud/collabora-seccomp-profile.json
install-files: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/nextcloud.sql
$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d/nextcloud.sql: other/nextcloud.sql
install -m 0644 -o 10004 -g 10000 $< $@
test: test:
@run() { echo $$*; "$$@"; }; \ @run() { echo $$*; "$$@"; }; \

31
nextcloud/config/collabora.env
View File

@ -0,0 +1,31 @@
# User name for the admin console
username=admin
# Password for the admin console
password=admin
# By default only limited set of spelling dictionaries and thesauri are configured
# for CODE, mainly for performance reasons. The default set of languages is the
# following: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru.
# With the dictionaries environment variable you can change this list.
dictionaries=fr_FR en_US en_GB
# When this environment variable is set (is not “”), then its value will be used
# as server name in /etc/coolwsd/coolwsd.xml. Without this, CODE is not delivering
# a correct host for the websocket connection in case of a proxy in front of it.
server_name=localhost
# You can pass extra command line parameters to coolwsd via this environment
# variable. For example, if you want to start coolwsd without SSL, when you
# test or develop, the syntax is: -e "extra_params=--o:ssl.enable=false".
# To learn about all possible options, refer to the self-documented
# /etc/coolwsd/coolwsd.xml configuration file in the Docker image.
extra_params=--o:ssl.enable=false --o:ssl.termination=false
# By default Collabora Online enables the first WOPI host that tries to connect.
# You can define the allowed WOPI hosts by passing environment variables.
aliasgroup1=http://localhost:9980
# When this environment variable is set (is not “”), then startup script will
# not generate a new SSL certificate signed by a dummy CA. It is useful, if
# you want to use your own SSL certificate for some reason.
DONT_GEN_SSL_CERT=true

10
nextcloud/nextcloud-app.container
View File

@ -21,12 +21,10 @@ User=www-data
Group=www-data Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82 UIDMap=0:1000000:65535
UIDMap=82:10008:1 UIDMap=+82:10008:1
UIDMap=83:1000083:65453 GIDMap=0:1000000:65535
GIDMap=0:1000000:82 GIDMap=+82:10000:1
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host

52
nextcloud/nextcloud-collabora.container
View File

@ -0,0 +1,52 @@
[Unit]
Description=Collabora Online for Nextcloud
Documentation=https://hub.docker.com/r/collabora/code/
After=network.target
# Only start if Collabora has been configured
ConditionPathExists=/etc/quadlets/nextcloud/collabora.env
# Start/stop this unit when the target is started/stopped
PartOf=nextcloud.target
[Container]
ContainerName=nextcloud-collabora
Image=docker.io/collabora/code:latest
# No need for root privileges
User=1001
Group=1001
# UID/GID mapping to map the 1001 user inside the container to arbitrary user 10016 / group 10000 on the host
UIDMap=0:1000000:65535
UIDMap=+1001:10016:1
GIDMap=0:1000000:65535
GIDMap=+1001:10000:1
# Security
SeccompProfile=/etc/quadlets/nextcloud/collabora-seccomp-profile.json
# Network configuration
Network=host
# Environment variables from secrets and config
EnvironmentFile=/etc/quadlets/nextcloud/collabora.env
# Volume mounts
# <none>
# Health check (equivalent to readiness probe)
HealthCmd=nc -z localhost 9980
HealthInterval=30s
HealthTimeout=10s
HealthStartPeriod=10s
HealthRetries=3
[Service]
Restart=always
RestartSec=10
TimeoutStartSec=600
TimeoutStopSec=30
[Install]
WantedBy=nextcloud.target

10
nextcloud/nextcloud-cron.container
View File

@ -18,12 +18,10 @@ User=www-data
Group=www-data Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82 UIDMap=0:1000000:65535
UIDMap=82:10008:1 UIDMap=+82:10008:1
UIDMap=83:1000083:65453 GIDMap=0:1000000:65535
GIDMap=0:1000000:82 GIDMap=+82:10000:1
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host

10
nextcloud/nextcloud-init.container
View File

@ -22,12 +22,10 @@ User=www-data
Group=www-data Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82 UIDMap=0:1000000:65535
UIDMap=82:10008:1 UIDMap=+82:10008:1
UIDMap=83:1000083:65453 GIDMap=0:1000000:65535
GIDMap=0:1000000:82 GIDMap=+82:10000:1
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host

10
nextcloud/nextcloud-nginx.container
View File

@ -23,12 +23,10 @@ User=nginx
Group=nginx Group=nginx
# UID/GID mapping to map the nginx (101) user inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the nginx (101) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:101 UIDMap=0:1000000:65535
UIDMap=101:10008:1 UIDMap=+101:10008:1
UIDMap=102:1000102:65434 GIDMap=0:1000000:65535
GIDMap=0:1000000:101 GIDMap=+101:10000:1
GIDMap=101:10000:1
GIDMap=102:1000102:65434
# Volume mounts # Volume mounts
Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z

10
nextcloud/nextcloud-redis.container
View File

@ -24,12 +24,10 @@ User=redis
Group=redis Group=redis
# UID/GID mapping to map the redis (999) user / redis (1000) group inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the redis (999) user / redis (1000) group inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:999 UIDMap=0:1000000:65535
UIDMap=999:10008:1 UIDMap=+999:10008:1
UIDMap=1000:1001000:64536 GIDMap=0:1000000:65535
GIDMap=0:1000000:1000 GIDMap=+1000:10000:1
GIDMap=1000:10000:1
GIDMap=1001:1001001:64535
# Environment variables # Environment variables
Environment=REDISCLI_AUTH=${REDIS_HOST_PASSWORD} Environment=REDISCLI_AUTH=${REDIS_HOST_PASSWORD}

10
nextcloud/nextcloud-upgrade.container
View File

@ -22,12 +22,10 @@ User=www-data
Group=www-data Group=www-data
# UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
UIDMap=0:1000000:82 UIDMap=0:1000000:65535
UIDMap=82:10008:1 UIDMap=+82:10008:1
UIDMap=83:1000083:65453 GIDMap=0:1000000:65535
GIDMap=0:1000000:82 GIDMap=+82:10000:1
GIDMap=82:10000:1
GIDMap=83:1000083:65453
# Network configuration # Network configuration
Network=host Network=host

0
postgresql/config/init.sql → nextcloud/other/nextcloud.sql
View File

5
postgresql/Makefile
View File

@ -20,6 +20,11 @@ PG_MAJOR_LAST ?= 18
test-set-pgmajor: test-set-pgmajor:
sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env sed -i 's/^PG_MAJOR=.*/PG_MAJOR=$(PG_MAJOR_START)/' config/config.env
$(TARGET_CHROOT)/etc/quadlets/postgresql/init.d:
install -m 0755 -o $(PROJECT_UID) -g $(PROJECT_GID) -D -d $@
install-etc: $(TARGET_CHROOT)/etc/quadlets/postgresql/init.d
# Integration tests for PostgreSQL quadlet: backup, restore + major version upgrade (14 to 18) # Integration tests for PostgreSQL quadlet: backup, restore + major version upgrade (14 to 18)
test: uninstall clean test-set-pgmajor install test: uninstall clean test-set-pgmajor install
@echo "Running PostgreSQL integration tests..."; \ @echo "Running PostgreSQL integration tests..."; \

10
postgresql/postgresql-backup.container
View File

@ -25,12 +25,10 @@ User=postgres
Group=postgres Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70 UIDMap=0:1000000:65535
UIDMap=70:10004:1 UIDMap=+70:10004:1
UIDMap=71:1000071:65465 GIDMap=0:1000000:65535
GIDMap=0:1000000:70 GIDMap=+70:10000:1
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root # Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore PodmanArgs=--image-volume=ignore

12
postgresql/postgresql-init.container
View File

@ -37,12 +37,10 @@ User=postgres
Group=postgres Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70 UIDMap=0:1000000:65535
UIDMap=70:10004:1 UIDMap=+70:10004:1
UIDMap=71:1000071:65465 GIDMap=0:1000000:65535
GIDMap=0:1000000:70 GIDMap=+70:10000:1
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root # Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore PodmanArgs=--image-volume=ignore
@ -51,7 +49,7 @@ PodmanArgs=--image-volume=ignore
Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z Volume=/var/lib/quadlets/postgresql:/var/lib/postgresql:z
Volume=/var/lib/virtiofs/data/postgresql/backup:/var/lib/postgresql/backup:z Volume=/var/lib/virtiofs/data/postgresql/backup:/var/lib/postgresql/backup:z
Volume=/etc/quadlets/postgresql/init.sh:/usr/local/bin/init.sh:z,ro Volume=/etc/quadlets/postgresql/init.sh:/usr/local/bin/init.sh:z,ro
Volume=/etc/quadlets/postgresql/init.sql:/docker-entrypoint-initdb.d/init.sql:z,ro Volume=/etc/quadlets/postgresql/init.d:/docker-entrypoint-initdb.d:z,ro
[Service] [Service]
Restart=no Restart=no

10
postgresql/postgresql-server.container
View File

@ -42,12 +42,10 @@ User=postgres
Group=postgres Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70 UIDMap=0:1000000:65535
UIDMap=70:10004:1 UIDMap=+70:10004:1
UIDMap=71:1000071:65465 GIDMap=0:1000000:65535
GIDMap=0:1000000:70 GIDMap=+70:10000:1
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root # Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore PodmanArgs=--image-volume=ignore

10
postgresql/postgresql-upgrade.container
View File

@ -33,12 +33,10 @@ User=postgres
Group=postgres Group=postgres
# UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
UIDMap=0:1000000:70 UIDMap=0:1000000:65535
UIDMap=70:10004:1 UIDMap=+70:10004:1
UIDMap=71:1000071:65465 GIDMap=0:1000000:65535
GIDMap=0:1000000:70 GIDMap=+70:10000:1
GIDMap=70:10000:1
GIDMap=71:1000071:65465
# Avoid issues with built-in volumes being created by root # Avoid issues with built-in volumes being created by root
PodmanArgs=--image-volume=ignore PodmanArgs=--image-volume=ignore

Write Preview
Loading…
Cancel
Save