From def061765aa3f4422472bc08a65bfc3e7f57b3ea Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 26 Oct 2023 13:58:00 +0200
Subject: apps/whawty/auth: app no longer runs as root and switch to new sync

---
 .../apps/whawty/auth/instance/templates/pod-spec.yml.j2  | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

(limited to 'roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2')

diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
index 45c692e9..b264577d 100644
--- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
+++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
@@ -1,7 +1,7 @@
 securityContext:
   allowPrivilegeEscalation: false
-{#  runAsUser: {{ whawty_auth_app_uid }} #}
-{#  runAsGroup: {{ whawty_auth_app_gid }} #}
+  runAsUser: 990
+  runAsGroup: 990
 containers:
 - name: app
   image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
@@ -31,23 +31,15 @@ containers:
 {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
 - name: sync
   image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
-  command:
-  - "/gokr-rsyncd"
   args:
-  - "--daemon"
-  - "--gokr.config=/sync/config.toml"
-{# TODO: remove debug output #}
-  - "-v"
+  - "server"
   volumeMounts:
   - name: sync
-    mountPath: /sync
+    mountPath: /config
     readOnly: true
   - name: store
     mountPath: /store
     readOnly: true
-  env:
-  - name: XDG_CONFIG_HOME
-    value: "/sync"
   ports:
   - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
     hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }}
-- 
cgit v1.2.3