From 217364bf5c612ac0ee1818419e47d4631aa42cfe Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 15 Oct 2023 23:30:44 +0200 Subject: initial version for whawty-auth app (WIP) --- .../whawty/auth/instance/templates/pod-spec.yml.j2 | 69 ++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 (limited to 'roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2') diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..45c692e9 --- /dev/null +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -0,0 +1,69 @@ +securityContext: + allowPrivilegeEscalation: false +{# runAsUser: {{ whawty_auth_app_uid }} #} +{# runAsGroup: {{ whawty_auth_app_gid }} #} +containers: +- name: app + image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}" + args: + - "--store" + - "/config/store.yml" + - "run" + - "--web-addr" + - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" +{% if 'tls' in whawty_auth_instances[whawty_auth_instance] %} + - "--web-config" + - "/config/web.yml" +{% endif %} + volumeMounts: + - name: config + mountPath: /config + readOnly: true + - name: store + mountPath: /store + env: +{# TODO: remove debug output #} + - name: WHAWTY_AUTH_DEBUG + value: "1" + ports: + - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }} + hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }} +{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} +- name: sync + image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}" + command: + - "/gokr-rsyncd" + args: + - "--daemon" + - "--gokr.config=/sync/config.toml" +{# TODO: remove debug output #} + - "-v" + volumeMounts: + - name: sync + mountPath: /sync + readOnly: true + - name: store + mountPath: /store + readOnly: true + env: + - name: XDG_CONFIG_HOME + value: "/sync" + ports: + - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} + hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} +{% endif %} +volumes: +- name: config + hostPath: + path: "{{ whawty_auth_instance_basepath }}/config" + type: Directory +- name: store + hostPath: + path: "{{ whawty_auth_instance_basepath }}/store" + type: Directory +{% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} +- name: sync + hostPath: + path: "{{ whawty_auth_instance_basepath }}/sync" + type: Directory +{% endif %} -- cgit v1.2.3