.

2022-11-02 11:18:20 +01:00
parent 1fddef7a97
commit 20c3717a10
43 changed files with 1201 additions and 472 deletions
--- a/podman/containers.sls
+++ b/podman/containers.sls
@@ -0,0 +1,60 @@
+{% set user = salt['pillar.get']('podman:user', 'root') %}
+{% set home = salt['user.info'](user).home %}
+{% set group = salt['pillar.get']('podman:group', 'root') %}
+
+
+
+{% for name, args in salt['pillar.get']('containers', {} ).items() %}
+
+Create container manage file for {{ name }}:
+  file.managed:
+    - name: "{{ home }}/bin/{{ name }}.sh"
+    - source: salt://podman/files/container.sh.jinja
+    - template: jinja
+    - user: {{ user }}
+    - group: {{ group }}
+    - mode: "0750"
+    - context:
+      container: {{ name }}
+      args: {{ args }}
+
+{% if args['volumes'] is defined %}
+{% for volume, mount in args['volumes'].items() %}
+Create {{ volume }} volume for {{ name }}:
+  cmd.run:
+    - name: podman volume create {{ name }}-{{ volume }}
+    - runas: {{ user }}
+    - unless: podman volume exists {{ name }}-{{ volume }}
+{% endfor %}
+{% endif %}
+
+Create container {{ name }}:
+  cmd.run:
+    - name: "{{ home }}/bin/{{ name }}.sh --create"
+    - runas: {{ user }}
+    - unless: podman container exists {{ name }}
+
+Create container {{ name }} unit file:
+  cmd.run:
+    - name: podman generate systemd --name {{ name }} > {{ home }}/.config/systemd/user/{{ name }}.service
+    - runas: {{ user }}
+    - onchanges:
+      - cmd: Create container {{ name }}
+
+Run user daemon reload for {{ name }} unit:
+  cmd.run:
+    - name: systemctl --user daemon-reload
+    - runas: {{ user }}
+    - onchanges:
+       - cmd: Create container {{ name }} unit file
+
+start container {{ name }}:
+  cmd.run:
+    - name: "{{ home }}/bin/{{ name }}.sh --start"
+    - runas: {{ user }}
+    - unless: "{{ home }}/bin/{{ name }}.sh --is-running"
+    - onchanges:
+      - cmd: Run user daemon reload for {{ name }} unit
+    
+
+{% endfor %}
--- a/podman/files/99-zigbee-serial.rules
+++ b/podman/files/99-zigbee-serial.rules
@@ -0,0 +1 @@
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee-serial", MODE="0666"
--- a/podman/files/container.sh.jinja
+++ b/podman/files/container.sh.jinja
@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+
+function pull_image(){
+    if ! podman image exists {{ args['image'] }}:{{ args['tag'] }}; then
+        podman pull {{ args['image'] }}:{{ args['tag'] }}
+    fi
+
+}
+
+function create_volumes() {
+{% for volume, mounts in args['volumes'].items() -%}
+    if ! podman volume exists {{ container }}-{{ volume }}; then
+        podman volume create {{ container }}-{{ volume }}
+    fi
+{% endfor %}
+}
+
+function create_container() {
+    if ! podman container exists {{ container }};then
+        podman container create \
+            --name {{ container }} \
+	    {%- if args['volumes'] is defined %}
+            {%- for volume, mount in args['volumes'].items() %}
+            -v {{ container }}-{{ volume }}:{{ mount }} \
+    	    {%- endfor %}
+	    {%- endif %}
+	    {%- if args['ports'] is defined %}
+    	    {%- for ports in args['ports'] %}
+    	    -p {{ ports['host'] }}:{{ ports['container'] }}{% if ports['protocol'] is defined %}/{{ ports['protocol'] }}{% endif %} \
+            {%- endfor %}
+	    {%- endif %}
+	    {%- if args['env'] is defined %}
+    	    {%- for key, value in args['env'].items() %}
+    	    -e {{ key }}={{ value }} \
+    	    {%- endfor %}
+	    {%- endif %}
+	    {%- if args['devices'] is defined %}
+	    {%- for key, value in args['devices'].items() %}
+	    --device {{ key }}:{{ value}} \
+	    {%- endfor %}
+            {%- endif %}
+    	    {{ args['image'] }}:{{ args['tag'] }}
+    fi
+
+}
+
+function generate_systemd_unit_file() {
+    podman generate systemd --name {{ container }} > $HOME/.config/systemd/user/{{ container }}.service
+}
+
+function check_update() {
+    podman pull {{ args['image'] }}:{{ args['tag'] }}
+    if [[ "$(podman image inspect {{ args['image'] }}:{{ args['tag'] }} --format "{% raw %}{{.Id}}{% endraw %}")" == "$(podman inspect {{ container }} --format "{% raw %}{{ .Image }}{% endraw %}")" ]];then
+        echo "No image updates available"
+	return 0
+    else
+        echo "Image update available"
+	return 1
+    fi
+}
+
+function update() {
+    if ! check_update; then
+       systemctl --user stop {{ container }}
+       podman container rm {{ container }}
+       create_container
+       generate_systemd_unit_file
+       systemctl --user daemon-reload
+       systemctl --user enable --now {{ container }}.service
+    fi
+}
+    
+
+
+function printHelp(){
+    cat << EOF
+Usage ${0##*/} [options..]
+-h,-?, --help           Show help and exit
+-p, --pull              pull container image ({{ container }}:{{ args['tag'] }})
+-v, --volumes           create container volumes
+-c, --create            create {{ container }} containers
+-s, --start             start and enables {{ container }} container
+-S, --stop              stop {{ container }} container
+-i, --is-running        check to see if container service is running
+-u, --check-update      check if there are image updates avaiable
+-U, --update            perform image update if it exists
+-g, --generate-systemd  generate user systemd service unit file
+EOF
+}
+
+
+while :; do
+    case $1 in
+        -h|-\?|--help)
+            printHelp
+            exit
+            ;;
+        -p|--pull)
+            pull_image
+            shift
+            ;;
+        -v|--volumes)
+            create_volumes
+            shift
+            ;;
+        -c|--create)
+            create_container
+            shift
+            ;;
+	-s|--start)
+	    systemctl --user enable --now {{ container }}.service
+	    shift
+	    ;;
+	-S|--stop)
+	    systemctl --user stop {{ container }}.service
+	    shift
+	    ;;
+	-i|--is-running)
+            systemctl --user is-active {{ container }}.service
+	    exit $?
+	    shift
+	    ;;
+        -g|--generate-systemd)
+	    generate_systemd_unit_file
+	    shift
+	    ;;
+	-u|--check-update)
+	    check_update
+	    shift
+	    ;;
+	-U|--update)
+	    update
+	    shift
+	    ;;
+        --)                 #End of all options
+            shift
+            break
+            ;;
+        -?*)
+            printf "'%s' is not a valid option\n" "$1" >&2
+            exit 1
+            ;;
+        *)                 #Break out of case, no more options
+            break
+    esac
+    shift
+done
+
--- a/podman/files/env_file.jinja
+++ b/podman/files/env_file.jinja
@@ -0,0 +1,3 @@
+{% for key, value in env_vars.items() -%}
+{{ key }}={{ value }}
+{% endfor -%}
--- a/podman/files/npm-container.conf
+++ b/podman/files/npm-container.conf
@@ -0,0 +1 @@
+net.ipv4.ip_unprivileged_port_start=80
--- a/podman/firewalld.sls
+++ b/podman/firewalld.sls
@@ -0,0 +1,20 @@
+{% set zone = salt['pillar.get']('containers:zone', 'public') %}
+
+{% for name, args in salt['pillar.get']('containers', {} ).items() %}
+{% if args['ports'] is defined %}
+
+Defining firewalld service for {{ name }}:
+  firewalld.service:
+    - name: {{ name }}
+    - ports:
+      {%- for port in args['ports'] %}
+      - {{ port['host'] }}/tcp
+      {%- endfor %}
+
+adding service {{ name }} to {{ zone }} zone:
+  firewalld.present:
+    - name: {{ zone }}
+    - services:
+      - {{ name }}
+{% endif %}
+{% endfor %}
--- a/podman/gitea.sls
+++ b/podman/gitea.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('gitea') }}
+
--- a/podman/gotify.sls
+++ b/podman/gotify.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('gotify') }}
+
--- a/podman/init.sls
+++ b/podman/init.sls
@@ -0,0 +1,11 @@
+{% set user = salt['pillar.get']('podman:user', 'root') %}
+
+Install packages needed for podman:
+  pkg.installed:
+    - pkgs:
+      - podman
+
+Set linger for user {{ user }}:
+  cmd.run:
+    - name: loginctl enable-linger {{ user }}
+    - unless: test -e /var/lib/systemd/linger/{{ user }}
--- a/podman/mariadb.sls
+++ b/podman/mariadb.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('mariadb') }}
+
--- a/podman/mosquitto.sls
+++ b/podman/mosquitto.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('mosquitto') }}
+
--- a/podman/nextcloud.sls
+++ b/podman/nextcloud.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('nextcloud') }}
+
--- a/podman/npm.sls
+++ b/podman/npm.sls
@@ -0,0 +1,19 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+Make sure user can open low tcp ports:
+  file.managed:
+    - name: /etc/sysctl.d/npm-container.conf
+    - source: salt://podman/files/npm-container.conf
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Reload sysctl:
+  cmd.run:
+    - name: sysctl --system
+    - onchanges:
+      - file: Make sure user can open low tcp ports
+
+
+{{ container_deploy('npm') }}
+
--- a/podman/unifi.sls
+++ b/podman/unifi.sls
@@ -0,0 +1,4 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+{{ container_deploy('unifi') }}
+
--- a/podman/zigbee2mqtt.sls
+++ b/podman/zigbee2mqtt.sls
@@ -0,0 +1,20 @@
+{% from 'lib.sls' import container_deploy with context %}
+
+Create udev-rule for zigbee usb dongel:
+   file.managed:
+     - name: /etc/udev/rules.d/99-zigbee-serial.rules
+     - source: salt://podman/files/99-zigbee-serial.rules
+     - user: root
+     - group: root
+     - mode: "0644"
+
+Relead udev rules for zigbee dongel:
+  cmd.run:
+    - name: udevadm control --reload-rules
+    - onchanges:
+      - file: Create udev-rule for zigbee usb dongel
+
+
+
+{{ container_deploy('zigbee2mqtt') }}
+
				`@@ -0,0 +1 @@`
				`SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee-serial", MODE="0666"`