docker: image: Run cron jobs with root privileges. (#98)
This commit is contained in:
parent
ba3eef4341
commit
4f24d47f19
|
@ -6,5 +6,6 @@ services:
|
||||||
SECRETS_FOR_DYNACONF: /etc/xdg/mobilizon-reshare/0.1.0/.secrets.toml
|
SECRETS_FOR_DYNACONF: /etc/xdg/mobilizon-reshare/0.1.0/.secrets.toml
|
||||||
ENV_FOR_DYNACONF: production
|
ENV_FOR_DYNACONF: production
|
||||||
volumes:
|
volumes:
|
||||||
- ./etc:/etc/xdg/mobilizon-reshare/0.1.0
|
- ./.secrets.toml:/etc/xdg/mobilizon-reshare/0.1.0/.secrets.toml:ro
|
||||||
|
- ./mobilizon_reshare.toml:/etc/xdg/mobilizon-reshare/0.1.0/mobilizon_reshare.toml:ro
|
||||||
- ./var:/var/lib/mobilizon-reshare
|
- ./var:/var/lib/mobilizon-reshare
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
(define-module (docker image-debug)
|
||||||
|
#:use-module (gnu)
|
||||||
|
#:use-module (gnu packages base) ;; for coreutils
|
||||||
|
#:use-module (gnu packages bash) ;; for bash
|
||||||
|
#:use-module (gnu packages gawk) ;; for gawk
|
||||||
|
#:use-module (gnu packages less) ;; for less
|
||||||
|
#:use-module (gnu services base) ;; for special-file-service-type
|
||||||
|
#:use-module (docker image)) ;; for special-file-service-type
|
||||||
|
|
||||||
|
(operating-system
|
||||||
|
(inherit mobilizon-reshare-docker-image)
|
||||||
|
(packages
|
||||||
|
(list
|
||||||
|
coreutils
|
||||||
|
findutils
|
||||||
|
less
|
||||||
|
grep
|
||||||
|
gawk
|
||||||
|
sed))
|
||||||
|
|
||||||
|
(services
|
||||||
|
(append
|
||||||
|
%mobilizon-reshare-services
|
||||||
|
(list
|
||||||
|
(service special-files-service-type
|
||||||
|
`(("/bin/sh" ,(file-append bash "/bin/bash"))))))))
|
|
@ -1,24 +1,28 @@
|
||||||
(define-module (docker image)
|
(define-module (docker image)
|
||||||
#:use-module (gnu)
|
#:use-module (gnu)
|
||||||
#:use-module (gnu packages admin) ;; for shadow
|
|
||||||
#:use-module (gnu packages base) ;; for coreutils
|
|
||||||
#:use-module (gnu packages bash) ;; for bash
|
|
||||||
#:use-module (gnu packages gawk) ;; for gawk
|
|
||||||
#:use-module (gnu packages less) ;; for less
|
|
||||||
#:use-module (guix gexp) ;; for #$ and #~
|
#:use-module (guix gexp) ;; for #$ and #~
|
||||||
#:use-module (docker mobilizon-reshare) ;; for mobilizon-reshare.git
|
#:use-module (docker mobilizon-reshare) ;; for mobilizon-reshare.git
|
||||||
#:use-module (docker service) ;; for mobilizon-reshare-service-type
|
#:use-module (docker service) ;; for mobilizon-reshare-service-type
|
||||||
#:use-module (gnu services base) ;; for special-file-service-type
|
|
||||||
#:use-module (gnu services mcron)) ;; for mcron
|
#:use-module (gnu services mcron)) ;; for mcron
|
||||||
|
|
||||||
(define mobilizon-reshare-job
|
(define mobilizon-reshare-job
|
||||||
;; Run mobilizon-reshare every 15th minute.
|
;; Run mobilizon-reshare every 15th minute.
|
||||||
#~(job "*/15 * * * *"
|
#~(job "*/15 * * * *"
|
||||||
(string-append #$mobilizon-reshare.git "/bin/mobilizon-reshare start")
|
(string-append
|
||||||
|
#$mobilizon-reshare.git
|
||||||
|
"/bin/mobilizon-reshare start > /proc/1/fd/1 2>/proc/1/fd/2")
|
||||||
"mobilizon-reshare-start"
|
"mobilizon-reshare-start"
|
||||||
#:user "mobilizon-reshare"))
|
#:user "root"))
|
||||||
|
|
||||||
(define mobilizon-reshare-docker-image
|
(define-public %mobilizon-reshare-services
|
||||||
|
(list
|
||||||
|
(service mobilizon-reshare-service-type)
|
||||||
|
(service mcron-service-type)
|
||||||
|
(simple-service 'mobilizon-reshare-cron-jobs
|
||||||
|
mcron-service-type
|
||||||
|
(list mobilizon-reshare-job))))
|
||||||
|
|
||||||
|
(define-public mobilizon-reshare-docker-image
|
||||||
(operating-system
|
(operating-system
|
||||||
(locale "it_IT.utf8")
|
(locale "it_IT.utf8")
|
||||||
(timezone "Europe/Rome")
|
(timezone "Europe/Rome")
|
||||||
|
@ -39,22 +43,9 @@
|
||||||
(host-name "mobilizon-reshare-scheduler")
|
(host-name "mobilizon-reshare-scheduler")
|
||||||
|
|
||||||
(packages
|
(packages
|
||||||
(list
|
(list))
|
||||||
coreutils
|
|
||||||
findutils
|
|
||||||
less
|
|
||||||
grep
|
|
||||||
gawk
|
|
||||||
sed))
|
|
||||||
|
|
||||||
(services
|
(services
|
||||||
(list
|
%mobilizon-reshare-services)))
|
||||||
(service mobilizon-reshare-service-type)
|
|
||||||
(service special-files-service-type
|
|
||||||
`(("/bin/sh" ,(file-append bash "/bin/bash"))))
|
|
||||||
(service mcron-service-type)
|
|
||||||
(simple-service 'mobilizon-reshare-cron-jobs
|
|
||||||
mcron-service-type
|
|
||||||
(list mobilizon-reshare-job))))))
|
|
||||||
|
|
||||||
mobilizon-reshare-docker-image
|
mobilizon-reshare-docker-image
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
(name "mobilizon-reshare")
|
(name "mobilizon-reshare")
|
||||||
(comment "Mobilizon Reshare's Service Account")
|
(comment "Mobilizon Reshare's Service Account")
|
||||||
(group "mobilizon-reshare")
|
(group "mobilizon-reshare")
|
||||||
|
(supplementary-groups '("tty"))
|
||||||
(system? #t)
|
(system? #t)
|
||||||
(home-directory "/var/empty")
|
(home-directory "/var/empty")
|
||||||
(shell (file-append shadow "/sbin/nologin")))))
|
(shell (file-append shadow "/sbin/nologin")))))
|
||||||
|
|
Loading…
Reference in New Issue