bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4ebc4bad7c9ab18e0cca15783e4e28fdee38a96
deploy_home/ansible/roles/podman/tasks/containers/home/cloud.yml
Bastian de Byl f23fc62ada fix: move cloud backup keys and scripts out of container volume paths 
SSH keys moved to /etc/ssh/backup_keys/ (ssh_home_t) and backup scripts
to /usr/local/bin/ (bin_t) to fix SELinux denials - container_file_t
context blocked rsync from exec'ing ssh. Also fixes skudak key path
mismatch (was truenas_skudak, key deployed as truenas_skudak-cloud).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-05 14:45:03 -05:00

96 lines
2.5 KiB
YAML
Raw Blame History

---
- name: create required cloud volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
group: "{{ podman_subuid.stdout }}"
mode: 0755
notify: restorecon podman
loop:
- "{{ cloud_path }}/apps"
- "{{ cloud_path }}/config"
- "{{ cloud_path }}/data"
- "{{ cloud_path }}/mysql"
- name: unshare chown the nextcloud volumes
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 33:33 {{ cloud_path }}/apps {{ cloud_path }}/data {{ cloud_path}}/config
- name: flush handlers
ansible.builtin.meta: flush_handlers
- import_tasks: podman/podman-check.yml
vars:
container_name: cloud-db
container_image: "{{ db_image }}"
- name: create cloud-db container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: cloud-db
image: "{{ db_image }}"
restart_policy: on-failure:3
log_driver: journald
network:
- shared
env:
MYSQL_ROOT_PASSWORD: "{{ cloud_db_root_pass }}"
MYSQL_DATABASE: cloud
MYSQL_PASSWORD: "{{ cloud_db_pass }}"
MYSQL_USER: cloud
volumes:
- "{{ cloud_path }}/mysql:/var/lib/mysql"
- name: create systemd startup job for cloud-db
include_tasks: podman/systemd-generate.yml
vars:
container_name: cloud-db
- import_tasks: podman/podman-check.yml
vars:
container_name: cloud
container_image: "{{ image }}"
- name: create cloud container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: cloud
image: "{{ image }}"
restart_policy: on-failure:3
log_driver: journald
network:
- shared
env:
MYSQL_PASSWORD: "{{ cloud_db_pass }}"
MYSQL_DATABASE: cloud
MYSQL_HOST: cloud-db
MYSQL_USER: cloud
volumes:
- "{{ cloud_path }}/apps:/var/www/html/custom_apps"
- "{{ cloud_path }}/data:/var/www/html/data"
- "{{ cloud_path }}/config:/var/www/html/config"
ports:
- "8089:80"
- name: create systemd startup job for cloud
include_tasks: podman/systemd-generate.yml
vars:
container_name: cloud
- include_tasks: containers/cloud-backup.yml
vars:
backup_name: cloud
data_path: "{{ cloud_path }}/data"
ssh_key_path: /etc/ssh/backup_keys/cloud
ssh_key_content: "{{ cloud_backup_ssh_key }}"
ssh_user: cloud
remote_path: /mnt/glacier/nextcloud
script_path: /usr/local/bin/cloud-backup.sh
Reference in New Issue View Git Blame Copy Permalink