sr2/ansible-collection-apps
4
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

feat(podman_link): split up container networks for isolation

Browse source 
Fixes: #4
This commit is contained in:
Iain Learmonth 2025-12-03 15:39:23 +00:00
parent d611df1263
commit 65fcca88f5
17 changed files with 24 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/podman_link/tasks/main.yml
View file

@ -177,8 +177,10 @@
owner: "{{ podman_link_podman_rootless_user }}"
mode: "0400"
with_items:
- channels.network
- frontend.network
- link.network
- zammad.network
become: true
notify:
- Restart Link

2
roles/podman_link/templates/home/config/containers/systemd/bridge-whatsapp.container
View file

@ -7,7 +7,7 @@ Environment=BRIDGE_FRONTEND_URL=http://link:3000
ExposeHostPort=5000
Image=registry.gitlab.com/digiresilience/link/link-stack/bridge-whatsapp:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/bridge-whatsapp-data:/home/node/baileys:rw,Z
Network=link.network
Network=channels.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/bridge-worker.container
View file

@ -9,6 +9,8 @@ ContainerName=bridge-worker
EnvironmentFile=common-bridge.env
Image=registry.gitlab.com/digiresilience/link/link-stack/bridge-worker:{{ podman_link_stack_version }}
Network=link.network
Network=channels.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/channels.network Normal file
View file

@ -0,0 +1,2 @@
[Network]
NetworkName=channels

2
roles/podman_link/templates/home/config/containers/systemd/link.container
View file

@ -16,6 +16,8 @@ EnvironmentFile=common-bridge.env
ExposeHostPort=3000
Image=registry.gitlab.com/digiresilience/link/link-stack/link:{{ podman_link_stack_version }}
Network=link.network
Network=channels.network
Network=zammad.network
[Service]
Restart=always

6
roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container
View file

@ -5,12 +5,12 @@ PartOf=link.target
[Container]
ContainerName=opensearch-dashboards
#Environment=OPENSEARCH_USERNAME=admin
#Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password }}
Environment=OPENSEARCH_USERNAME=admin
Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password }}
Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:{{ podman_link_stack_version }}
PublishPort=127.0.0.1:5601:5601
#Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards-config.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/signal-cli-rest-api.container
View file

@ -10,7 +10,7 @@ Environment=SIGNAL_CLI_GID=1002
ExposeHostPort=8081
Image=registry.gitlab.com/digiresilience/link/link-stack/signal-cli-rest-api:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/signal-cli-rest-api-data:/home/.local/share/signal-cli:rw,Z
Network=link.network
Network=channels.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-init.container
View file

@ -10,7 +10,7 @@ Image=registry.gitlab.com/digiresilience/link/link-stack/zammad:{{ podman_link_s
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-config-nginx:/etc/nginx/sites-enabled:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-var:/opt/zammad/var:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-storage:/opt/zammad/storage:ro,z
Network=link.network
Network=zammad.network
[Service]
Restart=on-failure

2
roles/podman_link/templates/home/config/containers/systemd/zammad-memcached.container
View file

@ -5,7 +5,7 @@ PartOf=zammad-storage.target
ContainerName=zammad-memcached
Exec=memcached -m 256M
Image=registry.gitlab.com/digiresilience/link/link-stack/memcached:{{ podman_link_stack_version }}
Network=link.network
Network=zammad.network
ExposeHostPort=11211
[Service]

2
roles/podman_link/templates/home/config/containers/systemd/zammad-nginx.container
View file

@ -11,7 +11,7 @@ ExposeHostPort=8080
Image=registry.gitlab.com/digiresilience/link/link-stack/zammad:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-config-nginx:/etc/nginx/sites-enabled:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-var:/opt/zammad/var:ro,z
Network=link.network
Network=zammad.network
Network=frontend.network
[Service]

2
roles/podman_link/templates/home/config/containers/systemd/zammad-opensearch.container
View file

@ -20,7 +20,7 @@ PublishPort=127.0.0.1:9200:9200
PublishPort=127.0.0.1:9600:9600
Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-data:/usr/share/opensearch/data:rw,Z
Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-config.yml:/usr/share/opensearch/config/opensearch-security/config.yml:rw,Z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-postgresql.container
View file

@ -12,7 +12,7 @@ Image=registry.gitlab.com/digiresilience/link/link-stack/postgresql:{{ podman_li
Volume=/home/{{ podman_link_podman_rootless_user }}/postgresql-data:/var/lib/postgresql/data:rw,Z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-data:/opt/zammad:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-backup:/var/tmp/zammad:ro,z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-railsserver.container
View file

@ -12,7 +12,7 @@ Image=registry.gitlab.com/digiresilience/link/link-stack/zammad:{{ podman_link_s
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-var:/opt/zammad/var:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-storage:/opt/zammad/storage:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-database.yml:/opt/zammad/config/database.yml:ro,z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-redis.container
View file

@ -6,7 +6,7 @@ ContainerName=zammad-redis
Environment=REDIS_PASSWORD={{ podman_link_zammad_redis_password }}
Image=registry.gitlab.com/digiresilience/link/link-stack/redis:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/redis-data:/data:rw,Z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-scheduler.container
View file

@ -9,7 +9,7 @@ Exec=zammad-scheduler
Image=registry.gitlab.com/digiresilience/link/link-stack/zammad:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-var:/opt/zammad/var:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-storage:/opt/zammad/storage:rw,z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad-websocket.container
View file

@ -9,7 +9,7 @@ Exec=zammad-websocket
Image=registry.gitlab.com/digiresilience/link/link-stack/zammad:{{ podman_link_stack_version }}
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-var:/opt/zammad/var:rw,z
Volume=/home/{{ podman_link_podman_rootless_user }}/zammad-storage:/opt/zammad/storage:rw,z
Network=link.network
Network=zammad.network
[Service]
Restart=always

2
roles/podman_link/templates/home/config/containers/systemd/zammad.network Normal file
View file

@ -0,0 +1,2 @@
[Network]
NetworkName=zammad