diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-10-26 13:58:00 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-10-26 13:58:00 +0200 |
commit | def061765aa3f4422472bc08a65bfc3e7f57b3ea (patch) | |
tree | 6b4173aabd89073d921a7a5834a55ee781bd078a /roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 | |
parent | x509/certs: fix renewal scripts (diff) |
apps/whawty/auth: app no longer runs as root and switch to new sync
Diffstat (limited to 'roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2')
-rw-r--r-- | roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 index 45c692e9..b264577d 100644 --- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -1,7 +1,7 @@ securityContext: allowPrivilegeEscalation: false -{# runAsUser: {{ whawty_auth_app_uid }} #} -{# runAsGroup: {{ whawty_auth_app_gid }} #} + runAsUser: 990 + runAsGroup: 990 containers: - name: app image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}" @@ -31,23 +31,15 @@ containers: {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} - name: sync image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}" - command: - - "/gokr-rsyncd" args: - - "--daemon" - - "--gokr.config=/sync/config.toml" -{# TODO: remove debug output #} - - "-v" + - "server" volumeMounts: - name: sync - mountPath: /sync + mountPath: /config readOnly: true - name: store mountPath: /store readOnly: true - env: - - name: XDG_CONFIG_HOME - value: "/sync" ports: - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} |